Together with SAP we investigated the current practice for open-source software reuse at SAP and in open projects. We found that more than 87% (resp. 56%) of the dependencies were re-bundled (or re-packaged). This is a major barrier for current open-source dependency vulnerability scanners as they cannot identify these dependencies correctly. We evaluated this hypothesis using several open-source and commercial vulnerability scanners.
The IEEE Transactions on Software Engineering journal is a premier publication venue for software systems research in computer science. With an h5-index of 59 and an impact factor of 6.226 it is the 3rd ranked publication venue in software system research according to Google Scholar.