Online / 5 & 6 February 2022


FASTEN: Fine-Grained Analysis of Software Ecosystems as Networks

In modern software development, it is common to use open-source software (OSS) to boost productivity. According to the National Vulnerability Database, OSS often has security vulnerabilities. On the other hand, research has shown that developers do not update their dependencies. Because existing security tools suffer from a high false-positive rate as they analyze software at the package level.

FASTEN analyzes software packages at the finer-grain level by producing an enormous network of software ecosystems. This allows giving vulnerability information at the method level. With this information, developers are notified when their code uses vulnerable methods, and hence they are more confident to update their dependencies. The said functionality will be provided in the famous package managers such as Maven and PyPI.


Amir Mir