A Survey of Third-Party Library Security Research in Application Software
In the current software development environment, third-party libraries play a crucial role. They provide developers with rich functionality and convenient solutions, speeding up the pace and efficiency of software development. However, with the widespread use of third-party libraries, associated sec...
Saved in:
Main Authors | , , , , |
---|---|
Format | Journal Article |
Language | English |
Published |
27.04.2024
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | In the current software development environment, third-party libraries play a
crucial role. They provide developers with rich functionality and convenient
solutions, speeding up the pace and efficiency of software development.
However, with the widespread use of third-party libraries, associated security
risks and potential vulnerabilities are increasingly apparent. Malicious
attackers can exploit these vulnerabilities to infiltrate systems, execute
unauthorized operations, or steal sensitive information, posing a severe threat
to software security. Research on third-party libraries in software becomes
paramount to address this growing security challenge. Numerous research
findings exist regarding third-party libraries' usage, ecosystem, detection,
and fortification defenses. Understanding the usage and ecosystem of
third-party libraries helps developers comprehend the potential risks they
bring and select trustworthy libraries. Third-party library detection tools aid
developers in automatically discovering third-party libraries in software,
facilitating their management. In addition to detection, fortification defenses
are also indispensable. This article profoundly investigates and analyzes this
literature, summarizing current research achievements and future development
directions. It aims to provide practical and valuable insights for developers
and researchers, jointly promoting the healthy development of software
ecosystems and better-protecting software from security threats. |
---|---|
DOI: | 10.48550/arxiv.2404.17955 |