Toward a prioritization approach for third-party software library updates

Third-party libraries (TPLs) have been widely used in software development. Recent studies showed that software developers struggle to manage the dependencies between third-party libraries for many reasons, such as unknown update efforts and the lack of awareness about related security issues. To overcome these limitations, in this paper, we propose a TPL update prioritization approach, which provides valuable insights for mobile app developers to help improve the decision-making process. We investigate mobile app developers’ behavior while updating TPLs through a survey with 39 practitioners. The results clearly show the need for a prioritization approach. To gain more insight into TPL, we propose five TPL categories (Compatibility, Accessibility, Maintenance, Business Value, and Security) and propose metrics to measure the related factors of each category. We utilize the Analytical Hierarchy Process (AHP) and the Simple Additive Weighting (SAW) methods to rank the libraries for the update and automate the approach via a chatbot. We conducted a case study with 7 participants. Most participants (82 %) found the bot's results useful; moreover, the bot can save software developers around 4 min per task, with an average of 18 s per task compared to 243 s by the baseline.