Lags in the release, adoption, and propagation of npm vulnerability fixes

Bodin Chinthanet; Raula Gaikovina Kula; Shane McIntosh; Takashi Ishio; Akinori Ihara; Kenichi Matsumoto

doi:10.1007/s10664-021-09951-x

Lags in the release, adoption, and propagation of npm vulnerability fixes

Empirical Software Engineering ◽

10.1007/s10664-021-09951-x ◽

2021 ◽

Vol 26 (3) ◽

Author(s):

Bodin Chinthanet ◽

Raula Gaikovina Kula ◽

Shane McIntosh ◽

Takashi Ishio ◽

Akinori Ihara ◽

...

Keyword(s):

Empirical Study ◽

Empirical Investigation ◽

Third Party ◽

Future Research ◽

Software Ecosystem ◽

Security Vulnerability ◽

Preliminary Study ◽

Client Side

AbstractSecurity vulnerability in third-party dependencies is a growing concern not only for developers of the affected software, but for the risks it poses to an entire software ecosystem, e.g., Heartbleed vulnerability. Recent studies show that developers are slow to respond to the threat of vulnerability, sometimes taking four to eleven months to act. To ensure quick adoption and propagation of a release that contains the fix (fixing release), we conduct an empirical investigation to identify lags that may occur between the vulnerable release and its fixing release (package-side fixing release). Through a preliminary study of 231 package-side fixing release of npm projects on GitHub, we observe that a fixing release is rarely released on its own, with up to 85.72% of the bundled commits being unrelated to a fix. We then compare the package-side fixing release with changes on a client-side (client-side fixing release). Through an empirical study of the adoption and propagation tendencies of 1,290 package-side fixing releases that impact throughout a network of 1,553,325 releases of npm packages, we find that stale clients require additional migration effort, even if the package-side fixing release was quick (i.e., package-side fixing releasetypeSpatch). Furthermore, we show the influence of factors such as the branch that the package-side fixing release lands on and the severity of vulnerability on its propagation. In addition to these lags we identify and characterize, this paper lays the groundwork for future research on how to mitigate propagation lags in an ecosystem.

Download Full-text

Executive Functions and Clinical and Academic Outcomes in Speech-Language Pathology Graduate Students

Perspectives of the ASHA Special Interest Groups ◽

10.1044/2020_persp-19-00143 ◽

2020 ◽

Vol 5 (5) ◽

pp. 1221-1230

Author(s):

Jane Roitsch ◽

Kimberly A. Murphy ◽

Anastasia M. Raymer

Keyword(s):

Executive Function ◽

Academic Outcomes ◽

Graduate Program ◽

Performance Outcomes ◽

Future Research ◽

Speech Language Pathology ◽

Grade Point ◽

Praxis Ii ◽

Language Pathology ◽

Preliminary Study

Purpose The purpose of this study was to investigate executive function measures as they relate to clinical and academic performance outcomes of graduate speech-language pathology students. Method An observational design incorporating correlations and stepwise multiple regressions was used to determine the strength of the relationships between clinical outcomes that occurred at various time points throughout the graduate program (clinical coursework grades throughout the program and case study paper scores at the end of the program), academic outcomes (graduate grade point average and Praxis II exam in speech-language pathology scores), and executive function (EF) scores (EF assessment scores, self-reported EF scores). Participants were 37 students (36 women, M age = 24.1) in a master's degree program in speech-language pathology at a southeastern U.S. university during the 2017–2018 academic year. Results Findings of this preliminary study indicated that a limited number of objective EF scores and self-reported EF scores were related to clinical and academic outcomes of graduate speech-language pathology students. Conclusion As results of this preliminary study suggest that EF tests may be related to clinical and academic outcomes, future research can move to study the potential role of EF measures in the graduate admissions process in clinical graduate programs such as speech-language pathology.

Download Full-text

An Empirical Study of Holiday Season Discounts: A Comparison Between Third-Party Marketplace Sellers and Fulfilled by Walmart Sellers

SAGE Open ◽

10.1177/21582440211024179 ◽

2021 ◽

Vol 11 (2) ◽

pp. 215824402110241

Author(s):

Ya-Ling Chiu ◽

Yuan-Teng Hsu ◽

Xiaoyu Mao ◽

Jying-Nan Wang

Keyword(s):

Empirical Study ◽

Third Party ◽

Purchasing Decisions ◽

Product Categories ◽

Price Discounts ◽

Online Retailers ◽

Holiday Season ◽

Over Time

When online retailers allow third-party sellers to place certain products on their platforms, these sellers become not only collaborators but also competitors. The purpose of this study is to compare the differences in price discounts between Third-Party Marketplace (3PM) sellers and Fulfilled by Walmart (FBW) sellers on Walmart.com over time. The results, based on data collected in the form of the daily prices of 54,162 products offered by Walmart during the holiday season, show that the average discount for 3PM sellers is significantly lower than that for FBW sellers. In addition, across product categories, FBW sellers had significantly higher average discounts than 3PM sellers in the electronics, housewares, and toys categories. Furthermore, the level of discount began to increase in early November and peaked around Christmas. Our findings may help retailers manage their dealings with these third-party sellers while also helping consumers to optimize their purchasing decisions.

Download Full-text

Determinants of Consumers’ Decisions to Seek Third Party Redress: An Empirical Study of Dissatisfied Patients

Journal of Consumer Affairs ◽

10.1111/j.1745-6606.1989.tb00251.x ◽

1989 ◽

Vol 23 (2) ◽

pp. 329-363 ◽

Cited By ~ 83

Author(s):

JAGDIP SINGH

Keyword(s):

Empirical Study ◽

Third Party

Download Full-text

Perceived Exertion: An Active or Passive Process?

Journal of Sport Psychology ◽

10.1123/jsp.7.4.371 ◽

1985 ◽

Vol 7 (4) ◽

pp. 371-378 ◽

Cited By ~ 150

Author(s):

W. Jack Rejeski

Keyword(s):

Parallel Processing ◽

Empirical Study ◽

Perceived Exertion ◽

Theoretical Models ◽

Physical Work ◽

Future Research ◽

Work Intensity ◽

Ratings Of Perceived Exertion ◽

Subjective Estimates ◽

Parallel Processing Model

Subjective estimates of physical work intensity are considered of major importance to those concerned with prescription of exercise. This article reviews major theoretical models which might guide research on the antecedents for ratings of perceived exertion (RPE). It is argued that an active rather than passive view of perception is warranted in future research, and a parallel-processing model is emphasized as providing the needed structure for such reconceptualization. Moreover, existing exercise research is reviewed as support for this latter approach and several suggestions are offered with regard to needed empirical study.

Download Full-text

中國大陸內幕交易法介紹與刑事處罰實證研究：1997－2019

中正財經法學 ◽

10.53106/207873752021010022003 ◽

2021 ◽

Vol 22 (22) ◽

pp. 103-185

Author(s):

林建中林建中 ◽

李揚李揚

Keyword(s):

Empirical Study ◽

Insider Trading ◽

Empirical Investigation ◽

Criminal Cases ◽

Relevant Research ◽

Securities Law ◽

Comprehensive Picture ◽

The Law ◽

The Relationship

內幕交易罪的處理，在證券法的發展歷史中，一直具有理論與實務上之重要意義。此一問題，在中國大陸相對初生但生猛且量體巨大的市場環境中如何被面對，從理論與比較法觀點，均具備特殊的研究價值。立法層面上，中國大陸法對於內幕交易的實體法構成，經二十多年的持續發展，已呈現出一定的複雜與完整面貌。然就執行層面視之，法院對於條文的理解與具體適用仍存在諸多爭議之處，同時，相關實證統計等資料的缺乏，也成為執行層面上對內幕交易罪研究的主要障礙之一。基於上述認識，本文立足於內幕交易刑事處罰執行層面的觀察，試圖呈現相關法律設計在中國大陸的司法實踐現狀。並通過1997年立法以來法院判決的實證研究，本文除一般性地檢驗內幕交易的執法情況外，同時針對法院在解釋犯罪構成上所呈現的爭議，進行進一步的評估。文中依照觀察面向的差異，特別鎖定三個重要的子議題：內幕信息的類型及其認定、被告「知悉」的司法判準、刑事處罰的比例性在內幕交易罪中的運用與體現。以上述實證研究結果為基礎，本文擬對於中國大陸內幕交易罪之司法執行效力提出評估，同時也補充性地可提供臺灣一定之參考。Insider trading has long been recognized as one of the key elements in modern securities law. As a massive but relatively young market, how China handles this issue is a topic rich in comparative value. On its face, the law and regulations prohibiting insider trading in securities transactions have already in place for more than two decades. However, their actual implementation, as well as how courts interpret the elements of insider trading offense in cases, are still obscure to outside observers. The lack of in-depth empirical investigation in its enforcement further creates an extra layer of complexity to the relevant research. Due to the problems mentioned above, this paper conducts an empirical study of the insider trading criminal cases, ranging from 1997 to 2019, to examine how insider trading cases are enforced in China. By observing the actual cases and their attributes, this paper presents a comprehensive picture of who commits insider trading law in China and how courts decide these cases. Three sub-set issues of the implementation are under special scrutiny:types of information and defendants; standard of proving defendant's scienter; and the relationship between sanction and illegal gain. Based on the results of this study, we evaluate the effectiveness of the enforcement on insider trading law in China in its first two decades of existence.

Download Full-text

Community Pharmacy Response in the Aftermath of Natural Disasters: Time-Sensitive Opportunity for Research and Evaluation

Journal of Primary Care & Community Health ◽

10.1177/2150132718813494 ◽

2018 ◽

Vol 9 ◽

pp. 215013271881349 ◽

Cited By ~ 6

Author(s):

Kyle Melin ◽

Carlos E. Rodríguez-Díaz

Keyword(s):

Health Care ◽

Puerto Rico ◽

Community Pharmacy ◽

Natural Disaster ◽

Community Pharmacists ◽

Evidence Base ◽

Third Party ◽

Future Research ◽

Prescription Medications ◽

Collaborative Practice Agreement

One year ago, Hurricane Maria passed over the archipelago of Puerto Rico, leaving widespread disruption of nearly all human services, including the health care sector. In the aftermath of the hurricane, limited access to medical care and prescription medications presented a serious challenge to maintaining control of preexisting chronic diseases. Many patients did not have access to refrigeration for heat-sensitive medications. Significant dietary changes due to the limited availability of shelf-stable foods further exacerbated chronic conditions such as heart failure and diabetes. The role of community pharmacists following a natural disaster has previously been documented, and may include the triage of evacuees, assessment of immunization needs, and provision of prescription medications under a collaborative practice agreement. However, our experience in Puerto Rico demonstrated a variety of barriers limited pharmacists’ ability to adequately respond to the magnitude of this disaster. These included medication shortages, extended loss of power, and limited telecommunications for contacting prescribers, disaster relief agencies, and third-party payers. Ultimately, the lack of preexisting emergency protocols made overcoming such barriers difficult. As the first and sometimes only accessible health care provider to many patients following a natural disaster, we must build a solid evidence base and better understanding of the individual, interpersonal, and environmental factors that contribute to the community pharmacist response. To date, however, a paucity of data exists on both the pharmacist and patient factors, which may contribute to an effective immediate response to patient needs at the community pharmacy following a natural disaster. Future research must focus on these multi-level factors to better inform public policy and effective disaster planning. Ultimately, such research and planning will lead to increased resiliency in our primary health care systems in the face of future disasters.

Download Full-text

Internet of Things in Asset Management

International Journal of Service Science Management Engineering and Technology ◽

10.4018/ijssmet.2018040105 ◽

2018 ◽

Vol 9 (2) ◽

pp. 104-119 ◽

Cited By ~ 6

Author(s):

Sini-Kaisu Kinnunen ◽

Antti Ylä-Kujala ◽

Salla Marttonen-Arola ◽

Timo Kärri ◽

David Baglee

Keyword(s):

Decision Making ◽

Internet Of Things ◽

Radio Frequency Identification ◽

Asset Management ◽

Spare Parts ◽

Future Research ◽

Frequency Identification ◽

Preliminary Study ◽

Smart Factories ◽

Factories Of The Future

The emerging Internet of Things (IoT) technologies could rationalize data processes from acquisition to decision making if future research is focused on the exact needs of industry. This article contributes to this field by examining and categorizing the applications available through IoT technologies in the management of industrial asset groups. Previous literature and a number of industrial professionals and academic experts are used to identify the feasibility of IoT technologies in asset management. This article describes a preliminary study, which highlights the research potential of specific IoT technologies, for further research related to smart factories of the future. Based on the results of literature review and empirical panels IoT technologies have significant potential to be applied widely in the management of different asset groups. For example, RFID (Radio Frequency Identification) technologies are recognized to be potential in the management of inventories, sensor technologies in the management of machinery, equipment and buildings, and the naming technologies are potential in the management of spare parts.

Download Full-text

Averting Diversity: A Review of Nominations and Appointments to the Philippine Supreme Court (1988-2008)

Asian Journal of Comparative Law ◽

10.1017/s2194607800000478 ◽

2011 ◽

Vol 6 ◽

pp. 1-18 ◽

Cited By ~ 2

Author(s):

Dante B. Gatmaytan ◽

Cielo Magno

Keyword(s):

Empirical Study ◽

Supreme Court ◽

Geographical Origin ◽

Personal Characteristics ◽

Legal Issues ◽

Future Research ◽

Professional Experience ◽

Academic Background ◽

The Supreme Court

AbstractThis paper is an empirical study on the nominations and appointments of Supreme Court Justices during a twenty-year period from 1988, when the Judicial and Bar Council (JBC) was created in the 1987 Philippine Constitution, to 2008. The study examines the profile of individuals nominated by the JBC including their gender, age, geographical origin, academic background, and professional experience. It also explores whether the appointing Presidents display any preferences based on personal characteristics relating the effects of these preferences to the diversity on the Supreme Court. The study indicates that nominees and appointees all hail from the same background. As a result, membership of the Supreme Court is sorely unrepresentative of Philippine society. This study sets the stage for future research that will determine how this lack of diversity on the Supreme Court can affect the resolution of legal issues.

Download Full-text

Coexisting Agency and Stewardship Governance in Family Firms: An Empirical Investigation of Individual-Level and Firm-Level Effects

Family Business Review ◽

10.1177/0894486517727422 ◽

2017 ◽

Vol 30 (4) ◽

pp. 347-368 ◽

Cited By ~ 14

Author(s):

Kristen Madison ◽

Franz W. Kellermanns ◽

Timothy P. Munyon

Keyword(s):

Family Firms ◽

Empirical Investigation ◽

Future Research ◽

Firm Level ◽

Research Directions ◽

Agent Behavior ◽

Individual Level ◽

Future Research Directions ◽

Level Performance ◽

Triadic Data

This article theoretically and empirically intertwines agency and stewardship theories to examine their distinct and combined influences on family firms. Primary matched triadic data from CEOs, family employees, and nonfamily employees in 77 family firms suggest that agency and stewardship governance affects individual-level behavior and firm-level performance. Specifically, agent behavior is highest under conditions of coexisting low agency governance and high stewardship governance and is lowest when agency and stewardship governance coexist at high levels. Furthermore, when high levels of agency and stewardship governance coexist, family firm performance is the highest. Theoretical implications and future research directions are discussed.

Download Full-text

Why do some people search for their files much more than others? A preliminary study

Aslib Journal of Information Management ◽

10.1108/ajim-08-2020-0250 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Ofer Bergman ◽

Tamar Israeli ◽

Yael Benn

Keyword(s):

Verbal Memory ◽

Design Methodology ◽

Demographic Data ◽

Future Research ◽

Visuospatial Memory ◽

Content Type ◽

Logical Memory ◽

The Mean ◽

Preliminary Study ◽

People Search

PurposePrevious research has repeatedly shown that people only search for files in a small minority of cases when they do not remember the file's location. The current study aimed to examine whether there is a group of hyper-searchers who search significantly more than others. Based on previous neurocognitive studies, this study aims to hypothesize that if such a group exists, they will have superior verbal memory and reduced visuospatial memory.Design/methodology/approachIn total, 65 participants completed a questionnaire estimating their search percentages, as well as reporting demographic data. Verbal memory was measured using the Wechsler logical memory test, and visuospatial memory was assessed using an online card memory game.FindingsHyper-searchers were defined as participants with search percentage of over one standard deviation (SD) above the mean. The average search percentage of the seven participants who met this criterion was 51% (SD = 14%), over five times more than the other participants (M = 10%, SD = 9%). Similar results were obtained by re-analyzing data from four previous papers (N = 1,252). The results further confirmed the hypothesis that hyper-searchers have significantly better verbal memory than other participants, possibly making searching easier and more successful for them. Lastly, the search percentage was positively predicted by verbal memory scores and negatively predicted by visuospatial memory scores. Explanations and future research are discussed.Originality/valueThis preliminary study is the first to introduce the concept of hyper-searchers, demonstrate its existence and study its causes.

Download Full-text