- ホーム
- > 洋書
- > 英文書
- > Computer / General
Full Description
Open-source software supply chains wield significant influence in the software industry, drawing substantial interest from enterprises, researchers, and policymakers. Leveraging third-party libraries to build software applications is a common practice aimed at cost savings and software quality enhancement. However, heavy reliance on external libraries often leads to a state of "dependency hell", marked by issues like incompatibilities, conflicting versions, bloated dependencies, and the inclusion of vulnerable library versions. Despite extensive research on software dependency management and the evolution of software supply chains, questions linger regarding the variances in dependency challenges across programming language ecosystems and how best to address the dependency hell phenomenon from an ecosystem-wide perspective.
The aim of this book is to offer: (1) a comprehensive literature review on software supply chains, (2) discussions on modeling software supply chains and analyzing their evolutionary behaviors, (3) ecosystem-level strategies for diagnosing various dependency issues and automating problem resolution with cost-benefit analysis, and (4) provision of a toolkit and datasets to support future research and assist practitioners in addressing the challenges of dependency management. The methodologies outlined in this book have been previously presented in top-tier conferences and journals, with some techniques officially integrated into products by Microsoft Corporation and Huawei Technologies Co Ltd. This book is designed to provide readers with a solid understanding of software supply chain fundamentals and practical guidance on implementing theory and techniques in real-world industrial settings.
The book is chiefly intended for software engineering researchers and students with an academic background who are interested in learning about dependency management for third-party libraries, quality assurance for software supply chains, and the evolution of open-source software ecosystems. It will also be of interest to practitioners, including software engineers, quality assurance professionals, and software managers, as well as general readers. All will benefit from our systematic studies on the dependency hell phenomenon in various programming language communities and valuable associated artifacts.
Contents
Part I. An Overview of Software Supply Chain Research.- Chapter 1. Introducing Software Supply Chain.- Part II. Modeling and Analyzing Software Supply Chain.- Chapter 2. Modeling Software Supply Chains and Analyzing Their Evolutionary Behaviors.- Part III. Dependency Issues in Software Supply Chain.- Chapter 3. Common Types of Dependency Issues.- Part IV. Ecosystem Level Techniques Combating Dependency Issues.- Chapter 4. Detecting Compatibility Issues for Machine Learning Libraries.- Chapter 5. Diagnosing NuGet Dependency Conflicts.- Chapter 6. Streamlining Software Bloated Dependencies.- Chapter 7. Exploring Cross Ecosystem Vulnerability Impacts.- Chapter 8. Boosting the Propagation of Vulnerability Fixes in the npm Ecosystem.- Part V. Tools and Datasets.- Chapter 9. "League of Legends".- Chapter 10. Epilogue.
