Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

T. Lauinger, A. Chaabane, S. Arshad, W. Robertson, C. Wilson, E. Kirda

As supplementary material for our NDSS 2017 paper, you can find below a few interactive visualisations of causality trees from websites crawled in May 2016. Causality trees represent element inclusion relationships and show how a library was included into a website (e.g., if it was included directly into the main document or included transitively by another script). Please refer to the paper for a full explanation of causality trees.

We updated the paper in September 2017 to make the library detection methodology consistent throughout the paper. Previously, only the vulnerability analysis required library detections to include a valid version number; in the new revision, we extended this requirement to the other analysis sections. As a result, some of the results not related to vulnerability have changed (refer to the comment in the paper for updated sections, figures and tables). Furthermore, we were made aware of the exemplary security practices of Ember, and highlight them in our discussion.