Automating vulnerability remediation in Maven

Abstract: The usage of open source software is growing and with it, the number of vulnerabilities that attackers can utilize in order to perform malicious activities. In order to mitigate them, it is therefore important to develop effective means of remediating said vulnerabilities. This thesis compares two different solutions for automating vulnerability remediation in regards to time efficiency. Both share the idea that a remediation should be performed by updating the vulnerable open source software to a version where the vulnerability is gone. The first solution aims to do so by gradually updating the affected versions of open source software that a developer has directly imported in a project, until it finds an appropriate version. The second solution instead utilizes a graph database to store all available versions of an open source package and how it relates to other available open source packages. It can then be used to make secure versions directly query-able. The simulations that were run in the project show that the graph database solution is far superior to the "brute-force" method when it comes to time-efficiency and also that such a graph would be scalable for use even with very large data sets.