Project description
Quick response to JavaScript library security vulnerabilities
Modern web-based software relies on the JavaScript programming language, the Node.js framework and the npm registry, which contains millions of free third-party software libraries that enable fast development of complex applications. However, the widespread reuse of libraries and the frequent discovery of security vulnerabilities present significant challenges. The ERC-funded PAWJAM project aims to develop a novel set of program analysis techniques to identify vulnerable components within libraries and pinpoint their usage locations, enabling programmers to respond quickly and effectively.
Objective
The JavaScript programming language together with the Node.js framework constitute the foundation of modern web-based software. An essential part of this platform is the npm registry that contains millions of freely available third-party software libraries that provide common functionality. This massive reuse of libraries is essential to the productivity of software developers, however, the dependence on other people's libraries opens the door to security vulnerabilities that may have severe consequences to the applications and end users. When new vulnerabilities are discovered, it is thus crucial that the programmers are informed. Existing tools only tell whether a program depends on libraries with vulnerabilities, but without precise information about how the vulnerable library code is being used, which causes an overwhelming amount of false positives and makes it extremely difficult for the programmers to investigate the possible consequences of the vulnerabilities.
The ERC project PAW has delivered a range of novel program analysis techniques, most notably one that has the potential to alleviate this problem: The analysis tool JAM is capable of automatically analyzing a given JavaScript program and tell exactly which parts of the libraries are being used and where they are used, thereby enabling the programmers to make fast and correct decisions about how their programs are exposed to vulnerabilities and how to update their programs accordingly to prevent security incidents. The proposed project, PAWJAM, aims to explore the commercial and innovative aspects of this program analysis tool, by further developing the prototype implementation into a commercial product, performing more extensive evaluations of its effectiveness, and engaging with potential users and industry partners.
Fields of science (EuroSciVoc)
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
- natural sciences computer and information sciences software
- social sciences economics and business economics production economics productivity
You need to log in or register to use this function
Programme(s)
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
-
HORIZON.1.1 - European Research Council (ERC)
MAIN PROGRAMME
See all projects funded under this programme
Topic(s)
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Funding Scheme
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
HORIZON-ERC-POC - HORIZON ERC Proof of Concept Grants
See all projects funded under this funding scheme
Call for proposal
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
(opens in new window) ERC-2022-POC2
See all projects funded under this callHost institution
Net EU financial contribution. The sum of money that the participant receives, deducted by the EU contribution to its linked third party. It considers the distribution of the EU financial contribution between direct beneficiaries of the project and other types of participants, like third-party participants.
8000 Aarhus C
Denmark
The total costs incurred by this organisation to participate in the project, including direct and indirect costs. This amount is a subset of the overall project budget.