Vulnerability Management of Open-Source Libraries

University essay from Blekinge Tekniska Högskola/Institutionen för programvaruteknik

Author: Lokesh Kumar Mekala; Sai Krishna Kandukuri; [2023]

Keywords: vulnerability management; software security; open-source software.;

Abstract: Background: The proliferation of using open-source libraries in software development has brought numerous benefits, including access to a wide range of reusable code and collaborating with a global community of developers. However, this increased reliance on third-party code also introduces new security risks in the form of vulnerabilities that malicious actors can exploit. Vulnerability management, the process of identifying, Accessing, and mitigating vulnerabilities, is crucial in ensuring the security and reliability of open-source libraries. Objectives: This thesis aims to investigate the vulnerability management process of open-source libraries used by an organization and compare it with what is suggested in the literature. Methods: This study uses Rapid reviews to understand the vulnerability management process mentioned in the literature and a case study to investigate the vulnerability management process in the organization. Results. This study’s results indicate many similarities in the organization’s process and literature suggestions. The organization uses a tool to identify, assess, and migrate to the latest stable version to mitigate the vulnerabilities. There are a few differences in the process compared with literature suggestions. Literature suggests anticipating threats, estimating migration efforts, assessing reachability, and integrating SCA(Software Composition Analysis) tools in the development workflow. The vulnerability management process requires constant attention and effort as new vulnerabilities are discovered daily. The interviews with the developers discovered challenges faced in the process. Conclusions. The results of our study indicate that the practices and suggestions in the literature may not be suitable for every organization. Every organization has its own set of requirements and restraints, which must be considered while implementing any practices. The differences and challenges identified in this study are potential improvement areas.

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)