In this transfer project, we explore how techniques from the quality assurance of services in on-the- fly service markets can be applied to the pressing problem of securely managing open source dependencies in large software development ecosystems. To this end, novel techniques will be developed and evaluated to efficiently and precisely detect and mitigate the inclusion of known-to- be-vulnerable third-party dependencies within software compositions. The project aims to build an open-source tool chain called HEKTOR to support the secure development of applications and services. In principle, these developments should enable precise and efficient analysis of software artifacts on a large scale. The effectiveness of the developed techniques will be validated in a real environment at the partner company SAP SE.

DFG Programme Collaborative Research Centres (Transfer Project)

Subproject of SFB 901:  On-The-Fly (OTF) Computing - Individualised IT-Services in Dynamic Markets

Applicant Institution Universität Paderborn

Business and Industry SAP Deutschland SE & Co. KG

Project Head Professor Dr. Eric Bodden