Drop the Golden Apples: Identifying Third-Party Reuse by DB-Less Software Composition Analysis
The prevalent use of third-party libraries (TPLs) in modern software development introduces significant security and compliance risks, necessitating the implementation of Software Composition Analysis (SCA) to manage these threats. However, the accuracy of SCA tools heavily relies on the quality of the integrated feature database to cross-reference with user projects. While under the circumstance of the exponentially growing of open-source ecosystems and the integration of large models into software development, it becomes even more challenging to maintain a comprehensive feature database for potential TPLs. To this end, after referring to the evolution of LLM applications in terms of external data interactions, we propose the first framework of DB-Less SCA, to get rid of the traditional heavy database and embrace the flexibility of LLMs to mimic the manual analysis of security analysts to retrieve identical evidence and confirm the identity of TPLs by supportive information from the open Internet. Our experiments on two typical scenarios, native library identification for Android and copy-based TPL reuse for C/C++, especially on artifacts that are not that underappreciated, have demonstrated the favorable future for implementing database-less strategies in SCA.
Mon 23 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 12:30 | Library and Product LineIndustry Papers / Journal First / Ideas, Visions and Reflections / Demonstrations at Pirsenteret 150 Chair(s): Andrea Arcuri Kristiania University of Applied Sciences | ||
10:30 10mTalk | Drop the Golden Apples: Identifying Third-Party Reuse by DB-Less Software Composition Analysis Ideas, Visions and Reflections Lyuye Zhang Nanyang Technological University, Chengwei Liu Nanyang Technological University, Wu Jiahui , Shiyang Zhang Tianjin University, CHENGYUE LIU , Zhengzi Xu Imperial Global Singapore, Sen Chen Nankai University, Yang Liu Nanyang Technological University | ||
10:40 20mTalk | Quantifying the benefits of code hints for refactoring deprecated Java APIs Industry Papers Cristina David University of Bristol, Pascal Kesseli Meta, Daniel Kroening Amazon, Hanliang Zhang University of Bristol | ||
11:00 20mTalk | Mapping APIs in Dynamic-typed Programs by Leveraging Transfer Learning Journal First Zhenfei Huang Tianjin University, Junjie Chen Tianjin University, Jiajun Jiang Tianjin University, Yihua Liang Tianjin University, Hanmo You Tianjin University, Fengjie Li Tianjin University | ||
11:20 10mTalk | Dirty-Waters: Detecting Software Supply Chain Smells Demonstrations Raphina Liu KTH Royal Institute of Technology, Sofia Bobadilla KTH Royal Institute of Technology, Sweden, Benoit Baudry KTH Royal Institute of Technology, Martin Monperrus KTH Royal Institute of Technology | ||
11:30 10mTalk | Pursuit of Automotive Software Variant Reduction for Engineering Simplicity Industry Papers Vard Antinyan Volvo Car Group | ||
11:40 20mTalk | Software Product Line Engineering via Software Transplantation Journal First Leandro Oliveira de Souza Federal Institute of Bahia, Irecê, Bahia, Brazil, Eduardo Almeida , Paulo Anselmo da Mota Silveira Neto Federal Rural University of Pernambuco, Recife, Pernambuco, Brazil, Earl T. Barr University College London, Justyna Petke University College London | ||
12:00 10mTalk | Beyond Software Families: Community-Driven Variability Ideas, Visions and Reflections Roman Bögli University of Bern, Alexander Boll University of Bern, Alexander Schultheiß Paderborn University, Timo Kehrer University of Bern Pre-print | ||
12:10 20mTalk | The Promise and Pitfalls of WebAssembly: Perspectives from the Industry Industry Papers Ningyu He Hong Kong Polytechnic University, Shangtong Cao Beijing University of Posts and Telecommunications, Haoyu Wang Huazhong University of Science and Technology, Yao Guo Peking University, Xiapu Luo Hong Kong Polytechnic University | ||
This room is located outside Clarion Hotel
This room is located in the Pirsenteret (The Pier Center) convention center. It is just outside the hotel, on the back, towards the fjord.
You should be able to go through the emergency exit at Clarion, just on the side of the Cosmos 3 wing, which will be bring you close to Pirsenteret.
The entrance to the center is from here:
https://maps.app.goo.gl/dU3qH6kAimXGBNHe7
Once inside, go all straight and you will find signage to reach the room. The room is known as room 150 inside the center.