Understanding Software Vulnerabilities in the Maven Ecosystem: Patterns, Timelines, and Risks

March 28, 2025 Β· Declared Dead Β· πŸ› IEEE Working Conference on Mining Software Repositories

πŸ‘» CAUSE OF DEATH: Ghosted
No code link whatsoever

"No code URL or promise found in abstract"

Evidence collected by the PWNC Scanner

Authors Md Fazle Rabbi, Rajshakhar Paul, Arifa Islam Champa, Minhaz F. Zibran arXiv ID 2503.22391 Category cs.SE: Software Engineering Citations 2 Venue IEEE Working Conference on Mining Software Repositories Last Checked 4 months ago
Abstract
Vulnerabilities in software libraries and reusable components cause major security challenges, particularly in dependency-heavy ecosystems such as Maven. This paper presents a large-scale analysis of vulnerabilities in the Maven ecosystem using the Goblin framework. Our analysis focuses on the aspects and implications of vulnerability types, documentation delays, and resolution timelines. We identify 77,393 vulnerable releases with 226 unique CWEs. On average, vulnerabilities take nearly half a decade to be documented and 4.4 years to be resolved, with some remaining unresolved for even over a decade. The delays in documenting and fixing vulnerabilities incur security risks for the library users emphasizing the need for more careful and efficient vulnerability management in the Maven ecosystem.
Community shame:
Not yet rated
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

πŸ“œ Similar Papers

In the same crypt β€” Software Engineering

Died the same way β€” πŸ‘» Ghosted