Challenges of mapping Vulnerabilities and Exposures to Open-Source Packages
Much of the current software depends on open-source components, which in turn have complex dependencies on other open-source libraries. Vulnerabilities in open source therefore have potentially huge impacts. The goal of this work is to get a quantitative overview of the frequency and evolution of existing vulnerabilities in popular software repositories and package managers. To this end, we provide an up-to-date overview of the open source landscape and its most popular package managers. We discuss approaches to map entries of the Common Vulnerabilities and Exposures (CVE) list to open-source libraries. Based on this mapping approaches, we show the frequency and distribution of CVE entries with respect to popular programming languages.
READ FULL TEXT