Home → Magazine Archive → June 2018 (Vol. 61, No. 6) → June 2018 (Vol. 61, No. 6) → Abstract

Thou Shalt Not Depend on Me

By Tobias Lauinger, Abdelberi Chaabane, Christo B. Wilson

Communications of the ACM, Vol. 61 No. 6, Pages 41-47

[article image]

back to top 

Many websites use third-party components such as JavaScript libraries, which bundle useful functionality so that developers can avoid reinventing the wheel. jQuery (https://jquery.com/) is arguably the most popular open source JavaScript library at the moment; it is found on 84% of the most popular websites as determined by Amazon's Alexa (https://www.alexa.com/topsites). But what happens when libraries have security issues? Chances are that websites using such libraries inherit these issues and become vulnerable to attacks.

Given the risk of using a library with known vulnerabilities, it is important to know how often this happens in practice and, more importantly, who is to blame for the inclusion of vulnerable libraries—the developer of the website, or maybe a third-party advertisement, or tracker code loaded on the website?


No entries found