Project Details
Automated risk analysis with respect to open-source dependencies (Hektor) (T03#)
Subject Area
Software Engineering and Programming Languages
Term
from 2021 to 2024
Project identifier
Deutsche Forschungsgemeinschaft (DFG) - Project number 160364472
In this transfer project, we explore how techniques from the quality assurance of services in on-the- fly service markets can be applied to the pressing problem of securely managing open source dependencies in large software development ecosystems. To this end, novel techniques will be developed and evaluated to efficiently and precisely detect and mitigate the inclusion of known-to- be-vulnerable third-party dependencies within software compositions. The project aims to build an open-source tool chain called HEKTOR to support the secure development of applications and services. In principle, these developments should enable precise and efficient analysis of software artifacts on a large scale. The effectiveness of the developed techniques will be validated in a real environment at the partner company SAP SE.
DFG Programme
Collaborative Research Centres (Transfer Project)
Applicant Institution
Universität Paderborn
Business and Industry
SAP Deutschland SE & Co. KG
Project Head
Professor Dr. Eric Bodden