For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
13
views
14
references
 Top references
cited by
0
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
0 collections
    0
    shares
      458
      similar
       All similar
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      An Empirical Analysis of Vulnerabilities in Python Packages for Web Applications

      Preprint
      Author(s):
      Publication date Created:

      Read this article at

      ScienceOpenArXiv
      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          This paper examines software vulnerabilities in common Python packages used particularly for web development. The empirical dataset is based on the PyPI package repository and the so-called Safety DB used to track vulnerabilities in selected packages within the repository. The methodological approach builds on a release-based time series analysis of the conditional probabilities for the releases of the packages to be vulnerable. According to the results, many of the Python vulnerabilities observed seem to be only modestly severe; input validation and cross-site scripting have been the most typical vulnerabilities. In terms of the time series analysis based on the release histories, only the recent past is observed to be relevant for statistical predictions; the classical Markov property holds.

          Related collections

          Most cited references14

          • Record: found
          • Abstract: not found
          • Article: not found

          Predicting U.S. Recessions with Dynamic Binary Response Models

          Heikki Kauppi, Pentti Saikkonen (2008)
          Article 0 comments Cited 18 times – based on 0 reviews     Review now
            Bookmark
            • Record: found
            • Abstract: not found
            • Article: not found

            Experimental Designs.

            G M Cox, W. Cochran, D R Cox (1958)
            Article 0 comments Cited 18 times – based on 0 reviews     Review now
              Bookmark
              • Record: found
              • Abstract: not found
              • Conference Proceedings: not found

              On the impact of security vulnerabilities in the npm package dependency network

              Alexandre Decan, Tom Mens, Eleni Constantinou (2018)
              Article 0 comments Cited 12 times – based on 0 reviews
                Bookmark
                All references

                Author and article information

                Journal
                Publication date Created: 31 October 2018
                Article
                ArXiV ID: 1810.13310
                SO-VID: dc06c375-e7e0-494a-b4c6-8c46143045e4
                License:

                http://arxiv.org/licenses/nonexclusive-distrib/1.0/

                History
                Custom metadata
                Comments Forthcoming in: Proceedings of the 9th International Workshop on Empirical Software Engineering in Practice (IWESEP 2018), Nara, IEEE
                Categories cs.SE cs.CR

                ScienceOpen disciplines: Software engineering,Security & Cryptology
                Data availability:
                ScienceOpen disciplines: Software engineering, Security & Cryptology

                Comments

                Comment on this article