Resources

- This page proposes links to articles or external resources addressing FASTEN main topic "software dependencies" or other key points of the project (e.g. Call Graphs). Please contact us if you have some ideas of resources to add to this list. 

Articles and blog posts

- Vulnerabilities declining in open source but slow patching, Dark Reading, June 2020

- State of software security: open source edition - key takeaways for developers, Security Boulevard, June 2020

- Exploring relatioship between npm javascript: an evolution, Science Times, June 2020

- Open source security report finds library-induced flaws in 70% of applications, TechRepublic, May 2020

- Out-of-date, insecure open-source software is everywhere, ZDnet.fr, May 2020

- Call graph example from Sourcetrail. See the video presentation, March 2019. 

- Catching Vulnerabilities Instantly in Your IntelliJ IDEA Environment, Blog post from Brian Vermeer, Developer Advocate at Snyk, March 2019.

- Our Software Dependency Problem , by Russ Cox, Research!src Blog Article, January 2019.

- Promising new metrics to track maintainibility, Jaxcenter, January 2019. 

- Evolution of Species and Software: What Is a Dependency Graph?, Evolutionnews.org, August 2018.

- How to check package dependencies with Aptr-depends tool?, Tech Republic, April 2018. 

- Introducing the FASTEN project, Georgios Gousios Blog, October 2018. 

Academic Papers related to Package Management

- Analyzing 2.3 Million Maven Dependencies toReveal an Essential Core in APIs, Scientific paper submitted on Aujust 29, 2019. 

- Judge: Identifying, Understanding, and Evaluating Sources of Unsoundness in Call Graphs, Scientific paper published at the conference ISSTA, Beijing, China, July 15-19, 2019.  

- A method to generate traverse paths for eliciting missing requirements - 2019

- Automatic Software Dependency Management using Blockchain - July 2018

- On the use of package managers by the C++ open-source community - April 2018

- SPAM: a Secure Package Manager - April 2017

- A look at the dynamics of the JavaScript package ecosystem - May 2016

- On the topology of package dependency networks: a comparison of three programming language ecosystems - November 2016

- When It Breaks, It Breaks: How Ecosystem Developers Reason about the Stability of Dependencies - November 2015

- A historical analysis of Debian package incompatibilities - May 2015

- Mining component repositories for installability issues - May 2015

- How the Apache community upgrades dependencies: an evolutionary study - October 2015

Site maintained by OW2