A4 Article in conference proceedings
An Empirical Analysis of Vulnerabilities in Python Packages for Web Applications

List of Authors: Jukka Ruohonen
Publication year: 2019
Book title *: 2018 9th International Workshop on Empirical Software Engineering in Practice (IWESEP)
ISBN: 978-1-7281-0440-9
eISBN: 978-1-7281-0439-3
ISSN: 2333-519X


This paper examines software vulnerabilities in common Python packages used particularly for web development. The empirical dataset is based on the PyPI package repository and the so-called Safety DB used to track vulnerabilities in selected packages within the repository. The methodological approach builds on a release-based time series analysis of the conditional probabilities for the releases of the packages to be vulnerable. According to the results, many of the Python vulnerabilities observed seem to be only modestly severe; input validation and cross-site scripting have been the most typical vulnerabilities. In terms of the time series analysis based on the release histories, only the recent past is observed to be relevant for statistical predictions; the classical Markov property holds.

Last updated on 2019-30-04 at 08:56