Toward a prioritization approach for third-party software library updates

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming Pub Date : 2025-05-08 DOI:10.1016/j.scico.2025.103331

Abdalrahman Aburakhia , Mohammad Alshayeb

{"title":"Toward a prioritization approach for third-party software library updates","authors":"Abdalrahman Aburakhia , Mohammad Alshayeb","doi":"10.1016/j.scico.2025.103331","DOIUrl":null,"url":null,"abstract":"<div><div>Third-party libraries (TPLs) have been widely used in software development. Recent studies showed that software developers struggle to manage the dependencies between third-party libraries for many reasons, such as unknown update efforts and the lack of awareness about related security issues. To overcome these limitations, in this paper, we propose a TPL update prioritization approach, which provides valuable insights for mobile app developers to help improve the decision-making process. We investigate mobile app developers’ behavior while updating TPLs through a survey with 39 practitioners. The results clearly show the need for a prioritization approach. To gain more insight into TPL, we propose five TPL categories (Compatibility, Accessibility, Maintenance, Business Value, and Security) and propose metrics to measure the related factors of each category. We utilize the Analytical Hierarchy Process (AHP) and the Simple Additive Weighting (SAW) methods to rank the libraries for the update and automate the approach via a chatbot. We conducted a case study with 7 participants. Most participants (82 %) found the bot’s results useful; moreover, the bot can save software developers around 4 min per task, with an average of 18 s per task compared to 243 s by the baseline.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"246 ","pages":"Article 103331"},"PeriodicalIF":1.5000,"publicationDate":"2025-05-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Science of Computer Programming","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S016764232500070X","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

Third-party libraries (TPLs) have been widely used in software development. Recent studies showed that software developers struggle to manage the dependencies between third-party libraries for many reasons, such as unknown update efforts and the lack of awareness about related security issues. To overcome these limitations, in this paper, we propose a TPL update prioritization approach, which provides valuable insights for mobile app developers to help improve the decision-making process. We investigate mobile app developers’ behavior while updating TPLs through a survey with 39 practitioners. The results clearly show the need for a prioritization approach. To gain more insight into TPL, we propose five TPL categories (Compatibility, Accessibility, Maintenance, Business Value, and Security) and propose metrics to measure the related factors of each category. We utilize the Analytical Hierarchy Process (AHP) and the Simple Additive Weighting (SAW) methods to rank the libraries for the update and automate the approach via a chatbot. We conducted a case study with 7 participants. Most participants (82 %) found the bot’s results useful; moreover, the bot can save software developers around 4 min per task, with an average of 18 s per task compared to 243 s by the baseline.

查看原文本刊更多论文

面向第三方软件库更新的优先级方法

第三方库（tpl）在软件开发中得到了广泛的应用。最近的研究表明，由于许多原因，软件开发人员难以管理第三方库之间的依赖关系，例如未知的更新工作和缺乏对相关安全问题的认识。为了克服这些限制，在本文中，我们提出了一种TPL更新优先级方法，为移动应用程序开发人员提供了有价值的见解，以帮助改进决策过程。通过对39名从业者的调查，我们调查了移动应用程序开发人员在更新tpl时的行为。结果清楚地表明需要一个优先排序的方法。为了更深入地了解TPL，我们提出了五个TPL类别（兼容性、可访问性、维护、业务价值和安全性），并提出了度量每个类别相关因素的指标。我们利用分析层次过程（AHP）和简单加性加权（SAW）方法对库进行更新排名，并通过聊天机器人自动化该方法。我们对7名参与者进行了案例研究。大多数参与者（82%）认为机器人的结果有用；此外，机器人可以为软件开发人员每个任务节省大约4分钟，平均每个任务节省18秒，而基线为243秒。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Science of Computer Programming 工程技术-计算机：软件工程

CiteScore

3.80

自引率

0.00%

发文量

审稿时长

67 days

期刊介绍： Science of Computer Programming is dedicated to the distribution of research results in the areas of software systems development, use and maintenance, including the software aspects of hardware design. The journal has a wide scope ranging from the many facets of methodological foundations to the details of technical issues andthe aspects of industrial practice. The subjects of interest to SCP cover the entire spectrum of methods for the entire life cycle of software systems, including • Requirements, specification, design, validation, verification, coding, testing, maintenance, metrics and renovation of software; • Design, implementation and evaluation of programming languages; • Programming environments, development tools, visualisation and animation; • Management of the development process; • Human factors in software, software for social interaction, software for social computing; • Cyber physical systems, and software for the interaction between the physical and the machine; • Software aspects of infrastructure services, system administration, and network management.