RADIOELECTRONIC AND COMPUTER SYSTEMS

This study focuses on a method for selecting third-party libraries for IT projects, which involves systematizing evaluation criteria and applying Dempster–Shafer theory of evidence to model imperfect data. Imperfect data refer to incomplete, contradictory, unreliable, uncertain, imprecise, or ambiguous information. The goal is to enhance the validity and reliability of library selection and replacement decisions in the ever-changing landscape of modern projects while also minimizing associated risks. The tasks to be solved include: providing a systematic classification of evaluation criteria that comprehensively characterize third-party libraries; developing a selection method of third-party libraries that incorporates evaluations as imperfect data; integrating and combining evaluations from multiple heterogeneous sources; and demonstrating the application of the proposed method through an illustrative example that establishes confidence intervals for alternative libraries. The methods used are based on the Dempster–Shafer theory of evidence for modeling imperfect data and the Dubois–Prade disjunctive consensus rule for combining evaluations from independent sources. The results show that the proposed approach transforms subjective and imperfect evaluations into evidence, combines them according to the selected rule of evidence theory, and derives confidence intervals that express both guaranteed and possible degrees of support for each library alternative. This study confirms the effectiveness of applying Dempster–Shafer theory of evidence in multi-criteria decision-making contexts that resemble real-world project environments. Conclusions. The scientific novelty of this study lies in proposing, for the first time, a method for selecting third-party libraries based on the Dempster–Shafer theory of evidence, distinguished by a systematic taxonomy of evaluation criteria, including risk factors, and by combining evidence in support of candidate tools using the Dubois–Prade disjunctive consensus rule. The developed method extends the analytical capabilities of project decision-support systems by enabling comprehensive evaluation and risk-informed selection of third-party libraries in complex, dynamically evolving technological environments.

third-party libraries; migration; multi-criteria decision-making; method; criteria systematization; Dempster–Shafer theory

Li, M., Wang, W., Huo, W., Wang, P., Wang, S., Wu, D., Liu, J., Xue, R., & Huo, W. LibD: Scalable and Precise Third-Party Library Detection in Android Markets. Proceedings of the 39th International Conference on Software Engineering (ICSE 2017), Buenos Aires, Argentina, IEEE, 2017, pp. 335–346. DOI: 10.1109/ICSE.2017.38.

Nguyen, P. T., Di Rocco, J., Di Ruscio, D., & Di Penta, M. CrossRec: Supporting software developers by recommending third-party libraries. Journal of Systems and Software, 2019, vol. 161, article no. 110460. DOI: 10.1016/j.jss.2019.110460.

Alrubaye, H., Mkaouer, M. W., & Ouni, A. On the use of information retrieval to automate the detection of third-party Java library migration at the method level. Proceedings of the 27th IEEE/ACM International Conference on Program Comprehension (ICPC 2019), Montreal, QC, Canada, IEEE, 2019, pp. 347–357. DOI: 10.1109/ICPC.2019.00053.

Chen, C., Xing, Z., Liu, Y., & Ong, K. L. X. Mining likely analogical APIs across third-party libraries via large-scale unsupervised API semantics embedding. IEEE Transactions on Software Engineering, 2021, vol. 47, iss. 3, pp. 432–447. DOI: 10.1109/TSE.2019.2896123.

Mojica, I. J., Adams, B., Nagappan, M., Dienst, S., Berger, T., & Hassan, A. E. A Large-Scale Empirical Study on Software Reuse in Mobile Apps. IEEE Software, 2014, vol. 31, iss. 2, pp. 78–86. DOI: 10.1109/MS.2013.143.

Larios Vargas, E., Aniche, M., Treude, C., Bruntink, M., & Gousios, G. Selecting third-party libraries: The practitioners' perspective. Proceedings of the 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020), Virtual Event, ACM, 2020, pp. 245–256. DOI: 10.1145/3368089. 3409711.

Sentz, K., & Ferson, S. Combination of evidence in Dempster–Shafer theory (Report No. SAND2002-0835). Sandia National Laboratories, 2002. Available at: https://www.osti.gov/servlets/purl/976207 (accessed 23.10.2025).

Maven Repository. Central repository – Statistics and artifacts. Available at: https://mvnrepository.com/repos/central (accessed 23.10.2025).

He, H., He, R., Gu, H., & Zhou, M. A large-scale empirical study on Java library migrations: prevalence, trends, and rationales. Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2021), Athens, Greece, ACM, 2021, pp. 478–490. DOI: 10.1145/3468264.3468571.

Zimmermann, M., Staicu, C.-A., Tenny, C., & Pradel, M. Small world with high risks: a study of security threats in the npm ecosystem. Proceedings of the 28th USENIX Security Symposium (USENIX Security 2019), Santa Clara, CA, USA, USENIX Association, 2019, pp. 995–1010. Available: https://www.usenix.org/conference/usenixsecurity19/presentation/zimmermann. (accessed 10.11.2024).

Cox, R. Surviving software dependencies. Communications of the ACM, 2019, vol. 62, iss. 9, pp. 36–43. DOI: 10.1145/3347446.

Lysenko, A., & Kononenko, I. How to select third-party library: Harnessing visual insights and systematic evaluation for informed decisions. Radioelectronic and Computer Systems, 2025, vol. 1, no. 113, pp. 314–326. DOI: 10.32620/reks.2025.1.20.

Alaoui, L. Y. Introduction to Multi-Criteria Decision Making: TOPSIS Method. Proceedings of the Islamic Financial Engineering Laboratory (IFE-Lab) Seminar, Mohammadia School of Engineering, Rabat, Morocco, July 2019. DOI: 10.13140/RG.2.2.36465. 22882.

Devi, S. A. Identifying and prioritizing risks. SlidePlayer. Available at: https://slideplayer.com/slide/ 17898375/ (accessed 23.10.2025).

Nadi, S., & Sakr, M. A tale of two communities: How and why data scientists and software developers differ in library selection. Empirical Software Engineering, 2022, vol. 27, article no. 27. DOI: 10.1007/s10664-021-10002-0.

Wang, S., Chen, L., Xia, X., Lo, D., & Grundy, J. Understanding the usage, migration, and risks of third-party libraries in Java projects. Empirical Software Engineering, 2020, vol. 25, pp. 2303–2344. DOI: 10.1007/s10664-020-09827-9.

Arnott, D. Cognitive biases and decision support systems development: A design science approach. Information Systems Journal, 2006, vol. 16, no. 1, pp. 55–78. DOI: 10.1111/j.1365-2575.2006. 00208.x.

Milkman, K. L., Chugh, D., & Bazerman, M. H. How can decision making be improved? Perspectives on Psychological Science, 2009, vol. 4, no. 4, pp. 379–383. DOI: 10.1111/j.1745-6924.2009.01142.x.

Kononenko, I. V., Yemelianova, O. V., & Chaikova, O. I. Rozrobka proektiv, planiv ta prohram rozvytku sotsialʹno-ekonomichnykh system [Development of projects, plans and programs for the development of socio-economic systems]. NTU “KhPI”, 2012. (In Ukrainian).

Gartner Peer Insights. Available at: https://www.gartner.com/peer-insights/home (accessed 22.10. 2024).

Project Management Institute. A guide to the project management body of knowledge (PMBOK® Guide). 6th ed. Project Management Institute, 2017.

Dubois, D., & Prade, H. On the combination of evidence in various mathematical frameworks. In: J. Flamm & T. Luisi (eds.), Reliability Data Collection and Analysis. Springer, Dordrecht, 1992, pp. 213–241.

Huang, X., Jin, B., Tang, Y., & Yao, Y. An improved Dempster combination rule considering evidence conflict and uncertainty. Applied Soft Computing, 2022, vol. 128, article no. 109533. DOI: 10.1016/j.asoc.2022.109533.

Zhao, K., Li, L., Chen, Z., Sun, R., Yuan, G., & Li, J. A survey: Optimization and applications of evidence fusion algorithm based on Dempster–Shafer theory. Applied Soft Computing, 2022, vol. 124, article no. 109075. DOI: 10.1016/j.asoc.2022.109075.