The Used, the Bloated, and the Vulnerable: Reducing the Attack Surface of an Industrial Application sap security research oss debloating Related Secure Software Development in the Era of Fluid Multi-party Open Software and Services LastPyMile: Identifying the Discrepancy between Sources and Packages Beyond Metadata: Code-centric and Usage-based Analysis of Known Vulnerabilities in Open-source Software Vulnerable Open Source Dependencies: Counting Those That Matter Project Kb