Knowledge Tree
Home Research Docs About
concept

GitHub Advisory Database

Facts (10)

Sources
A Mixed-Methods Study of Open-Source Software Maintainers On ... arxiv.org arXiv Feb 3, 2025 9 facts
claimThe study participants are open-source software (OSS) project maintainers who have received and patched vulnerabilities as documented in the GitHub Advisory Database.
claimThe study is the first to investigate vulnerability management challenges that open-source software maintainers, whose projects have a history of patched vulnerabilities, face regarding platform security features involving the GitHub Advisory Database.
claimThe mixed-methods study by the authors of the source text focuses on challenges Open Source Software maintainers face regarding vulnerability management, specifically platform security features involving the GitHub Advisory Database.
claimThe study 'A Mixed-Methods Study of Open-Source Software Maintainers On ...' investigates the factors affecting open-source software (OSS) project maintainers' involvement in vulnerability management by recruiting maintainers of previously vulnerable projects sourced from the GitHub Advisory Database.
procedureThe researchers filtered GitHub Advisory Database entries to identify projects hosted on GitHub, resulting in just over 2,000 unique projects.
claimThe authors of the study 'A Mixed-Methods Study of Open-Source Software Maintainers On ...' claim to be the first to investigate vulnerability management challenges faced by open-source software (OSS) maintainers whose projects have a history of patched vulnerabilities, specifically regarding platform security features using the GitHub Advisory Database.
measurementThe researchers scraped 5,096 advisories from the GitHub Advisory Database, consisting of the 1,450 most recent advisories for each severity category (Low, Medium, High, and Critical), noting that there were fewer than 1,450 Low severity advisories listed.
procedureThe researchers conducted an online survey on Open Source Software maintainers who own previously vulnerable projects, using entries from the GitHub Advisory Database to identify factors impacting vulnerability management practices.
measurementThe researchers sampled 1,920 unique GitHub projects from the GitHub Advisory Database, with some projects having up to 185,000 stars and 400,000 listed dependent GitHub projects.
bureado/awesome-software-supply-chain-security - GitHub github.com GitHub 1 fact
claimThe GitHub Advisory Database accepts community contributions.