Write a Blog >>
MSR 2022
Mon 23 - Tue 24 May 2022
co-located with ICSE 2022

Third party libraries are used to integrate existing solutions for common problems and help speed up development. The use of third party libraries, however, can carry risks, for example through vulnerabilities in these libraries. Studying the dependency networks of package managers lets us better understand and mitigate these risks. So far, the dependency networks of the three most important package managers of the Apple ecosystem, CocoaPods, Carthage and Swift PM, have not been studied. We analysed the dependencies for all publicly available open source libraries up to December 2021 and compiled a dataset containing the dependency networks of all three package managers. The dependency networks can be used to analyse how vulnerabilities are propagated through transitive dependencies. In order to ease the tracing of vulnerable libraries we also queried the NVD database and included publicly reported vulnerabilities for these libraries in the dataset.

Thu 19 May

Displayed time zone: Eastern Time (US & Canada) change

03:00 - 03:50
Session 8: Large-Scale Mining & Software EcosystemsTechnical Papers / Data and Tool Showcase Track at MSR Main room - odd hours
Chair(s): Fiorella Zampetti University of Sannio, Italy, Gregorio Robles Universidad Rey Juan Carlos
03:00
7m
Talk
An Empirical Study on the Survival Rate of GitHub Projects
Technical Papers
Adem Ait IN3 - UOC, Javier Luis Cánovas Izquierdo IN3 - UOC, Jordi Cabot Open University of Catalonia, Spain
Pre-print
03:07
7m
Talk
A Large-Scale Comparison of Python Code in Jupyter Notebooks and ScriptsDistinguished Paper Award
Technical Papers
Konstantin Grotov JetBrains Research, ITMO University, Sergey Titov JetBrains Research, Vladimir Sotnikov JetBrains Research, Yaroslav Golubev JetBrains Research, Timofey Bryksin JetBrains Research; HSE University
DOI Pre-print
03:14
7m
Talk
Do Customized Android Frameworks Keep Pace with Android?
Technical Papers
Pei Liu Monash University, Mattia Fazzini University of Minnesota, John Grundy Monash University, Li Li Monash University
03:21
4m
Talk
Lupa: A Platform for Large Scale Analysis of The Progamming Language Usage
Data and Tool Showcase Track
Anna Vlasova JetBrains Research, Maria Tigina JetBrains Research, ITMO University, Ilya Vlasov Saint Petersburg State University, Anastasiia Birillo JetBrains Research, Yaroslav Golubev JetBrains Research, Timofey Bryksin JetBrains Research; HSE University
DOI Pre-print
03:25
4m
Talk
GitDelver Enterprise Dataset (GDED): An Industrial Closed-source Dataset for Socio-Technical Research
Data and Tool Showcase Track
Nicolas Riquet University of Namur, Xavier Devroey University of Namur, Benoît Vanderose University of Namur
Pre-print
03:29
4m
Talk
DaSEA – A Dataset for Software Ecosystem Analysis
Data and Tool Showcase Track
Petya Buchkova IT University of Copenhagen, Joakim Hey Hinnerskov IT University of Copenhagen, Kasper Olsen IT University of Copenhagen, Rolf-Helge Pfeiffer IT University of Copenhagen
Pre-print Media Attached
03:33
4m
Talk
Dataset: Dependency Networks of Open Source Libraries Available Through CocoaPods, Carthage and Swift PM
Data and Tool Showcase Track
Kristiina Rahkema University of Tartu, Dietmar Pfahl University of Tartu
Pre-print Media Attached
03:37
13m
Live Q&A
Discussions and Q&A
Technical Papers

Mon 23 May

Displayed time zone: Eastern Time (US & Canada) change

11:00 - 12:30
Blended Technical Session 1 (Integration, Large-scale mining, and Software Ecosystems)Technical Papers / Data and Tool Showcase Track at Room 315+316
Chair(s): Bogdan Vasilescu Carnegie Mellon University, USA
11:00
15m
Talk
Do Small Code Changes Merge Faster? A Multi-Language Empirical Investigation
Technical Papers
Gunnar Kudrjavets University of Groningen, Nachiappan Nagappan Microsoft Research, Ayushi Rastogi University of Groningen, The Netherlands
DOI Pre-print
11:15
15m
Talk
Mining Code Review Data to Understand Waiting Times Between Acceptance and Merging: An Empirical Analysis
Technical Papers
Gunnar Kudrjavets University of Groningen, Aditya Kumar Snap, Inc., Nachiappan Nagappan Microsoft Research, Ayushi Rastogi University of Groningen, The Netherlands
DOI Pre-print
11:30
8m
Talk
Dataset: Dependency Networks of Open Source Libraries Available Through CocoaPods, Carthage and Swift PM
Data and Tool Showcase Track
Kristiina Rahkema University of Tartu, Dietmar Pfahl University of Tartu
Pre-print Media Attached
11:38
8m
Talk
A Large-scale Dataset of (Open Source) License Text VariantsData and Tool Showcase Award
Data and Tool Showcase Track
Stefano Zacchiroli Télécom Paris, Polytechnic Institute of Paris
DOI Pre-print
11:46
8m
Talk
TSSB-3M: Mining single statement bugs at massive scale
Data and Tool Showcase Track
Cedric Richter Carl von Ossietzky Universität Oldenburg / University of Oldenburg, Heike Wehrheim Carl von Ossietzky Universität Oldenburg / University of Oldenburg
Pre-print Media Attached
11:54
8m
Talk
LAGOON: An Analysis Tool for Open Source Communities
Data and Tool Showcase Track
Sourya Dey Galois, Inc., Walt Woods Galois, Inc.
Pre-print Media Attached
12:02
8m
Talk
The Unexplored Treasure Trove of Phabricator Code Reviews
Data and Tool Showcase Track
Gunnar Kudrjavets University of Groningen, Nachiappan Nagappan Microsoft Research, Ayushi Rastogi University of Groningen, The Netherlands
DOI Pre-print
12:10
20m
Live Q&A
Discussions and Q&A
Technical Papers


Information for Participants