Modern software uses frameworks through their Application Programming Interfaces (apis). Framework apis may change while frameworks evolve. Client programs have to upgrade to new releases of frameworks if security vul...
详细信息
ISBN:
(纸本)9780769553047
Modern software uses frameworks through their Application Programming Interfaces (apis). Framework apis may change while frameworks evolve. Client programs have to upgrade to new releases of frameworks if security vulnerabilities are discovered in the used releases. Patching security vulnerabilities can be delayed by non-security-relatedapichanges when the frameworks used by client programs are not up to date. Keeping frameworks updated can reduce the reaction time to patch security leaks. Client program upgrades are not cost-free, developers need to understand the api usages in client programs and apichanges between framework releases before conduct upgrading tasks. In this paper, we propose a tool ACUA to generate reports containing detailed api change and usage information by analyzing the binary code of both frameworks and clients programs written in Java. Developers can use the api change and usage reports generated by ACUA to estimate the work load and decide when to starting upgrading client programs based on the estimation.
暂无评论