Project Details
Projekt Print View

Automated risk analysis with respect to open-source dependencies (Hektor) (T03#)

Subject Area Software Engineering and Programming Languages
Term from 2021 to 2024
Project identifier Deutsche Forschungsgemeinschaft (DFG) - Project number 160364472
 
In this transfer project, we explore how techniques from the quality assurance of services in on-the- fly service markets can be applied to the pressing problem of securely managing open source dependencies in large software development ecosystems. To this end, novel techniques will be developed and evaluated to efficiently and precisely detect and mitigate the inclusion of known-to- be-vulnerable third-party dependencies within software compositions. The project aims to build an open-source tool chain called HEKTOR to support the secure development of applications and services. In principle, these developments should enable precise and efficient analysis of software artifacts on a large scale. The effectiveness of the developed techniques will be validated in a real environment at the partner company SAP SE.
DFG Programme Collaborative Research Centres (Transfer Project)
Applicant Institution Universität Paderborn
Business and Industry SAP Deutschland SE & Co. KG
 
 

Additional Information

Textvergrößerung und Kontrastanpassung