Abstract

AbstractDuring software product development, the combination of digital resources (such as application programming interfaces and software development kits) establishes loose and tight edges between nodes, which form a software product network (SPN). These edges serve as observable conduits that may help practitioners and researchers better understand how vulnerabilities diffuse through SPNs. We apply network theory to analyze data from over 12 years of records extracted from the National Vulnerability Database. We contribute novel measures established using machine learning to gauge the properties influencing vulnerability diffusion within an SPN. We observed an SPN having a discernable shape that changed over time via network updates. We propose hypotheses and find empirical evidence that vulnerability diffusion is influenced by edge dynamics, developer responses, and their interaction. Implications for practice are that increased developer responses reduce software vulnerability diffusion attributed to edge dynamics.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.