The Log4j vulnerability is an example of the dangers of massively reusing third-party libraries. This article discusses how software debloating can make a difference by reducing the attack surface of applications, removing unnecessary code from software libraries.
Debloating Java artifacts can be challenging due to the limitations of code coverage tools in identifying unused code. In this post, I introduce a diversity-driven approach to software debloating that combines multiple coverage tools, including JaCoCo, JCov, Yajta, and the JVM class loader, to improve precision. I leveraged the strengths of each of them into a tool called JDBL, which can achieve overall better debloating results, according to the results of our empirical experiments when debloating tens of Java applications.
Unnecessary code bloats software, consuming resources without contributing to functionality. In this post, I explore the complexities of identifying and removing unnecessary code, clarifying key distinctions between dead, unused, and bloated code. Learn how static and dynamic analysis, coupled with modern techniques like machine learning, are reshaping the process of debloating software for a leaner, more efficient software development experience.
