Do developers update their library dependencies? An empirical study on the impact of security advisories on library migration

Third-party library reuse has become common practice in contemporary software development, as it includes several benefits for developers. Library dependencies are constantly evolving, with newly added features and patches that fix bugs in older versions. To take full advantage of third-party reuse,...

Celý popis

Uložené v:

Podrobná bibliografia
Vydané v:	Empirical software engineering : an international journal Ročník 23; číslo 1; s. 384 - 417
Hlavní autori:	Kula, Raula Gaikovina, German, Daniel M., Ouni, Ali, Ishio, Takashi, Inoue, Katsuro
Médium:	Journal Article
Jazyk:	English
Vydavateľské údaje:	New York Springer US 01.02.2018
Predmet:	Compilers Computer Science Interpreters Programming Languages Software Engineering/Programming and Operating Systems Software reuse Software maintenance Security vulnerabilities
ISSN:	1382-3256, 1573-7616
On-line prístup:	Získať plný text
Tagy:	Pridať tag Žiadne tagy, Buďte prvý, kto otaguje tento záznam!

Abstract	Third-party library reuse has become common practice in contemporary software development, as it includes several benefits for developers. Library dependencies are constantly evolving, with newly added features and patches that fix bugs in older versions. To take full advantage of third-party reuse, developers should always keep up to date with the latest versions of their library dependencies. In this paper, we investigate the extent of which developers update their library dependencies. Specifically, we conducted an empirical study on library migration that covers over 4,600 GitHub software projects and 2,700 library dependencies. Results show that although many of these systems rely heavily on dependencies, 81.5% of the studied systems still keep their outdated dependencies. In the case of updating a vulnerable dependency, the study reveals that affected developers are not likely to respond to a security advisory. Surveying these developers, we find that 69% of the interviewees claimed to be unaware of their vulnerable dependencies. Moreover, developers are not likely to prioritize a library update, as it is perceived to be extra workload and responsibility. This study concludes that even though third-party reuse is common practice, updating a dependency is not as common for many developers.
AbstractList	Third-party library reuse has become common practice in contemporary software development, as it includes several benefits for developers. Library dependencies are constantly evolving, with newly added features and patches that fix bugs in older versions. To take full advantage of third-party reuse, developers should always keep up to date with the latest versions of their library dependencies. In this paper, we investigate the extent of which developers update their library dependencies. Specifically, we conducted an empirical study on library migration that covers over 4,600 GitHub software projects and 2,700 library dependencies. Results show that although many of these systems rely heavily on dependencies, 81.5% of the studied systems still keep their outdated dependencies. In the case of updating a vulnerable dependency, the study reveals that affected developers are not likely to respond to a security advisory. Surveying these developers, we find that 69% of the interviewees claimed to be unaware of their vulnerable dependencies. Moreover, developers are not likely to prioritize a library update, as it is perceived to be extra workload and responsibility. This study concludes that even though third-party reuse is common practice, updating a dependency is not as common for many developers.
Author	Inoue, Katsuro Ouni, Ali Kula, Raula Gaikovina German, Daniel M. Ishio, Takashi
Author_xml	– sequence: 1 givenname: Raula Gaikovina surname: Kula fullname: Kula, Raula Gaikovina email: raula-k@is.naist.jp organization: Nara Institute of Science and Technology, Osaka University – sequence: 2 givenname: Daniel M. surname: German fullname: German, Daniel M. organization: University of Victoria – sequence: 3 givenname: Ali surname: Ouni fullname: Ouni, Ali organization: Osaka University, UAE University – sequence: 4 givenname: Takashi surname: Ishio fullname: Ishio, Takashi organization: Nara Institute of Science and Technology, Osaka University – sequence: 5 givenname: Katsuro surname: Inoue fullname: Inoue, Katsuro organization: Osaka University
BookMark	eNp9z8tKAzEUgOEgFazVB3A3LxDNdZKsROoVCm50HZLMGU0ZM0MyFXx7U-rKRVc5kPMf-M7RIo0JELqi5JoSom4KJW0rMKEKG8kolidoSaXiWLW0XdSZa4Y5k-0ZOi9lSwgxSsglIvdj08E3DOMEuTS7qXMzNPMnxNwM0WeXf-r_BKmDFCKU2wt02ruhwOXfu0Lvjw9v62e8eX16Wd9tcOBMzTgEHZRjfeDSQMe1d545og0FoTRTvFW-E9540WntVHCil0YZ1ztvghQS-Aqpw92Qx1Iy9DbE2c1xTHN2cbCU2D3cHuC2wu0ebmUt6b9yyvGrQo427NCUups-INvtuMupAo9Ev4wfbTY
CitedBy_id	crossref_primary_10_1109_TSE_2021_3106247 crossref_primary_10_1007_s10664_025_10638_w crossref_primary_10_1016_j_jss_2018_08_032 crossref_primary_10_1007_s10664_021_09959_3 crossref_primary_10_1109_TEM_2021_3122012 crossref_primary_10_1109_TSE_2023_3281275 crossref_primary_10_1007_s10664_022_10131_8 crossref_primary_10_1007_s10664_024_10448_6 crossref_primary_10_1016_j_jss_2020_110653 crossref_primary_10_1145_3471930 crossref_primary_10_1016_j_jss_2021_111146 crossref_primary_10_1007_s10664_020_09830_x crossref_primary_10_1007_s10664_021_10052_y crossref_primary_10_1002_smr_2157 crossref_primary_10_1007_s10664_020_09904_w crossref_primary_10_1145_3594264_3594265 crossref_primary_10_1007_s11219_019_09476_z crossref_primary_10_1016_j_asoc_2020_106140 crossref_primary_10_3390_electronics9071077 crossref_primary_10_1007_s10664_019_09713_w crossref_primary_10_1016_j_jss_2023_111916 crossref_primary_10_1007_s10664_024_10563_4 crossref_primary_10_1145_3533700 crossref_primary_10_1109_ACCESS_2020_3016943 crossref_primary_10_2197_ipsjjip_33_471 crossref_primary_10_1016_j_cose_2025_104546 crossref_primary_10_1109_TSE_2020_3025443 crossref_primary_10_1007_s10664_025_10648_8 crossref_primary_10_1109_ACCESS_2023_3322362 crossref_primary_10_1145_3582569 crossref_primary_10_1007_s11432_022_3611_3 crossref_primary_10_1007_s10664_022_10267_7 crossref_primary_10_1145_3654443 crossref_primary_10_1002_hyp_14717 crossref_primary_10_1145_3522587 crossref_primary_10_3389_fpls_2025_1498913 crossref_primary_10_1016_j_jss_2021_111134 crossref_primary_10_1016_j_jss_2021_111097 crossref_primary_10_1007_s10664_023_10304_z crossref_primary_10_1016_j_jss_2019_110416 crossref_primary_10_7717_peerj_cs_1669 crossref_primary_10_1002_joom_1270 crossref_primary_10_1109_TSE_2023_3243262 crossref_primary_10_1587_transinf_2021MPP0003 crossref_primary_10_1007_s10664_022_10278_4 crossref_primary_10_1109_MCOM_002_2400601 crossref_primary_10_1145_3406544 crossref_primary_10_1145_3485538 crossref_primary_10_1002_spe_2928 crossref_primary_10_1007_s10664_020_09914_8 crossref_primary_10_1145_3716822 crossref_primary_10_1109_TSE_2022_3225197 crossref_primary_10_1016_j_infsof_2024_107588 crossref_primary_10_1007_s10489_021_02911_4 crossref_primary_10_1016_j_swevo_2023_101444 crossref_primary_10_1007_s10664_023_10403_x crossref_primary_10_1109_MSEC_2021_3065627 crossref_primary_10_1007_s10664_021_09951_x crossref_primary_10_1016_j_jss_2019_06_001 crossref_primary_10_1016_j_procs_2020_03_142 crossref_primary_10_7717_peerj_cs_2617 crossref_primary_10_1109_TSE_2021_3101739 crossref_primary_10_1145_3571848 crossref_primary_10_1109_ACCESS_2023_3315595 crossref_primary_10_1016_j_jss_2019_02_024 crossref_primary_10_1007_s10664_020_09908_6 crossref_primary_10_1109_TSE_2021_3068901 crossref_primary_10_1109_TSE_2023_3278129 crossref_primary_10_1145_3603110 crossref_primary_10_1007_s10664_023_10315_w crossref_primary_10_1016_j_scico_2021_102653 crossref_primary_10_1016_j_jss_2023_111738 crossref_primary_10_1145_3643731 crossref_primary_10_1016_j_cose_2024_103930 crossref_primary_10_1007_s10664_023_10355_2 crossref_primary_10_1007_s10664_024_10581_2 crossref_primary_10_1007_s10664_020_09926_4 crossref_primary_10_1587_transinf_2021MPL0001 crossref_primary_10_1007_s10664_019_09754_1 crossref_primary_10_1145_3472811 crossref_primary_10_1016_j_eswa_2022_117267 crossref_primary_10_1109_TSE_2021_3120367 crossref_primary_10_1016_j_infsof_2019_106197 crossref_primary_10_1109_TSE_2022_3181010 crossref_primary_10_1145_3453478 crossref_primary_10_1109_TSE_2019_2918315 crossref_primary_10_1016_j_scico_2025_103331 crossref_primary_10_1007_s10664_024_10599_6 crossref_primary_10_1111_risa_70059 crossref_primary_10_1145_3714464 crossref_primary_10_1145_3643782 crossref_primary_10_1145_3660823 crossref_primary_10_1016_j_jss_2023_111827 crossref_primary_10_1007_s10664_023_10388_7
Cites_doi	10.1007/s10664-014-9325-9 10.1109/TSE.2002.1019480 10.1109/TSE.2005.28 10.1145/1094811.1094832 10.1109/TSE.2007.70747 10.1145/1595808.1595821 10.1145/2901739.2901743 10.1109/SANER.2015.7081869 10.1109/ICSM.2015.7332478 10.1109/ICSE.2015.140 10.1109/SCAM.2014.17 10.1109/ICSM.2015.7332471 10.1037/0033-2909.95.3.576 10.1109/VISSOFT.2014.29 10.1109/SCAM.2014.30 10.1109/ICSM.2012.6405296 10.1109/ICSME.2016.64 10.1109/ICPC.2013.6613843 10.1109/VLHCC.2010.13 10.1109/ICSM.2013.18 10.1145/1368088.1368153 10.1109/ICSM.2008.4658096 10.1109/CSMR-WCRE.2014.6747205 10.1002/smr.1660 10.1109/ASEW.2015.21 10.1145/2501585.2501586 10.1007/s10664-014-9317-9 10.1145/2901739.2901769 10.1109/CSMR.2013.33 10.1016/j.infsof.2015.02.014
ContentType	Journal Article
Copyright	Springer Science+Business Media New York 2017
Copyright_xml	– notice: Springer Science+Business Media New York 2017
DBID	AAYXX CITATION
DOI	10.1007/s10664-017-9521-5
DatabaseName	CrossRef
DatabaseTitle	CrossRef
DatabaseTitleList
DeliveryMethod	fulltext_linktorsrc
Discipline	Computer Science
EISSN	1573-7616
EndPage	417
ExternalDocumentID	10_1007_s10664_017_9521_5
GrantInformation_xml	– fundername: Japan Society for the Promotion of Science grantid: 25220003 funderid: http://dx.doi.org/10.13039/501100001691
GroupedDBID	-4Z -59 -5G -BR -EM -Y2 -~C .86 .DC .VR 06D 0R~ 0VY 199 1N0 1SB 2.D 203 28- 29G 2J2 2JN 2JY 2KG 2LR 2P1 2VQ 2~H 30V 4.4 406 408 409 40D 40E 5GY 5QI 5VS 67Z 6NX 78A 8FE 8FG 8TC 8UJ 95- 95. 95~ 96X AABHQ AACDK AAHNG AAIAL AAJBT AAJKR AANZL AAOBN AARHV AARTL AASML AATNV AATVU AAUYE AAWCG AAYIU AAYOK AAYQN AAYTO AAYZH ABAKF ABBBX ABBXA ABDZT ABECU ABFTD ABFTV ABHLI ABHQN ABJCF ABJNI ABJOX ABKCH ABKTR ABMNI ABMQK ABNWP ABQBU ABQSL ABSXP ABTEG ABTHY ABTKH ABTMW ABULA ABWNU ABXPI ACAOD ACBXY ACDTI ACGFS ACHSB ACHXU ACIWK ACKNC ACMDZ ACMLO ACOKC ACOMO ACPIV ACSNA ACZOJ ADHHG ADHIR ADIMF ADINQ ADKNI ADKPE ADRFC ADTPH ADURQ ADYFF ADZKW AEBTG AEFIE AEFQL AEGAL AEGNC AEJHL AEJRE AEKMD AEMSY AENEX AEOHA AEPYU AESKC AETLH AEVLU AEXYK AFBBN AFEXP AFGCZ AFKRA AFLOW AFQWF AFWTZ AFZKB AGAYW AGDGC AGGDS AGJBK AGMZJ AGQEE AGQMX AGRTI AGWIL AGWZB AGYKE AHAVH AHBYD AHKAY AHSBF AHYZX AIAKS AIGIU AIIXL AILAN AITGF AJBLW AJRNO AJZVZ ALMA_UNASSIGNED_HOLDINGS ALWAN AMKLP AMXSW AMYLF AMYQR AOCGG ARAPS ARMRJ ASPBG AVWKF AXYYD AYJHY AZFZN B-. BA0 BBWZM BDATZ BENPR BGLVJ BGNMA BSONS CAG CCPQU COF CS3 CSCUP DDRTE DL5 DNIVK DPUIP DU5 EBLON EBS EIOEI EJD ESBYG FEDTE FERAY FFXSO FIGPU FINBP FNLPD FRRFC FSGXE FWDCC GGCAI GGRSB GJIRD GNWQR GQ6 GQ7 GQ8 GXS H13 HCIFZ HF~ HG5 HG6 HMJXF HQYDN HRMNR HVGLF HZ~ I09 IHE IJ- IKXTQ ITM IWAJR IXC IZIGR IZQ I~X I~Z J-C J0Z JBSCW JCJTX JZLTJ KDC KOV KOW L6V LAK LLZTM M4Y M7S MA- N2Q NB0 NDZJH NPVJJ NQJWS NU0 O9- O93 O9G O9I O9J OAM P19 P62 P9O PF0 PT4 PT5 PTHSS Q2X QOK QOS R4E R89 R9I RHV RNI RNS ROL RPX RSV RZC RZE RZK S0W S16 S1Z S26 S27 S28 S3B SAP SCJ SCLPG SCO SDH SDM SHX SISQX SJYHP SNE SNPRN SNX SOHCF SOJ SPISZ SRMVM SSLCW STPWE SZN T13 T16 TSG TSK TSV TUC U2A UG4 UOJIU UTJUX UZXMN VC2 VFIZW W23 W48 WK8 YLTOR Z45 Z7R Z7S Z7V Z7X Z7Z Z81 Z83 Z86 Z88 Z8M Z8N Z8P Z8R Z8T Z8U Z8W Z92 ZMTXR ~EX AAPKM AAYXX ABBRH ABDBE ABFSG ABRTQ ACSTC ADHKG AEZWR AFDZB AFFHD AFHIU AFOHR AGQPQ AHPBZ AHWEU AIXLP ATHPR AYFIA CITATION PHGZM PHGZT PQGLB
ID	FETCH-LOGICAL-c327t-cc8c7a2fc359ed38bab2a0891e47827367bd4b9b4d88a7ca4f5979afab9c545e3
IEDL.DBID	RSV
ISICitedReferencesCount	170
ISICitedReferencesURI	http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000424199400010&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN	1382-3256
IngestDate	Sat Nov 29 05:37:42 EST 2025 Tue Nov 18 22:34:17 EST 2025 Fri Feb 21 02:35:46 EST 2025
IsPeerReviewed	true
IsScholarly	true
Issue	1
Keywords	Software reuse Software maintenance Security vulnerabilities
Language	English
LinkModel	DirectLink
MergedId	FETCHMERGED-LOGICAL-c327t-cc8c7a2fc359ed38bab2a0891e47827367bd4b9b4d88a7ca4f5979afab9c545e3
PageCount	34
ParticipantIDs	crossref_citationtrail_10_1007_s10664_017_9521_5 crossref_primary_10_1007_s10664_017_9521_5 springer_journals_10_1007_s10664_017_9521_5
PublicationCentury	2000
PublicationDate	2018-02-01
PublicationDateYYYYMMDD	2018-02-01
PublicationDate_xml	– month: 02 year: 2018 text: 2018-02-01 day: 01
PublicationDecade	2010
PublicationPlace	New York
PublicationPlace_xml	– name: New York
PublicationSubtitle	An International Journal
PublicationTitle	Empirical software engineering : an international journal
PublicationTitleAbbrev	Empir Software Eng
PublicationYear	2018
Publisher	Springer US
Publisher_xml	– name: Springer US
References	Schäfer, Jonas, Mezini (CR33) 2008 Kamiya, Kusumoto, Inoue (CR18) 2002; 28 CR19 CR17 CR16 CR15 CR37 CR14 Mileva, Dallmeier, Burger, Zeller (CR26) 2009 CR36 CR13 CR35 CR34 CR11 CR10 CR32 Dagenais, Robillard (CR7) 2009 Chow, Notkin (CR4) 1996 Balaban, Tip, Fuhrer (CR1) 2005 Robbes, Lungu, Röthlisberger (CR30) 2012 Plate, Ponta, Elisa (CR27) 2015 CR3 CR6 Godfrey, Zou (CR12) 2005; 31 CR5 CR8 CR29 CR28 CR9 CR25 Lehman (CR22) 1996 CR24 CR23 CR21 CR20 Xia, Matsushita, Yoshida, Inoue (CR38) 2013; 30 Bavota, Canfora, Di Penta, Oliveto, Panichella (CR2) 2015; 20 Xing, Stroulia (CR39) 2007; 33 Rogers (CR31) 2003 MW Godfrey (9521_CR12) 2005; 31 Z Xing (9521_CR39) 2007; 33 9521_CR29 EM Rogers (9521_CR31) 2003 9521_CR28 P Xia (9521_CR38) 2013; 30 9521_CR21 H Plate (9521_CR27) 2015 B Dagenais (9521_CR7) 2009 9521_CR20 9521_CR25 9521_CR23 9521_CR24 R Robbes (9521_CR30) 2012 9521_CR19 9521_CR16 K Chow (9521_CR4) 1996 9521_CR17 I Balaban (9521_CR1) 2005 T Kamiya (9521_CR18) 2002; 28 9521_CR9 9521_CR10 9521_CR32 G Bavota (9521_CR2) 2015; 20 9521_CR11 MM Lehman (9521_CR22) 1996 9521_CR8 9521_CR5 9521_CR14 9521_CR36 9521_CR6 9521_CR15 9521_CR37 9521_CR3 YM Mileva (9521_CR26) 2009 9521_CR34 9521_CR13 T Schäfer (9521_CR33) 2008 9521_CR35
References_xml	– year: 2003 ident: CR31 publication-title: Diffusion of innovations – volume: 20 start-page: 1275 issue: 5 year: 2015 end-page: 1317 ident: CR2 article-title: How the apache community upgrades dependencies: an evolutionary study publication-title: Empirical Softw Eng doi: 10.1007/s10664-014-9325-9 – volume: 28 start-page: 654 issue: 7 year: 2002 end-page: 670 ident: CR18 article-title: CCFinder: a multilinguistic token-based code clone detection system for large scale source code publication-title: IEEE Trans Softw Eng doi: 10.1109/TSE.2002.1019480 – ident: CR14 – ident: CR16 – ident: CR37 – start-page: 471 year: 2008 end-page: 480 ident: CR33 article-title: Mining framework usage changes from instantiation code publication-title: Proceedings of the 30th international conference on software engineering, ICSE ’08 – start-page: 56:1 year: 2012 end-page: 56:11 ident: CR30 article-title: How do developers react to api deprecation? The case of a smalltalk ecosystem publication-title: Proceedings of the ACM SIGSOFT 20th international symposium on the foundations of software engineering, FSE ’12 – ident: CR10 – volume: 30 start-page: 98 issue: 4 year: 2013 end-page: 104 ident: CR38 article-title: Studying reuse of out-dated third-party code in open source projects publication-title: Jpn Soc Softw Sci Technol Comput Softw – volume: 31 start-page: 166 issue: 2 year: 2005 end-page: 181 ident: CR12 article-title: Using origin analysis to detect merging and splitting of source code entities publication-title: IEEE Trans Softw Eng doi: 10.1109/TSE.2005.28 – ident: CR35 – ident: CR6 – ident: CR29 – start-page: 265 year: 2005 end-page: 279 ident: CR1 article-title: Refactoring support for class library migration publication-title: Proceedings of the 20th Annual ACM SIGPLAN conference on object-oriented programming, systems, languages, and applications, OOPSLA ’05 doi: 10.1145/1094811.1094832 – ident: CR8 – ident: CR25 – ident: CR23 – volume: 33 start-page: 818 year: 2007 end-page: 836 ident: CR39 article-title: API-evolution support with diff-catchup publication-title: IEEE Trans Softw Eng doi: 10.1109/TSE.2007.70747 – year: 2015 ident: CR27 article-title: Impact assessment for vulnerabilities in open-source software libraries publication-title: Proceedings of the 31st international conference on software maintenance and evolution, ICSME ’15 – ident: CR21 – ident: CR19 – start-page: 108 year: 1996 end-page: 124 ident: CR22 article-title: Laws of software evolution revisited publication-title: Proceedings of the 5th European workshop on software process technology, EWSPT ’96 – ident: CR3 – ident: CR15 – start-page: 599 year: 2009 end-page: 602 ident: CR7 article-title: Semdiff: analysis and recommendation support for api evolution publication-title: Proceedings of the 31st international conference on software engineering, ICSE ’09 – ident: CR17 – ident: CR13 – ident: CR11 – ident: CR9 – ident: CR32 – ident: CR34 – ident: CR36 – ident: CR5 – ident: CR28 – ident: CR24 – start-page: 57 year: 2009 end-page: 62 ident: CR26 article-title: Mining trends of library usage publication-title: Proc. Intl and ERCIM principles of soft. evol. (IWPSE) and soft. evol. (Evol) workshops, IWPSE-Evol ’09 doi: 10.1145/1595808.1595821 – year: 1996 ident: CR4 article-title: Semi-automatic update of applications in response to library changes publication-title: Proceedings of the 1996 international conference on software maintenance, ICSM ’96 – ident: CR20 – start-page: 56:1 volume-title: Proceedings of the ACM SIGSOFT 20th international symposium on the foundations of software engineering, FSE ’12 year: 2012 ident: 9521_CR30 – ident: 9521_CR35 doi: 10.1145/2901739.2901743 – ident: 9521_CR21 doi: 10.1109/SANER.2015.7081869 – ident: 9521_CR14 doi: 10.1109/ICSM.2015.7332478 – volume-title: Proceedings of the 31st international conference on software maintenance and evolution, ICSME ’15 year: 2015 ident: 9521_CR27 – volume-title: Diffusion of innovations year: 2003 ident: 9521_CR31 – ident: 9521_CR6 doi: 10.1109/ICSE.2015.140 – volume: 33 start-page: 818 year: 2007 ident: 9521_CR39 publication-title: IEEE Trans Softw Eng doi: 10.1109/TSE.2007.70747 – ident: 9521_CR19 doi: 10.1109/SCAM.2014.17 – ident: 9521_CR15 doi: 10.1109/ICSM.2015.7332471 – ident: 9521_CR9 doi: 10.1037/0033-2909.95.3.576 – ident: 9521_CR20 doi: 10.1109/VISSOFT.2014.29 – ident: 9521_CR29 doi: 10.1109/SCAM.2014.30 – start-page: 599 volume-title: Proceedings of the 31st international conference on software engineering, ICSE ’09 year: 2009 ident: 9521_CR7 – ident: 9521_CR28 doi: 10.1109/ICSM.2012.6405296 – volume: 20 start-page: 1275 issue: 5 year: 2015 ident: 9521_CR2 publication-title: Empirical Softw Eng doi: 10.1007/s10664-014-9325-9 – volume: 28 start-page: 654 issue: 7 year: 2002 ident: 9521_CR18 publication-title: IEEE Trans Softw Eng doi: 10.1109/TSE.2002.1019480 – start-page: 108 volume-title: Proceedings of the 5th European workshop on software process technology, EWSPT ’96 year: 1996 ident: 9521_CR22 – ident: 9521_CR32 doi: 10.1109/ICSME.2016.64 – ident: 9521_CR8 doi: 10.1109/ICPC.2013.6613843 – ident: 9521_CR10 doi: 10.1109/VLHCC.2010.13 – volume: 31 start-page: 166 issue: 2 year: 2005 ident: 9521_CR12 publication-title: IEEE Trans Softw Eng doi: 10.1109/TSE.2005.28 – ident: 9521_CR24 doi: 10.1109/ICSM.2013.18 – ident: 9521_CR5 – start-page: 471 volume-title: Proceedings of the 30th international conference on software engineering, ICSE ’08 year: 2008 ident: 9521_CR33 doi: 10.1145/1368088.1368153 – ident: 9521_CR23 doi: 10.1109/ICSM.2008.4658096 – ident: 9521_CR25 doi: 10.1109/CSMR-WCRE.2014.6747205 – volume-title: Proceedings of the 1996 international conference on software maintenance, ICSM ’96 year: 1996 ident: 9521_CR4 – volume: 30 start-page: 98 issue: 4 year: 2013 ident: 9521_CR38 publication-title: Jpn Soc Softw Sci Technol Comput Softw – start-page: 57 volume-title: Proc. Intl and ERCIM principles of soft. evol. (IWPSE) and soft. evol. (Evol) workshops, IWPSE-Evol ’09 year: 2009 ident: 9521_CR26 doi: 10.1145/1595808.1595821 – ident: 9521_CR34 doi: 10.1002/smr.1660 – ident: 9521_CR3 doi: 10.1109/ASEW.2015.21 – ident: 9521_CR13 doi: 10.1145/2501585.2501586 – ident: 9521_CR37 doi: 10.1007/s10664-014-9317-9 – ident: 9521_CR17 doi: 10.1145/2901739.2901769 – ident: 9521_CR36 – start-page: 265 volume-title: Proceedings of the 20th Annual ACM SIGPLAN conference on object-oriented programming, systems, languages, and applications, OOPSLA ’05 year: 2005 ident: 9521_CR1 doi: 10.1145/1094811.1094832 – ident: 9521_CR11 doi: 10.1109/CSMR.2013.33 – ident: 9521_CR16 doi: 10.1016/j.infsof.2015.02.014
SSID	ssj0009745
Score	2.6079516
Snippet	Third-party library reuse has become common practice in contemporary software development, as it includes several benefits for developers. Library dependencies...
SourceID	crossref springer
SourceType	Enrichment Source Index Database Publisher
StartPage	384
SubjectTerms	Compilers Computer Science Interpreters Programming Languages Software Engineering/Programming and Operating Systems
Subtitle	An empirical study on the impact of security advisories on library migration
Title	Do developers update their library dependencies?
URI	https://link.springer.com/article/10.1007/s10664-017-9521-5
Volume	23
WOSCitedRecordID	wos000424199400010&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
journalDatabaseRights	– providerCode: PRVAVX databaseName: SpringerLINK Contemporary 1997-Present customDbUrl: eissn: 1573-7616 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0009745 issn: 1382-3256 databaseCode: RSV dateStart: 19970101 isFulltext: true titleUrlDefault: https://link.springer.com/search?facet-content-type=%22Journal%22 providerName: Springer Nature
link	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LSwMxEB60evBifWJ9kYMnJbCbZJvkJKIWT0V80duSZBMQpC3d1t9vsk2sBRX0PlmW2Uzmy34z8wGcEWqsh9UKO-oYZkT5kBKaY0cy7XIr_JeuGrEJ3u-LwUDexz7uOlW7J0qyOam_NLt1u6FiIlCOJMfFKqz5bCdCND48viwm7fJGmTjM1sPUJ_REZX73iOVktMyENgmm1_7Xq23BZsST6Gq-AbZhxQ53oJ20GlAM3V3IbkYoNkh5wIdm43DTRw1NgOKfHJQEcf2a-nIPnnu3T9d3OKolYEMJn2JjhOGKOEMLaSsqtNJEZULmlnkUwGmX64ppqVklhOJGMefvElI5paXxMMrSfWgNR0N7EMqdCu2BA89d5Zg0QqnCiLzQHq6Y3HLdgSy5rTRxlHhQtHgrF0OQg0dK75EyeKQsOnD-uWQ8n6Pxm_FF8nMZQ6r-2frwT9ZHsOExj5gXXh9DazqZ2RNYN-_T13py2mylD64Kwlw
linkProvider	Springer Nature
linkToHtml	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3fS8MwED50Cvri_InzZx98UgJtki7pk4g6Js4hOsW3kqQJCLKNdfPvN-kS50AFfb-Ucs3lvvS-uw_gBBOlLawWyBBDEcXChhSXDBkcS5Nobr90UYlNsG6Xv7xk976Puwxs91CSrE7qL81uzaZjTLiSI05QughL1CYsx-N7eHyeTdpllTKxm62HiE3ooZT53SPmk9F8JbRKMK36v15tHdY8nowuphtgAxZ0fxPqQash8qG7BfHVIPINUhbwRZOhu-lHVZkg8n9yoiCIa9eU59vw1LruXbaRV0tAimA2RkpxxQQ2iqSZLgiXQmIR8yzR1KIARppMFlRmkhacC6YENfYukQkjZKYsjNJkB2r9QV_vOrpTKi1wYIkpDM0UFyJVPEmlhSsq0Uw2IA5uy5UfJe4ULd7y2RBk55HceiR3HsnTBpx-LhlO52j8ZnwW_Jz7kCp_tt77k_UxrLR7d528c9O93YdVi3_4lIR9ALXxaKIPYVm9j1_L0VG1rT4A1OzFQA
linkToPdf	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV3dS8MwED90ivji_MT52QeflLC2SZf0ScQ5FGUM_GBvJUkTEKQra-ffb9KmzoEK4vulhGuO-yV39_sBnIVYKgOrOdJYE0RCbkKKCYp06AsdKGb-dFqJTdDhkI3H8cjpnBZNt3tTkqxnGixLU1Z281R3vwy-9Xq2e8KWH8MARcuwQqxmkL2uP77MWXdppVJsefYQNsm9KWt-94nFxLRYFa2SzaD9721uwobDmd5VfTC2YEll29BuNBw8F9I74PcnnhucMkDQm-X2BcCrygeee-HxGqFcs6a43IXnwc3T9S1yKgpI4pCWSEomKQ-1xFGsUswEFyH3WRwoYtABxT0qUiJiQVLGOJWcaHPHiLnmIpYGXim8B61skql92wYVCQMoaKBTTWLJOI8kCyJhYIwMFBUd8BsXJtJRjFuli7dkTo5sPZIYjyTWI0nUgfPPJXnNr_Gb8UXj88SFWvGz9cGfrE9hbdQfJA93w_tDWDewiNW92UfQKqczdQyr8r18LaYn1Qn7AH1MziQ
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Do+developers+update+their+library+dependencies%3F&rft.jtitle=Empirical+software+engineering+%3A+an+international+journal&rft.au=Kula%2C+Raula+Gaikovina&rft.au=German%2C+Daniel+M.&rft.au=Ouni%2C+Ali&rft.au=Ishio%2C+Takashi&rft.date=2018-02-01&rft.issn=1382-3256&rft.eissn=1573-7616&rft.volume=23&rft.issue=1&rft.spage=384&rft.epage=417&rft_id=info:doi/10.1007%2Fs10664-017-9521-5&rft.externalDBID=n%2Fa&rft.externalDocID=10_1007_s10664_017_9521_5
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1382-3256&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1382-3256&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1382-3256&client=summon