Dataset

RQ1: How prevalent are persistent vulnerabilities in the Maven ecosystem?

RQ2: What are the causes of persistent vulnerabilities?

RQ3: How do existing solutions address persistent vulnerabilities?

RQ4: How effective is Ranger regarding mitigating the persistence of vulnerabilities?

Restored Ranges by Ranger (server) in Maven

RQ1: How prevalent are persistent vulnerabilities in the Maven ecosystem?

The impact of vulnerabilities over time is evaluated to reveal the distribution of time spans of persistent vulnerabilities.

rq1

Vul rates of Log4Shell

Half-lives of vulnerabilities

Filtered Half-lives

New Release Span

Filtered NRS

RQ2: What are the causes of persistent vulnerabilities?

To mitigate the persistent vulnerabilities, we investigated what blocks the patched versions to downstream libraries.

Distribution of causes

Cause 1

Cause 2

Cause 3

Cause 4

Cause 5

Cause 6

RQ3: How do existing solutions address persistent vulnerabilities?

To overcome the challenges of deriving a solution, we reviewed the existing countermeasures to identify the pros and cons.

Version Ranges: Latest version CVE avoided

Version Ranges: Latest version affected by CVE

Version Ranges: Any versions CVE avoided

Version Ranges: Any versions affected by CVE

Dependency Version Overriding

RQ4: How effective is Ranger regarding mitigating the persistence of vulnerabilities?

Ranger (plug-in) results on Github Dataset

Ground truth of GitHub Dataset

Restored Ranges by Ranger (server) in Maven

Depth 1

Depth 2

Depth 3

Depth 4

Depth 5

Depth 6

Depth 7

Depth 8

Depth 9

Depth 10

RQ4 2

CVE mappings

The mappings between collected CVE and the Group:artifact:version

CVE mappings

Go to Source Code

Thank you for visiting

Page updated

Google Sites

Report abuse