CENTRIS: A Precise and Scalable Approach for Identifying Modified Open-Source Software Reuse
Seunghoon Woo, Sunghan Park, Seulbae Kim, Heejo Lee, Hakjoo Oh
TL;DR
CENTRIS is a novel method that accurately and efficiently detects modified open-source software reuse, including nested components, in large codebases, significantly outperforming existing clone detection techniques.
Contribution
This paper introduces CENTRIS, a scalable and precise approach for identifying modified and nested OSS reuse, addressing limitations of previous clone detection methods.
Findings
CENTRIS achieved 91% precision and 94% recall in identifying reused OSS.
Modified OSS reuse occurs 20 times more frequently than exact reuse.
CENTRIS processes large codebases in less than a minute on average.
Abstract
Open-source software (OSS) is widely reused as it provides convenience and efficiency in software development. Despite evident benefits, unmanaged OSS components can introduce threats, such as vulnerability propagation and license violation. Unfortunately, however, identifying reused OSS components is a challenge as the reused OSS is predominantly modified and nested. In this paper, we propose CENTRIS, a precise and scalable approach for identifying modified OSS reuse. By segmenting an OSS code base and detecting the reuse of a unique part of the OSS only, CENTRIS is capable of precisely identifying modified OSS reuse in the presence of nested OSS components. For scalability, CENTRIS eliminates redundant code comparisons and accelerates the search using hash functions. When we applied CENTRIS on 10,241 widely-employed GitHub projects, comprising 229,326 versions and 80 billion lines of…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.