@article{(Open Science Index):https://publications.waset.org/pdf/10013441,
	  title     = {Static Analysis of Security Issues of the Python Packages Ecosystem},
	  author    = {Adam Gorine and  Faten Spondon},
	  country	= {},
	  institution	= {},
	  abstract     = {Python is considered the most popular programming language and offers its own ecosystem for archiving and maintaining open-source software packages. This system is called the Python Package Index (PyPI), the repository of this programming language. Unfortunately, one-third of these software packages have vulnerabilities that allow attackers to execute code automatically when a vulnerable or malicious package is installed. This paper contributes to large-scale empirical studies investigating security issues in the Python ecosystem by evaluating package vulnerabilities. These provide a series of implications that can help the security of software ecosystems by improving the process of discovering, fixing, and managing package vulnerabilities. The vulnerable dataset is generated using the NVD, the National Vulnerability Database, and the Snyk vulnerability dataset. In addition, we evaluated 807 vulnerability reports in the NVD and 3900 publicly known security vulnerabilities in Python Package Manager (Pip) from the Snyk database from 2002 to 2022. As a result, many Python vulnerabilities appear in high severity, followed by medium severity. The most problematic areas have been improper input validation and denial of service attacks. A hybrid scanning tool that combines the three scanners, Bandit, Snyk and Dlint, which provide a clear report of the code vulnerability, is also described.},
	    journal   = {International Journal of Computer and Information Engineering},
	  volume    = {18},
	  number    = {1},
	  year      = {2024},
	  pages     = {8 - 15},
	  ee        = {https://publications.waset.org/pdf/10013441},
	  url   	= {https://publications.waset.org/vol/205},
	  bibsource = {https://publications.waset.org/},
	  issn  	= {eISSN: 1307-6892},
	  publisher = {World Academy of Science, Engineering and Technology},
	  index 	= {Open Science Index 205, 2024},
	}