Ver ítem 

Mostrar el registro sencillo del ítem

dc.contributor.authorSetó Rey, Daniel
dc.contributor.authorSantos Martín, José Ignacio 
dc.contributor.authorLópez Nozal, Carlos 
dc.date.accessioned2023-12-15T12:51:49Z
dc.date.available2023-12-15T12:51:49Z
dc.date.issued2023-11
dc.identifier.issn2327-4697
dc.identifier.urihttp://hdl.handle.net/10259/8213
dc.description.abstractSoftware reuse by importing packages from centralised repositories is an efficient and increasingly widespread way to develop software. Given the transitivity of dependencies, defects introduced in the repository can have extensive effects on the software ecosystem. Drawing from complex network theory, we define a model of repository vulnerability based on the statistically expected damage that the repository sustains from the random introduction of software defects. We test the model in stylized networks derived from real repositories, PyPI, Maven and npm, and show that the existence of a giant strongly connected component (SCC) explains most of the vulnerability. Indeed, we found that theoretical protection (immunization) of this entire component would remove almost all vulnerability from the network. Since repositories and their communities have limited resources to mitigate issues, we further model the problem of how to best apply these resources, finding sets much smaller than the giant SCC whose protection is nearly as good. Furthermore, we prove that the optimal selection of sets of given size is NP-hard but can be approached with heuristics, yielding respectable results. Our model contributes to a better understanding of software package repositories and could also be applied to other systems with a similar structure.en
dc.description.sponsorshipThe authors acknowledge financial support from the Spanish Ministry of Science, Innovation and Universities (excellence network RED2018-102518-T), the Spanish State Research Agency (PID2020-119894GB-I00 and PID2020-118906GBI00/AEI/10.13039/501100011033) and the Junta de Castilla y León, Consejería de Educación through BDNS 425389.en
dc.format.mimetypeapplication/pdf
dc.language.isoenges
dc.publisherInstitute of Electrical and Electronics Engineersen
dc.relation.ispartofIEEE Transactions on Network Science and Engineering. 2023, V. 10, n. 6, p. 3396-3408en
dc.subjectComplex networken
dc.subjectNetwork structureen
dc.subjectNetwork vulnerabilityen
dc.subjectPackage dependency networksen
dc.subjectSoftware repositoriesen
dc.subject.otherInformáticaes
dc.subject.otherComputer scienceen
dc.subject.otherIngenieríaes
dc.subject.otherEngineeringen
dc.titleVulnerability of Package Dependency Networksen
dc.typeinfo:eu-repo/semantics/articlees
dc.rights.accessRightsinfo:eu-repo/semantics/openAccesses
dc.relation.publisherversionhttps://doi.org/10.1109/TNSE.2023.3260880es
dc.identifier.doi10.1109/TNSE.2023.3260880
dc.relation.projectIDinfo:eu-repo/grantAgreement/AEI/Plan Estatal de Investigación Científica y Técnica y de Innovación 2017-2020/RED2018-102518-T/ES/SISTEMAS COMPLEJOS SOCIOTECNOLOGICOS/es
dc.relation.projectIDinfo:eu-repo/grantAgreement/AEI/Plan Estatal de Investigación Científica y Técnica y de Innovación 2017-2020/PID2020-119894GB-I00/ES/APRENDIZAJE AUTOMATICO CON DATOS ESCASAMENTE ETIQUETADOS PARA LA INDUSTRIA 4.0/es
dc.relation.projectIDinfo:eu-repo/grantAgreement/AEI/Plan Estatal de Investigación Científica y Técnica y de Innovación 2017-2020/PID2020-118906GB-I00/ES/INTERACCIONES DINAMICAS DISTRIBUIDAS: PROTOCOLOS BEST EXPERIENCED PAYOFF Y SEPARACION ENDOGENA/es
dc.identifier.essn2327-4697
dc.identifier.essn2334-329X
dc.journal.titleIEEE Transactions on Network Science and Engineeringen
dc.page.initial1es
dc.page.final13es
dc.type.hasVersioninfo:eu-repo/semantics/acceptedVersiones


Ficheros en este ítem

Thumbnail
Nombre:
Seto-IEEEtnse_2023.pdf
Tamaño:
560.6Kb
Formato:
Adobe PDF
Visualizar/Abrir

Este ítem aparece en la(s) siguiente(s) colección(ones)

Mostrar el registro sencillo del ítem