{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,9]],"date-time":"2026-02-09T10:29:05Z","timestamp":1770632945892,"version":"3.49.0"},"reference-count":25,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2020,12,10]],"date-time":"2020-12-10T00:00:00Z","timestamp":1607558400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"FASTEN EU Project","award":["H2020-ICT-2018-2020"],"award-info":[{"award-number":["H2020-ICT-2018-2020"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Technol."],"published-print":{"date-parts":[[2021,2,28]]},"abstract":"<jats:p>\n            Modern software development is increasingly dependent on components, libraries, and frameworks coming from third-party vendors or open-source suppliers and made available through a number of platforms (or\n            <jats:italic>forges<\/jats:italic>\n            ). This way of writing software puts an emphasis on reuse and on composition, commoditizing the services that modern applications require. On the other hand, bugs and vulnerabilities in a single library living in one such ecosystem can affect, directly or by transitivity, a huge number of other libraries and applications. Currently, only product-level information on library dependencies is used to contain this kind of danger, but this knowledge often reveals itself too imprecise to lead to effective (and possibly automated) handling policies. We will discuss how fine-grained function-level dependencies can greatly improve reliability and reduce the impact of vulnerabilities on the whole software ecosystem.\n          <\/jats:p>","DOI":"10.1145\/3418209","type":"journal-article","created":{"date-parts":[[2020,12,17]],"date-time":"2020-12-17T23:50:26Z","timestamp":1608249026000},"page":"1-14","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":18,"title":["Fine-Grained Network Analysis for Modern Software Ecosystems"],"prefix":"10.1145","volume":"21","author":[{"given":"Paolo","family":"Boldi","sequence":"first","affiliation":[{"name":"Dipartimento di Informatica, Universit\u00e0 degli Studi di Milano, Milan, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Georgios","family":"Gousios","sequence":"additional","affiliation":[{"name":"Department of Software Technology, Delft University of Technology, Delft, The Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,12,10]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Proceedings of the 27th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). 547--551","author":"Abate P.","year":"2020","unstructured":"P. Abate , R. Di Cosmo , G. Gousios , and S. Zacchiroli . 2020. Dependency solving is still hard, but we are getting better at it . In Proceedings of the 27th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). 547--551 . DOI:https:\/\/doi.org\/10.1109\/SANER48275. 2020 .9054837 P. Abate, R. Di Cosmo, G. Gousios, and S. Zacchiroli. 2020. Dependency solving is still hard, but we are getting better at it. In Proceedings of the 27th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). 547--551. DOI:https:\/\/doi.org\/10.1109\/SANER48275.2020.9054837"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950325"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1963405.1963488"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1080\/15427951.2013.865686"},{"key":"e_1_2_1_5_1","volume-title":"Encyclopedia of Big Data Technologies., Sherif Sakr and Albert Y","author":"Boldi Paolo","unstructured":"Paolo Boldi and Sebastiano Vigna . 2019. (Web\/social) graph compression. In Encyclopedia of Big Data Technologies., Sherif Sakr and Albert Y . Zomaya (Eds.). Springer . DOI:https:\/\/doi.org\/10.1007\/978-3-319-63962-8_54-1 Paolo Boldi and Sebastiano Vigna. 2019. (Web\/social) graph compression. In Encyclopedia of Big Data Technologies., Sherif Sakr and Albert Y. Zomaya (Eds.). Springer. DOI:https:\/\/doi.org\/10.1007\/978-3-319-63962-8_54-1"},{"key":"e_1_2_1_7_1","volume-title":"Groundwork for the Metaphysics of Morals","author":"Kant Immanuel","unstructured":"Immanuel Kant . 2002 [1785]. Groundwork for the Metaphysics of Morals . Oxford University Press . Immanuel Kant. 2002 [1785]. Groundwork for the Metaphysics of Morals. Oxford University Press."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.55"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/773473.178256"},{"key":"e_1_2_1_10_1","volume-title":"Do developers update their library dependencies? An empirical study on the impact of security advisories on library migration. CoRR abs\/1709.04621","author":"Kula Raula Gaikovina","year":"2017","unstructured":"Raula Gaikovina Kula , Daniel M. Germ\u00e1n , Ali Ouni , Takashi Ishio , and Katsuro Inoue . 2017. Do developers update their library dependencies? An empirical study on the impact of security advisories on library migration. CoRR abs\/1709.04621 ( 2017 ). arxiv:1709.04621 http:\/\/arxiv.org\/abs\/1709.04621 Raula Gaikovina Kula, Daniel M. Germ\u00e1n, Ali Ouni, Takashi Ishio, and Katsuro Inoue. 2017. Do developers update their library dependencies? An empirical study on the impact of security advisories on library migration. CoRR abs\/1709.04621 (2017). arxiv:1709.04621 http:\/\/arxiv.org\/abs\/1709.04621"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2644805"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2006.49"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380410"},{"key":"e_1_2_1_14_1","volume-title":"Pioneers and Their Contributions to Software Engineering","author":"Parnas David L.","unstructured":"David L. Parnas . 1972. On the criteria to be used in decomposing systems into modules . In Pioneers and Their Contributions to Software Engineering . Springer , 479--498. David L. Parnas. 1972. On the criteria to be used in decomposing systems into modules. In Pioneers and Their Contributions to Software Engineering. Springer, 479--498."},{"key":"e_1_2_1_15_1","unstructured":"Tom Preston-Werner. [n.d.]. Semantic Versioning 2.0.0. Retrieved from https:\/\/semver.org.  Tom Preston-Werner. [n.d.]. Semantic Versioning 2.0.0. Retrieved from https:\/\/semver.org."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2016.04.008"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1028976.1029012"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9554-9"},{"key":"e_1_2_1_19_1","volume-title":"Graph Reachability Queries: A Survey","author":"Yu Jeffrey Xu","unstructured":"Jeffrey Xu Yu and Jiefeng Cheng . 2010. Graph Reachability Queries: A Survey . Springer US , Boston, MA , 181--215. Jeffrey Xu Yu and Jiefeng Cheng. 2010. Graph Reachability Queries: A Survey. Springer US, Boston, MA, 181--215."},{"key":"e_1_2_1_20_1","volume-title":"Proceedings of the 28th {USENIX} Security Symposium ({USENIX} Security 19)","author":"Zimmermann Markus","year":"2019","unstructured":"Markus Zimmermann , Cristian-Alexandru Staicu , Cam Tenny , and Michael Pradel . 2019 . Small world with high risks: A study of security threats in the npm ecosystem . In Proceedings of the 28th {USENIX} Security Symposium ({USENIX} Security 19) . 995--1010. Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, and Michael Pradel. 2019. Small world with high risks: A study of security threats in the npm ecosystem. In Proceedings of the 28th {USENIX} Security Symposium ({USENIX} Security 19). 995--1010."},{"key":"e_1_2_1_21_1","unstructured":"Maven Central Repository. https:\/\/search.maven.org\/.  Maven Central Repository. https:\/\/search.maven.org\/."},{"key":"e_1_2_1_22_1","unstructured":"Nacho Portion Monitor. https:\/\/www.npmjs.com\/.  Nacho Portion Monitor. https:\/\/www.npmjs.com\/."},{"key":"e_1_2_1_23_1","unstructured":"GitHub.com platform. https:\/\/github.com\/.  GitHub.com platform. https:\/\/github.com\/."},{"key":"e_1_2_1_24_1","unstructured":"The Complete Open-Source and Business Software Platform. https:\/\/sourceforge.net\/.  The Complete Open-Source and Business Software Platform. https:\/\/sourceforge.net\/."},{"key":"e_1_2_1_25_1","unstructured":"The State of Open-Source Security Report. https:\/\/bit.ly\/SoOSS2019.  The State of Open-Source Security Report. https:\/\/bit.ly\/SoOSS2019."},{"key":"e_1_2_1_26_1","unstructured":"The FASTEN project website. https:\/\/www.fasten-project.eu\/.  The FASTEN project website. https:\/\/www.fasten-project.eu\/."}],"container-title":["ACM Transactions on Internet Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3418209","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3418209","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:31:36Z","timestamp":1750195896000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3418209"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,10]]},"references-count":25,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,2,28]]}},"alternative-id":["10.1145\/3418209"],"URL":"https:\/\/doi.org\/10.1145\/3418209","relation":{},"ISSN":["1533-5399","1557-6051"],"issn-type":[{"value":"1533-5399","type":"print"},{"value":"1557-6051","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,12,10]]},"assertion":[{"value":"2020-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-08-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-12-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}