A Survey of Third-Party Library Security Research in Application Software

J Zeng, D Han, Y Zhu, Y Wang, F Weng - arXiv preprint arXiv:2404.17955, 2024 - arxiv.org
J Zeng, D Han, Y Zhu, Y Wang, F Weng
arXiv preprint arXiv:2404.17955, 2024arxiv.org
In the current software development environment, third-party libraries play a crucial role.
They provide developers with rich functionality and convenient solutions, speeding up the
pace and efficiency of software development. However, with the widespread use of third-
party libraries, associated security risks and potential vulnerabilities are increasingly
apparent. Malicious attackers can exploit these vulnerabilities to infiltrate systems, execute
unauthorized operations, or steal sensitive information, posing a severe threat to software …
In the current software development environment, third-party libraries play a crucial role. They provide developers with rich functionality and convenient solutions, speeding up the pace and efficiency of software development. However, with the widespread use of third-party libraries, associated security risks and potential vulnerabilities are increasingly apparent. Malicious attackers can exploit these vulnerabilities to infiltrate systems, execute unauthorized operations, or steal sensitive information, posing a severe threat to software security. Research on third-party libraries in software becomes paramount to address this growing security challenge. Numerous research findings exist regarding third-party libraries' usage, ecosystem, detection, and fortification defenses. Understanding the usage and ecosystem of third-party libraries helps developers comprehend the potential risks they bring and select trustworthy libraries. Third-party library detection tools aid developers in automatically discovering third-party libraries in software, facilitating their management. In addition to detection, fortification defenses are also indispensable. This article profoundly investigates and analyzes this literature, summarizing current research achievements and future development directions. It aims to provide practical and valuable insights for developers and researchers, jointly promoting the healthy development of software ecosystems and better-protecting software from security threats.
arxiv.org