In this transfer project, we explore how techniques from the quality assurance of services in on-the-fly service markets can be applied to the pressing problem of securely managing open-source dependencies in large software-development ecosystems in a reliable and automated fashion. To this end, novel techniques will be developed and evaluated that enable dependency-scanning tools to reliably detect and mitigate the inclusion of known-to-be-vulnerable third-party dependencies within software compositions. The project aims to build an open-source tool chain called REAKTOR to support the secure development of applications and services in an automated way. In principle, these developments should enable the precise, efficient, and especially reliable analysis of software artifacts on a large scale. The effectiveness of the developed techniques will be validated in a real environment at the partner company SAP SE.

DFG Programme Collaborative Research Centres (Transfer Project)

Subproject of SFB 901:  On-The-Fly (OTF) Computing - Individualised IT-Services in Dynamic Markets

Applicant Institution Universität Paderborn

Business and Industry SAP Deutschland SE & Co. KG

Project Head Professor Dr. Eric Bodden