1 code implementation • 7 May 2021 • Therese Fehrer, Rocío Cabrera Lozoya, Antonino Sabetta, Dario Di Nucci, Damian A. Tamburri
The sources of reliable, code-level information about vulnerabilities that affect open-source software (OSS) are scarce, which hinders a broad adoption of advanced tools that provide code-level detection and assessment of vulnerable OSS dependencies.