Submit

Login Login

Register Register

Home/ Journals/ CMC/ Vol.86, No.1, 2026/ 10.32604/cmc.2025.068930

Table of Content

Open Access iconOpen Access

ARTICLE

crossmark

Compatible Remediation for Vulnerabilities in the Presence and Absence of Security Patches

Xiaohu Song1, Zhiliang Zhu2,*

1 College of Software, Northeastern University, Shenyang, 110169, China
2 National Frontiers Science Center for Industrial Intelligence and Systems Optimization, and Key Laboratory of Data Analytics and Optimization for Smart Industry, Northeastern University, Shenyang, 110169, China

* Corresponding Author: Zhiliang Zhu. Email: email

Computers, Materials & Continua 2026, 86(1), 1-19. https://doi.org/10.32604/cmc.2025.068930

Received 10 June 2025; Accepted 22 July 2025; Issue published 10 November 2025

Abstract

Vulnerabilities are a known problem in modern Open Source Software (OSS). Most developers often rely on third-party libraries to accelerate feature implementation. However, these libraries may contain vulnerabilities that attackers can exploit to propagate malicious code, posing security risks to dependent projects. Existing research addresses these challenges through Software Composition Analysis (SCA) for vulnerability detection and remediation. Nevertheless, current solutions may introduce additional issues, such as incompatibilities, dependency conflicts, and additional vulnerabilities. To address this, we propose Vulnerability Scan and Protection (), a robust solution for detection and remediation vulnerabilities in Java projects. Specifically, builds a fine-grained method graph to identify unreachable methods. The method graph is mapped to the project’s dependency tree, constructing a comprehensive vulnerability propagation graph that identifies unreachable vulnerable APIs and dependencies. Based on this analysis, we propose three solutions for vulnerability remediation: (1) Removing unreachable vulnerable dependencies, thereby resolving security risks and reducing maintenance overhead. (2) Upgrading vulnerable dependencies to the closest non-vulnerable versions, while pinning the versions of transitive dependencies introduced by the vulnerable dependency, in order to mitigate compatibility issues and prevent the introduction of new vulnerabilities. (3) Eliminating unreachable vulnerable APIs, particularly when security patches are either incompatible or absent. Experimental results show that these solutions effectively mitigate vulnerabilities and enhance the overall security of the project.

Keywords

Open source software; vulnerability detection; vulnerability remediation; software composition analysis; software vulnerability

Cite This Article

APA Style
Song, X., Zhu, Z. (2026). Compatible Remediation for Vulnerabilities in the Presence and Absence of Security Patches. Computers, Materials & Continua, 86(1), 1–19. https://doi.org/10.32604/cmc.2025.068930
Vancouver Style
Song X, Zhu Z. Compatible Remediation for Vulnerabilities in the Presence and Absence of Security Patches. Comput Mater Contin. 2026;86(1):1–19. https://doi.org/10.32604/cmc.2025.068930
IEEE Style
X. Song and Z. Zhu, “Compatible Remediation for Vulnerabilities in the Presence and Absence of Security Patches,” Comput. Mater. Contin., vol. 86, no. 1, pp. 1–19, 2026. https://doi.org/10.32604/cmc.2025.068930
BibTex EndNote RIS



cc Copyright © 2026 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

  • 669

    View

  • 164

    Download

  • 0

    Like

Related articles

Copyright© 2025 Tech Science Press
© 1997-2025 TSP (Henderson, USA) unless otherwise stated

Share Link