research
∙
05/31/2023
Trusting code in the wild: A social network-based centrality rating for developers in the Rust ecosystem
As modern software extensively uses open source packages, developers reg...
share
research
∙
06/19/2022
Phantom Artifacts Code Review Coverage in Dependency Updates
The goal of this study is to aid developers in securely accepting depend...
research
∙
12/13/2021
Open or Sneaky? Fast or Slow? Light or Heavy?: Investigating Security Releases of Open Source Packages
Vulnerabilities in open source packages can be a security risk for the c...
research
∙
08/27/2021
A Comparative Study of Vulnerability Reporting by Software Composition Analysis Tools
Background: Modern software uses many third-party libraries and framewor...
research
∙
04/09/2021