DocumentCode
3561578
Title
Measuring Dependency Freshness in Software Systems
Author
Cox, Joel ; Bouwers, Eric ; Van Eekelen, Marko ; Visser, Joost
Author_Institution
Inst. for Comput. & Inf. Sci., Radboud Univ. Nijmegen, Nijmegen, Netherlands
Volume
2
fYear
2015
Firstpage
109
Lastpage
118
Abstract
Modern software systems often make use of third-party components to speed-up development and reduce maintenance costs. In return, developers need to update to new releases of these dependencies to avoid, for example, security and compatibility risks. In practice, prioritizing these updates is difficult because the use of outdated dependencies is often opaque. In this paper we aim to make this concept more transparent by introducing metrics to quantify the use of recent versions of dependencies, i.e. The system\´s "dependency freshness". We propose and investigate a system-level metric based on an industry benchmark. We validate the usefulness of the metric using interviews, analyze the variance of the metric through time, and investigate the relationship between outdated dependencies and security vulnerabilities. The results show that the measurements are considered useful, and that systems using outdated dependencies four times as likely to have security issues as opposed to systems that are up-to-date.
Keywords
cost reduction; object-oriented programming; security of data; software maintenance; software metrics; dependency freshness measurement; industry benchmark; maintenance cost reduction; outdated dependencies; security vulnerabilities; software systems; system-level metric; third-party components; Context; Industries; Security; Software engineering; Software measurement; Software systems; software maintenance; software metrics;
fLanguage
English
Publisher
ieee
Conference_Titel
Software Engineering (ICSE), 2015 IEEE/ACM 37th IEEE International Conference on
Type
conf
DOI
10.1109/ICSE.2015.140
Filename
7202955
Link To Document