ECSA 2025 (series) / ICTSS 2025 (series) / General Track /
Tracing Vulnerability Propagation Across Open Source Software Ecosystems
Wed 17 Sep 2025 17:00 - 17:20 at Atrium C - Automated Test Generation and AI-Driven Testing Chair(s): Tolgahan Bardakci
The paper presents a traceability analysis of how over 84 thousand vulnerabilities have propagated across 28 open source software ecosystems. According to the results, the propagation sequences have been complex in general, although GitHub, Debian, and Ubuntu stand out. Furthermore, the associated propagation delays have been lengthy, and these do not correlate well with the number of ecosystems involved in the associated sequences. Nor does the presence or absence of particularly ecosystems in the sequences yield clear, interpretable patterns. With these results, the paper contributes to the overlapping knowledge bases about software ecosystems, traceability, and vulnerabilities.
Wed 17 SepDisplayed time zone: Athens change
Wed 17 Sep
Displayed time zone: Athens change
16:00 - 17:40 | Automated Test Generation and AI-Driven TestingGeneral Track at Atrium C Chair(s): Tolgahan Bardakci University of Antwerp and Flanders Make | ||
16:00 30mTalk | On the evaluation of test suites generated by large language models General Track | ||
16:30 30mTalk | On the use of imbalanced datasets for learning-based vulnerability detection General Track | ||
17:00 20mTalk | Tracing Vulnerability Propagation Across Open Source Software Ecosystems General Track Jukka Ruohonen University of Southern Denmark, Qusai Ramadan The Maersk Mc-Kinney Moller Institute, University of Southern Denmark | ||
17:20 20mTalk | Localization Testing in Video Games using Text Recognition General Track Guillermo Jimenez-Diaz Universidad Complutense de Madrid, Dewei Chen Universidad Complutense de Madrid | ||