: Joël Cox, Eric Bouwers, Marko van Eekelen, Joost VisserVenue
: International Conference on Software EngineeringDate
: 2015Type of Experiement
: OtherSample Size
: 75Class/Experience Level
: OtherParticipant Selection
: analyzed systems from different clientsData Collection Method
Nowadays, many softwares use third-party components in order to speed up development and reduce the cost of development. But when using third-party components, softwares become dependency of that component. Because of this, needing to update the third-party component with their software can easily cause problems to the code base. When do developers decide it is time to update a dependency? When does it become too expensive to update a dependency? The author came up with a metric, dependency freshness, to help developers decide when it is time to update a third-party component.
In order to determine the dependency freshness, the authors came up with four criteria: Technology independent, Ease of implementation, Simple to understand, and Enable root-cause analysis. In order to satisfy the criteria, they are taking accounts of the third-party component's version sequence number, version release date, and version number delta. Overall, the study shows that systems that has a low dependency freshness are more than four times more likely to have security issues.