ICSE 2024
Fri 12 - Sun 21 April 2024 Lisbon, Portugal
Fri 19 Apr 2024 14:30 - 14:45 at Amália Rodrigues - Analytics 5 Chair(s): Sridhar Chimalakonda

Open-source software (OSS) greatly facilitates program development for developers. However, the high number of vulnerabilities in open-source software is a major concern, including in Golang, a relatively new programming language. In contrast to other commonly used OSS package managers, Golang presents a distinctive feature whereby commits are prevalently used as dependency versions prior to their integration into official releases. This attribute can prove advantageous to users, as patch commits can be implemented in a timely manner before the releases. However, Golang employs a decentralized mechanism for managing dependencies, whereby dependencies are upheld and distributed in separate repositories. This approach can result in delays in the dissemination of patches and unresolved vulnerabilities.

To tackle the aforementioned concern, a comprehensive investigation was undertaken to examine the life cycle of vulnerability in Golang, commencing from its introduction and culminating with its rectification. To this end, a framework was established by gathering data from diverse sources and systematically amalgamating them with an algorithm to compute the lags in vulnerability patching. It turned out that 66.10% of modules in the Golang ecosystem were affected by vulnerabilities. Within the vulnerability life cycle, we found two kinds of lag impeding the propagation of vulnerability fixing. By analyzing reasons behind non-lagged and lagged vulnerabilities, timely releasing and indexing patch versions could significantly enhance ecosystem security.

Fri 19 Apr

Displayed time zone: Lisbon change

14:00 - 15:30
Analytics 5Research Track / Journal-first Papers at Amália Rodrigues
Chair(s): Sridhar Chimalakonda Indian Institute of Technology, Tirupati
14:00
15m
Talk
An Exploratory Investigation of Log Anomalies in Unmanned Aerial Vehicles
Research Track
Dinghua Wang , Shuqing Li The Chinese University of Hong Kong, Guanping Xiao Nanjing University of Aeronautics and Astronautics, Yepang Liu Southern University of Science and Technology, Yulei Sui UNSW, Pinjia He Chinese University of Hong Kong, Shenzhen, Michael Lyu The Chinese University of Hong Kong
14:15
15m
Talk
ModuleGuard: Understanding and Detecting Module Conflicts in Python Ecosystem
Research Track
Ruofan Zhu Zhejiang University, Xingyu Wang Zhejiang University, Chengwei Liu Nanyang Technological University, Zhengzi Xu Nanyang Technological University, Wenbo Shen Zhejiang University, China, Rui Chang Zhejiang University, Yang Liu Nanyang Technological University
14:30
15m
Talk
Empirical Analysis of Vulnerabilities Life Cycle in Golang Ecosystem
Research Track
Jinchang Hu , Lyuye Zhang Nanyang Technological University, Chengwei Liu Nanyang Technological University, Sen Yang Academy of Military Science, Song Huang Army Engineering University of PLA, Yang Liu Nanyang Technological University
14:45
15m
Talk
Fine-SE: Integrating Semantic Features and Expert Features for Software Effort Estimation
Research Track
Yue Li Nanjing University, Zhong Ren State Key Laboratory of Novel Software Technology, Software Institute, Nanjing University Nanjing, Jiangsu, China, Zhiqi Wang State Key Laboratory of Novel Software Technology, Software Institute, Nanjing University Nanjing, Jiangsu, China, Lanxin Yang Nanjing University, Liming Dong Nanjing University, He Zhang Nanjing University
15:00
7m
Talk
Concretization of Abstract Traffic Scene Specifications Using Metaheuristic Search
Journal-first Papers
Aren Babikian McGill University, Oszkár Semeráth Budapest University of Technology and Economics, Daniel Varro Linköping University / McGill University
15:07
7m
Talk
Technical leverage analysis in the Python ecosystem
Journal-first Papers
Ranindya Paramitha University of Trento, Fabio Massacci University of Trento; Vrije Universiteit Amsterdam
15:14
7m
Talk
Automated Mapping of Adaptive App GUIs from Phones to TVs
Journal-first Papers
Han Hu Faculty of Information Technology, Monash University, ruiqi dong Swinburne University of Technology, John Grundy Monash University, Thai Minh Nguyen Monash University, huaxiao liu Jilin University, Chunyang Chen Technical University of Munich (TUM)
Link to publication DOI Pre-print
15:21
7m
Talk
Assessing the Early Bird Heuristic (for Predicting Project Quality)
Journal-first Papers
Shrikanth N C Oracle America Inc, Tim Menzies North Carolina State University
Link to publication DOI Pre-print