The Code the World Depends On: A First Look at Technology Makers' Open Source Software Dependencies

arXiv:2404.11763v1 Announce Type: cross
Abstract: Open-source software (OSS) supply chain security has become a topic of concern for organizations. Patching an OSS vulnerability can require updating other dependent software products in addition to the original package. However, the landscape of OSS dependencies is not well explored: we do not know what packages are most critical to patch, hindering efforts to improve OSS security where it is most needed. There is thus a need to understand OSS usage in major software …

addition arxiv can code cs.cr cs.se dependencies makers open source open-source software organizations oss package patching products security software software products supply supply chain supply chain security technology topic vulnerability world