Challenges of mapping Vulnerabilities and Exposures to Open-Source Packages. (arXiv:2206.14527v1 [cs.SE])

Much of the current software depends on open-source components, which in turn
have complex dependencies on other open-source libraries. Vulnerabilities in
open source therefore have potentially huge impacts. The goal of this work is
to get a quantitative overview of the frequency and evolution of existing
vulnerabilities in popular software repositories and package managers. To this
end, we provide an up-to-date overview of the open source landscape and its
most popular package managers. We discuss approaches to map entries of …

challenges se vulnerabilities