Eric Bouwers scite author profile

Eric Bouwers

4Publications

174Citation Statements Received

58Citation Statements Given

How they've been cited

191

170

How they cite others

Affiliations

Scientific Computing & Modelling (Netherlands), Delft University of Technology, Software (Spain)

Publications

Order By: Most citations

Measuring Dependency Freshness in Software Systems

Cox

Bouwers

Eekelen

et al. 2015

View full text Add to dashboard Cite

Abstract-Modern software systems often make use of thirdparty components to speed-up development and reduce maintenance costs. In return, developers need to update to new releases of these dependencies to avoid, for example, security and compatibility risks. In practice, prioritizing these updates is difficult because the use of outdated dependencies is often opaque. In this paper we aim to make this concept more transparent by introducing metrics to quantify the use of recent versions of dependencies, i.e. the system's "dependency freshness".We propose and investigate a system-level metric based on an industry benchmark. We validate the usefulness of the metric using interviews, analyze the variance of the metric through time, and investigate the relationship between outdated dependencies and security vulnerabilities. The results show that the measurements are considered useful, and that systems using outdated dependencies four times as likely to have security issues as opposed to systems that are up-to-date.

show abstract

Tracking known security vulnerabilities in proprietary software systems

Cadariu

Bouwers²,

Visser

et al. 2015

View full text Add to dashboard Cite

Known security vulnerabilities can be introduced in software systems as a result of being dependent upon third-party components. These documented software weaknesses are "hiding in plain sight" and represent low hanging fruit for attackers. In this paper we present the Vulnerability Alert Service (VAS), a tool-based process to track known vulnerabilities in software systems throughout their life cycle. We studied its usefulness in the context of external software product quality monitoring provided by the Software Improvement Group, a software advisory company based in Amsterdam, the Netherlands. Besides empirically assessing the usefulness of the VAS, we have also leveraged it to gain insight and report on the prevalence of third-party components with known security vulnerabilities in proprietary applications.

show abstract

Quantifying the Analyzability of Software Architectures

Bouwers

Correia

Deursen³

et al. 2011

View full text Add to dashboard Cite

Abstract-The decomposition of a software system into components is a major decision in any software architecture, having a strong influence on many of its quality aspects. A system's analyzability, in particular, is influenced by its decomposition into components. But into how many components should a system be decomposed to achieve optimal analyzability? And how should the elements of the system be distributed over those components?In this paper, we set out to find answers to these questions with the support of a large repository of industrial and open source software systems. Based on our findings, we designed a metric which we call Component Balance. In a case study we show that the metric provides pertinent results in various evaluation scenarios. In addition, we report on an empirical study that demonstrates that the metric is strongly correlated with ratings for analyzability as given by experts.

show abstract

Getting what you measure

2012

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Eric Bouwers

Measuring Dependency Freshness in Software Systems

Tracking known security vulnerabilities in proprietary software systems

Quantifying the Analyzability of Software Architectures

Getting what you measure

Contact Info

Product

Resources

About