SOUTO, G. M. B.; http://lattes.cnpq.br/2924944572384142; SOUTO, Gabriel Mareco Batista de.
Resumen:
Vulnerabilities in software dependencies, both transitive and indirect, are a common reality due to the extensive use of libraries and frameworks. This scenario increases the risks of security breaches and compromises the integrity of systems. Faced with this issue, this article proposes Safer, an automated tool designed to detect and address vulnerabilities in software dependency trees. Safer not only identifies secure versions of dependencies but also verifies their compatibility through exploratory testing. The methodology adopted involves a comparative analysis of existing tools and the application of Open Source Insights for vulnerability diagnosis, complemented by the use of Randoop for compatibility testing. The results obtained with Safer demonstrate its effectiveness in significantly reducing vulnerabilities at all severity levels, with an overall reduction of approximately 90.46%. The tool's ability to mitigate threats and indicate the feasibility of its expansion to other languages and dependency managers is noteworthy, thereby strengthening the security and reliability of software systems.
