Supply chain publications
F. Reyes,
A. Sharma, B. Baudry, and M. Monperrus,
“Maven-hijack: Software supply
chain attack exploiting packaging
order,” in Proceedings of
SCORED, 2025.
Y. Liu, D.
Tiwari, C. Bogdan, and B. Baudry,
“Detecting and removing
bloated dependencies in CommonJS
packages,” Journal of
Systems and Software, 2025, doi: https://doi.org/10.1016/j.jss.2025.112509.
Y. Gamage,
N. Gonzalez, M. Monperrus, and B.
Baudry,
“Software
bills of materials in maven
central,” in Proceedings of
IEEE/ACM MSR, 2025. https://arxiv.org/pdf/2501.13832
F. Reyes,
B. Baudry, and M. Monperrus,
“Breaking-good:
Explaining breaking dependency updates
with build analysis,” in
Proceedings of SCAM, 2024. https://arxiv.org/pdf/2407.03880
F. Reyes,
Y. Gamage, G. Skoglund, B. Baudry, and
M. Monperrus,
“BUMP:
A benchmark of reproducible
breaking dependency updates,” in
Proceedings of SANER, 2024, pp.
159–170. https://arxiv.org/pdf/2401.09906
C.
Soto-Valero, D. Tiwari, T. Toady, and B.
Baudry,
“Automatic
specialization of third-party java
dependencies,”
IEEE Transactions on
Software Engineering, vol. 49, no.
11, pp. 5027–5045, 2023, doi: 10.1109/TSE.2023.3324950.
M. Balliu,
B. Baudry, S. Bobadilla, M. Ekstedt, M.
Monperrus, J. Ron, A. Sharma, G.
Skoglund, C. Soto-Valero, and M.
Wittlinger,
“Challenges
of producing software bill of materials
for java,” IEEE Security
& Privacy magazine, vol. 21,
no. 6, pp. 12–23, 2023, doi: doi.acm.org?doi=3605770.3625207.
C.
Soto-Valero, T. Durieux, N. Harrand, and
B. Baudry,
“Coverage-based
debloating for java bytecode,”
ACM Trans. on Software
Engineering and Methodology, no. 2,
pp. 1–34, 2023, doi: doi.org/10.1145/3546948.
C.
Soto-Valero, M. Monperrus, and B.
Baudry,
“The
multibillion dollar software supply
chain of ethereum,” IEEE
Computer, no. 10, pp. 26–34, 2022,
doi: 10.1109/MC.2022.3175542.
N. Harrand,
A. Benelallam, C. Soto-Valero, F.
Bettega, O. Barais, and B. Baudry,
“API
Beauty is in the eye of the
Clients: 2.2
Million Maven
Dependencies reveal the
Spectrum of
Client-APi
usages,” Journal of Systems
and Software, vol. 184, p. 111134,
2022, doi: https://doi.org/10.1016/j.jss.2021.111134.
N. Harrand,
T. Durieux, D. Broman, and B. Baudry,
“The
behavioral diversity of java JSON
libraries,” in Proc. Of the
int. Symp. On software reliability
(ISSRE), 2021, pp. 412–422. doi: 10.1109/ISSRE52982.2021.00050.
C.
Soto-Valero, T. Durieux, and B. Baudry,
“A
longitudinal analysis of bloated java
dependencies,” in Proc. Of
the europ. Software engineering conf.
And symp. On the foundations of software
engineering (ESEC/FSE), 2021, pp.
1021–1031. doi: 10.1145/3468264.3468589.
C.
Soto-Valero, N. Harrand, M. Monperrus,
and B. Baudry,
“A comprehensive study of
bloated dependencies in the Maven
ecosystem,” Empirical
Software Engineering, vol. 26, no.
45, 2021, doi: 10.1007/s10664-020-09914-8.
T. Durieux,
C. Soto-Valero, and B. Baudry,
“DUETS:
A dataset of reproducible
pairs of java library-clients,”
in Proc. Of mining software
repositories (MSR), 2021. doi: 10.1109/MSR52588.2021.00071.
C.
Soto-Valero, A. Benelallam, N. Harrand,
O. Barais, and B. Baudry,
“The
emergence of software diversity in maven
central,” in Proc. Of mining
software repositories (MSR), 2019,
pp. 333–343. doi: 10.1109/MSR.2019.00059.
A.
Benelallam, N. Harrand, C. Soto-Valero,
B. Baudry, and O. Barais,
“The
maven dependency graph: A temporal
graph-based representation of maven
central,” in Proc. Of mining
software repositories (MSR), 2019,
pp. 344–348. doi: 10.1109/MSR.2019.00060.