Chasing the Clock: How Fast Are Vulnerabilities Fixed in the Maven Ecosystem?

March 28, 2025 Β· Declared Dead Β· πŸ› IEEE Working Conference on Mining Software Repositories

πŸ‘» CAUSE OF DEATH: Ghosted
No code link whatsoever

"No code URL or promise found in abstract"

Evidence collected by the PWNC Scanner

Authors Md Fazle Rabbi, Arifa Islam Champa, Rajshakhar Paul, Minhaz F. Zibran arXiv ID 2503.22894 Category cs.SE: Software Engineering Citations 2 Venue IEEE Working Conference on Mining Software Repositories Last Checked 4 months ago
Abstract
This study investigates the software vulnerability resolution time in the Maven ecosystem, focusing on the influence of CVE severity, library popularity as measured by the number of dependents, and version release frequency. The results suggest that critical vulnerabilities are addressed slightly faster compared to lower-severity ones. Library popularity shows a positive impact on resolution times, while frequent version updates are associated with faster vulnerability fixes. These statistically significant findings are based on a thorough evaluation of over 14 million versions from 658,078 libraries using the dependency graph database of Goblin framework. These results emphasize the need for proactive maintenance strategies to improve vulnerability management in open-source ecosystems.
Community shame:
Not yet rated
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

πŸ“œ Similar Papers

In the same crypt β€” Software Engineering

Died the same way β€” πŸ‘» Ghosted