What are the trade-offs of heavily relying on Free and Open-Source (FOSS) components to develop your own software system? How much faster are you able to ship your code to production versus what security risks you may expose your system to?
- Inspired by the work of Massacci and Pashenko, who used the technical leverage to assess this trade-off in the Java ecosystem, we perform a large-scale analysis of opportunities and risks of technical leverage in the JavaScript ecosystem.
- Our models indicate that heavily relying on FOSS shorten the release cycles of small libraries, but at a cost of significantly higher (4-7x) vulnerability exposure.
info
Interested? You can find a pre-print of our paper here.