Skip to main content

Gina Cody School researchers develop new tool for safer software choices

August 1, 2024
|

A split image featuring two people: on the left is Zeyang Ma, wearing a white jacket and standing in front of a mountainous landscape near a body of water; on the right is Peter Chen, smiling and wearing glasses with a black shirt, standing indoors with a blurred background. Zeyang Ma and Peter Chen.

Building a software application is akin to constructing a skyscraper—every piece must fit perfectly for structural integrity. In software development, these essential pieces are often pre-made code libraries that save developers time and add complex features effortlessly. However, just like a flawed building material can jeopardize a skyscraper's safety, these libraries can harbor security flaws that make the entire application vulnerable to attacks.

To address this critical issue, a new tool called VulNet was created by PhD student Zeyang Ma, his supervisor Professor Peter Chen from Concordia’s Gina Cody School of Engineering and Computer Science and colleagues from Concordia and Queen’s University.

This tool helps developers effortlessly identify and choose the safest and most reliable libraries for their projects. It improves the way developers detect and manage these potential security risks, which were often missed or misjudged by earlier tools like Maven Repository (MVN) and Open Source Insights (OSI).

VulNet ensures that developers get more accurate information about which libraries might be risky and which are safe to use. This is done by examining more libraries and cutting down on the number of lesser concerns developers are alerted about, making their decisions clearer and simpler.

“VulNet represents a significant step towards making software development safer and more reliable,” explains Professor Peter Chen who leads the Software Performance, Analysis, and Reliability lab in the Gina Cody School’s Department of Computer Science and Software Engineering. “With this tool, developers can confidently manage their software’s library and dependencies, greatly reducing the risk of security issues.”

In a study involving 24 developers including professional developers and researchers, VulNet was rated 4.5 out of 5 for its usefulness, making it a preferred choice over other tools. This tool not only makes it easier to spot problems but also helps developers focus on the most serious issues first.

For more details on VulNet, check out the team's findings in the Empirical Software Engineering journal.

Learn more about the Department of Computer Science and Software Engineering at the Gina Cody School.



Back to top

© Concordia University