V-Achilles: An Interactive Visualization of Transitive Security Vulnerabilities
Issued Date
2022-09-19
Resource Type
Scopus ID
2-s2.0-85146954197
Journal Title
ACM International Conference Proceeding Series
Rights Holder(s)
SCOPUS
Bibliographic Citation
ACM International Conference Proceeding Series (2022)
Suggested Citation
Jarukitpipat V., Chhun K., Wanprasert W., Ragkhitwetsagul C., Choetkiertikul M., Sunetnanta T., Kula R.G., Chinthanet B., Ishio T., Matsumoto K. V-Achilles: An Interactive Visualization of Transitive Security Vulnerabilities. ACM International Conference Proceeding Series (2022). doi:10.1145/3551349.3559526 Retrieved from: https://repository.li.mahidol.ac.th/handle/20.500.14594/84255
Title
V-Achilles: An Interactive Visualization of Transitive Security Vulnerabilities
Author's Affiliation
Other Contributor(s)
Abstract
A key threat to the usage of third-party dependencies has been the threat of security vulnerabilities, which risks unwanted access to a user application. As part of an ecosystem of dependencies, users of a library are prone to both the direct and transitive dependencies adopted into their applications. Recent work involves tool supports for vulnerable dependency updates, rarely showing the complexity of the transitive updates. In this paper, we introduce our solution to support vulnerability updating in npm. V-Achilles is a prototype that shows a visualization (i.e., using dependency graphs) affected by vulnerability attacks. In addition to the tool overview, we highlight three use cases to demonstrate the usefulness and application of our prototype with real-world npm packages. The prototype is available at https://github.com/MUICT-SERU/V-Achilles, with an accompanying video demonstration at https://www.youtube.com/watch?v=tspiZfhMNcs.