The Open-Source Trust Reset

Enterprises need to practice governance of open-source software to regain control of their software supply chains.
IEEE

Out of Sight, Still at Risk: The Lifecycle of Transitive Vulnerabilities in Maven

Abstract: The modern software development landscape heavily relies on transitive dependencies. They enable seamless integration of third-party libraries. However, they also introduce security ...
GitHub

Dependency trees get merged when they should not

My Rust app App1 has a direct dependency proc-macro2 1.0.89. This dependency has a transitive dependency unicode-ident 1.0.13. App2 depends on proc-macro2 1.0.89 as well, plus also directly on unicode ...
IEEE

The Forgotten Case of the Dependency Bugs : On the Example of the Robot Operating System

Abstract: A dependency bug is a software fault that manifests itself when accessing an unavailable asset. Dependency bugs are pervasive and we all hate them. This paper presents a case study of ...
GitHub

[MWAR-111] Transitive dependencies of optional dependencies are included in WEB-INF/lib

A JAR module (TestJAR) which has one dependency: commons-lang 2.3 A WAR module (TestWAR) which uses these instructions to declare a dependency on TestJAR so that TestJAR is included in TestWAR's ...