SEMINAR – April 11, 2025

Abstract

Modern software development is a collaborative effort that re-uses existing code to reduce development and maintenance costs. This practice exposes software to vulnerabilities in the form of undetected bugs in direct and indirect dependencies, as demonstrated by the Crowdstrike and HeartBleed bugs. The economic costs resulting from such vulnerabilities can be staggering. We study a directed network of 52,897 software dependencies across 16,102 Python repositories, guided by a strategic model of network formation that incorporates both observable and unobservable heterogeneity. Using a scalable variational approximation of the conditional distribution of unobserved heterogeneity, we show that outsourcing code to other software packages by creating dependencies generates negative externalities. Modeling the propagation of risk in networks of software packages as an epidemiological process, we show that increasing protection of dependencies based on popular heuristics is ineffective at reducing systemic risk. By contrast, AI-assisted coding enables developers to replace dependencies with in-house code and reduces systemic risk.

About the Speaker

Angelo Mele, PhD is an Associate Professor of Economics. He is also Affiliate Faculty at the Hopkins Population Center and Affiliate member of the Institute for Data Intensive Engineering and Science. Prof. Mele is an applied econometrician and his work focuses on the economic analysis of social interactions and their impact on socioeconomic performance at the individual and aggregate level. His research interests include the econometrics of social network models, the analysis of racial segregation and homophily, professional networks, social contagion in online media, software dependency networks and computational methods for large networks. 

Event Organizer

David Kepplinger
Assistant Professor, Department of Statistics
College of Engineering and Computing
George Mason University