Vulnerability diffusions in software product networks
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Kang, Martin | - |
dc.contributor.author | Templeton, Gary | - |
dc.contributor.author | Um, SungYong | - |
dc.date.accessioned | 2024-05-02T02:30:28Z | - |
dc.date.available | 2024-05-02T02:30:28Z | - |
dc.date.issued | 2023-12 | - |
dc.identifier.issn | 0272-6963 | - |
dc.identifier.issn | 1873-1317 | - |
dc.identifier.uri | https://scholarworks.bwise.kr/erica/handle/2021.sw.erica/118936 | - |
dc.description.abstract | During software product development, the combination of digital resources (such as application programming interfaces and software development kits) establishes loose and tight edges between nodes, which form a software product network (SPN). These edges serve as observable conduits that may help practitioners and researchers better understand how vulnerabilities diffuse through SPNs. We apply network theory to analyze data from over 12 years of records extracted from the National Vulnerability Database. We contribute novel measures established using machine learning to gauge the properties influencing vulnerability diffusion within an SPN. We observed an SPN having a discernable shape that changed over time via network updates. We propose hypotheses and find empirical evidence that vulnerability diffusion is influenced by edge dynamics, developer responses, and their interaction. Implications for practice are that increased developer responses reduce software vulnerability diffusion attributed to edge dynamics. | - |
dc.format.extent | 29 | - |
dc.language | 영어 | - |
dc.language.iso | ENG | - |
dc.publisher | Elsevier BV | - |
dc.title | Vulnerability diffusions in software product networks | - |
dc.type | Article | - |
dc.publisher.location | 미국 | - |
dc.identifier.doi | 10.1002/joom.1270 | - |
dc.identifier.scopusid | 2-s2.0-85165410150 | - |
dc.identifier.wosid | 001029342900001 | - |
dc.identifier.bibliographicCitation | Journal of Operations Management, v.69, no.8, pp 1342 - 1370 | - |
dc.citation.title | Journal of Operations Management | - |
dc.citation.volume | 69 | - |
dc.citation.number | 8 | - |
dc.citation.startPage | 1342 | - |
dc.citation.endPage | 1370 | - |
dc.type.docType | 정기학술지(Article(Perspective Article포함)) | - |
dc.description.isOpenAccess | N | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | ssci | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Business & Economics | - |
dc.relation.journalResearchArea | Operations Research & Management Science | - |
dc.relation.journalWebOfScienceCategory | Management | - |
dc.relation.journalWebOfScienceCategory | Operations Research & Management Science | - |
dc.subject.keywordPlus | UNIT-ROOT TESTS | - |
dc.subject.keywordPlus | PANEL-DATA | - |
dc.subject.keywordPlus | EMPIRICAL-ANALYSIS | - |
dc.subject.keywordPlus | PATCH RELEASE | - |
dc.subject.keywordPlus | SECURITY | - |
dc.subject.keywordPlus | IMPACT | - |
dc.subject.keywordPlus | COORDINATION | - |
dc.subject.keywordPlus | ARCHITECTURE | - |
dc.subject.keywordPlus | EXPLORATION | - |
dc.subject.keywordPlus | PERFORMANCE | - |
dc.subject.keywordAuthor | diffusion of software vulnerability | - |
dc.subject.keywordAuthor | digital resources | - |
dc.subject.keywordAuthor | information security | - |
dc.subject.keywordAuthor | machine learning | - |
dc.subject.keywordAuthor | network theory | - |
dc.subject.keywordAuthor | Node2Vec | - |
dc.subject.keywordAuthor | software vulnerability | - |
dc.identifier.url | https://onlinelibrary.wiley.com/doi/full/10.1002/joom.1270 | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
55 Hanyangdeahak-ro, Sangnok-gu, Ansan, Gyeonggi-do, 15588, Korea+82-31-400-4269 sweetbrain@hanyang.ac.kr
COPYRIGHT © 2021 HANYANG UNIVERSITY. ALL RIGHTS RESERVED.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.