Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite (Short Summary)

This short paper5 presents a study investigating the impact of typical development practices, like re-compilation, re-bundling, on the performance of vulnerability scanners to detect known vulnerabilities in used open-source dependencies. In particular, the paper studies (i) types of modifications that affect the detection of vulnerable open-source dependencies and (ii) their impact on the performance of vulnerability scanners through an empirical study on 7024 Java projects developed at SAP.