| Summary: | With the increase in the demand of software systems, there is an increase in the demand for efficient software building. Therefore, it is a standard practice for developers to “re-use” code written by third parties. These codes are tools provided by third-party software libraries. The reliance on these third-party software libraries is growing, causing the number of vulnerabilities found in software systems that incorporate them to increase. Third-party software libraries used in software systems are regarded as sources of vulnerabilities as they can be exploited by attackers. Moreover, compatibility issues between third-party software libraries and the software systems that utilizes them arises due to asynchronous updates and negligence of developers.
This study will be proposing a method to detect these vulnerabilities. In addition, there will be a discussion on the level of third-party library dependency issues or how much software systems in the market are dependent on third party software libraries and the effort needed to detect, prevent, or mitigate these issues.
The proposed method to detect vulnerabilities, will be applied to 15 open-source projects written in Python with respect to 3 different software libraries. In this study, it is detected that there is a high level of third-party library dependency issue due to relatively high amount of application programming interface (API) calls made by open-source projects. It is also observed that the size of a project has no influence on the number of API calls made to the third-party software libraries.
It is observed that the increase reliance on third-party software libraries calls for a need to increase the focus on detecting security vulnerabilities caused by these libraries. Developers that utilize these software libraries are urged to put in a conscientious effort to mitigate these threats as they are potentially harmful and can have a big impact to their software systems.
|
|---|