Title :
Measuring subversions: security and legal risk in reused software artifacts
Author_Institution :
Dept. of Comput. Sci., Univ. of Victoria, Victoria, BC, Canada
Abstract :
A software system often includes a set of library dependencies and other software artifacts necessary for the system´s proper operation. However, long-term maintenance problems related to reused software can gradually emerge over the lifetime of the deployed system. In our exploratory study we propose a manual technique to locate documented security and legal problems in a set of reused software artifacts. We evaluate our technique with a case study of 81 Java libraries found in a proprietary e-commerce web application. Using our approach we discovered both a potential legal problem with one library, and a second library that was affected by a known security vulnerability. These results support our larger thesis: software reuse entails long-term maintenance costs. In future work we strive to develop automated techniques by which developers, managers, and other software stakeholders can measure, address, and minimize these costs over the lifetimes of their software assets.
Keywords :
Internet; electronic commerce; security of data; software maintenance; software reliability; Java libraries; documented security; legal risk; library dependencies; long-term maintenance problems; manual technique; potential legal problem; proprietary e-commerce Web application; software artifact reusability; software assets; software stakeholders; software system; subversions measurement; Law; Libraries; Licenses; Security; Software; Software measurement; licensing; maintenance; reuse; security;
Conference_Titel :
Software Engineering (ICSE), 2011 33rd International Conference on
Conference_Location :
Honolulu, HI
Print_ISBN :
978-1-4503-0445-0
Electronic_ISBN :
0270-5257
DOI :
10.1145/1985793.1986025
