Dr Angelo Mele, Johns Hopkins University

"Vulnerability Webs: Systemic Risk in Software Networks"
Friday, 15 November 2024. 16:00-17:30
Online

Abstract

Software development is a collaborative effort that leverages existing code, reducing the cost of maintaining existing software and developing new software. That said, the practice of relying on existing code exposes coders to vulnerabilities, including undetected bugs in existing code. We study the formation of dependency networks among software packages, guided by a strategic model of network formation with observable and unobservable heterogeneity. We estimate costs, benefits, and link externalities of a network of 52,897 directed dependencies among 16,102 repositories of the popular Python programming language. To enable statistical learning at scale, we employ a novel and scalable variational approximation of the conditional distribution of unobservables. We find evidence of a negative externality exerted on other developers when developers create dependencies. Stable and popular large software packages of one type are likely to depend on similar packages of the same (unobserved) type than on less stable and smaller packages of another type. To assess systemic risk, we adopt a SIR model for the spread of bugs in software dependency networks and measure a package's systemicness as the number of downstream packages a vulnerability would affect. Targeted interventions based on the centrality or expected impact of a package are not very effective in reducing average systemic risk. The introduction of AI-assisted coding may decrease systemic risk, because it facilitates writing code in-house rather than outsourcing code by forming dependencies to other packages.

Bio

Angelo Mele, PhD is an Associate Professor of Economics. He is also Affiliate Faculty at the Hopkins Population Center and Affiliate member of the Institute for Data Intensive Engineering and Science. Prof. Mele is an applied econometrician and his work focuses on the economic analysis of social interactions and their impact on socioeconomic performance at the individual and aggregate level. His research interests include the econometrics of social network models, the analysis of racial segregation and homophily, professional networks, social contagion in online media, software dependency networks and computational methods for large networks. His work has been published in Econometrica, American Economic Journal: Economic Policy, Journal of Business and Economic Statistics and The Review of Economics and Statistics. He received a PhD in Economics from University of Illinois at Urbana-Champaign.


For further information, please contact business-seminar-series@glasgow.ac.uk.

We foster a positive and productive environment for seminars through our Code of conduct.

First published: 30 October 2024