Beyond Metadata: Code-centric and Usage-based Analysis of Known Vulnerabilities in Open-source Software sap security research oss eclipse steady Related Secure Software Development in the Era of Fluid Multi-party Open Software and Services The Used, the Bloated, and the Vulnerable: Reducing the Attack Surface of an Industrial Application LastPyMile: Identifying the Discrepancy between Sources and Packages Toward Automated Exploit Generation for Known Vulnerabilities in Open-Source Libraries Vulnerable Open Source Dependencies: Counting Those That Matter
