Risk Assessment of Using Open Source Projects: Analysis of the Existing Approaches
Pages 938 - 946
Abstract
Abstract
This article analyzes the existing approaches to assess and account for the components used in software, including open source software. The existing frameworks for assessing software development processes, including information security, are analyzed. The typical risks of using open source components and free licenses are considered. The possibility of assessing development processes to identify threats to information security in open source projects and the need to automate this process in order to ensure the efficiency of dependence management in projects that use open components as dependencies are noted.
References
[1]
Musseau, J., Meyers, J.S., Sieniawski, G.P., Thompson, C.A., and German, D., Is open source eating the world’s software?, Proceedings of the 19th Int. Conf. on Mining Software Repositories, Pittsburgh, Pa., 2022, New York: Association for Computing Machinery, 2022, vol. 561, p. 565.
[2]
Qiu, H.S., Li, Yu.L., Padala, S., Sarma, A., and Vasilescu, B., The signals that potential contributors look for when choosing open-source projects, Proc. ACM Hum.-Comput. Interaction, 2019, vol. 3, no. CSCW, pp. 1–29.
[3]
Barb A.S., Neill C.J., Sangwan R.S., and Piovoso M.J. A statistical study of the relevance of lines of code measures in software projects Innovations Syst. Software Eng. 2014 10 243-260
[4]
Midha V. and Palvia P. Factors affecting the success of open source software J. Syst. Software 2012 85 895-905
[5]
Blincoe K., Sheoran J., Goggins S., Petakovic E., and Damian D. Understanding the popular users: Following, affiliation influence and leadership on GitHub Inf. Software Technol. 2015 70 30-39
[6]
Casalnuovo, C., Vasilescu, B., Devanbu, P., and Filkov, V., Developer onboarding in GitHub: The role of prior social links and language experience, Proc. 2015 10th Joint Meeting on Foundations of Software Engineering, Bergamo, Italy, 2015, New York: Association for Computing Machinery, 2015, pp. 817–828.
[7]
Coelho, J. and Valente, M.T., Why modern open source projects fail, Proc. 2017 11th Joint Meeting on Foundations of Software Engineering, Paderborn, Germany, 2017, New York: Association for Computing Machinery, 2017, pp. 186–196.
[8]
Cox, J., Bouwers, E., Eekelen, M.V., and Visser, J., Measuring dependency freshness in software systems, 2015 IEEE/ACM 37th IEEE Int. Conf. on Software Engineering, Florence, Italy, 2015, IEEE, 2015, pp. 109–118.
[9]
Hilton, M., Tunnell, T., Huang, K., Marinov, D., and Dig, D., Usage, costs, and benefits of continuous integration in open-source projects, Proc. 31st IEEE/ACM Int. Conf. on Automated Software Engineering, Singapore, 2016, New York: Association for Computing Machinery, 2016, pp. 426–437.
[10]
Joblin, M., Apel, S., Hunsen, C., and Mauerer, W., Classifying developers into core and peripheral: An empirical study on count and network metrics, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE), Buenos Aires, 2017, IEEE, 2017, vol. 39, pp. 164–174.
[11]
Trockman, A., Adding sparkle to social coding: An empirical study of repository badges in the npm ecosystem, Proc. 40th Int. Conf. on Software Engineering: Companion Proc., Gothenburg, Sweden, 2018, New York: Association for Computing Machinery, 2018, pp. 524–526.
[12]
Fowler M. Refactoring: Improving the design of existing code, Extreme Programming and Agile Methods—XP/Agile Universe 2002 2012 Berlin Springer
[13]
Bibiano, A.C., Fernandes, E., Oliveira, D., Garcia, A., Kalinowski, M., Fonseca, B., Oliveira, R., Oliveira, A., and Cedrim, D., A quantitative study on characteristics and effect of batch refactoring on code smells, 2019 ACM/IEEE Int. Symp. on Empirical Software Engineering and Measurement (ESEM), Porto de Galinhas, Brazil, 2019, IEEE, 2019, vol. 1, p. 11.
[14]
Rêgo, D.C.G., Understanding and improving batch refactoring in software systems, PhD Thesis, Rio de Janeiro: Pontificia Universidade Catolica do Rio de Janeiro, 2018.
[15]
Fernandes, E., Uchoa, A., Bibiano, A.C., and Garcia, A., On the alternatives for composing batch refactoring, 2019 IEEE/ACM 3rd Int. Workshop on Refactoring (IWoR), Montreal, 2019, IEEE, 2019, pp. 9–12.
[16]
Niu, F., Assunção, W.K.G., Huang, L., Mayr-Dorn, C., Ge, J., Luo, B., and Egyed, A., RAT: A refactoring-aware traceability model for bug localization, 2023 IEEE/ACM 45th Int. Conf. on Software Engineering (ICSE), Melbourne, Australia, 2023, IEEE, 2023, pp. 196–207.
[17]
Brito, A., Hora, A., and Valente, M.T., Refactoring graphs: Assessing refactoring over time, 2020 IEEE 27th Int. Conf. on Software Analysis, Evolution and Reengineering (SANER), London, Canada, 2020, IEEE, 2020, pp. 367–377.
[18]
Mrówka, R., Decision-making in the process of implementation of open source projects, 2012, vol. 2, no. 2. https://www.proquest.com/scholarly-journals/decision-making-process-implementation-open/docview/ 1426666281/se-2.
[19]
Eseryel U.Ye., Wie K., and Crowston K. Decision-making processes in community-based free/libre open source software-development teams with internal governance: An extension to decision-making theory Commun. Assoc. Inf. Syst. 2020 46 484-510
[20]
Nand Sharma P., Tony Roy Savarimuthu B., and Stanger N. Unearthing open source decision-making processes: A case study of Python enhancement proposals Software: Pract. Exper. 2022 52 2312-2346
[21]
CMMI Product Team et al CMMI for development, version 1.2 2006 Pittsburgh Software Engineering Institute
[22]
Chrissis M., Konrad M., and Shrum S. CMMI for Development: Guidelines for Process Integration and Product Improvement 2011
[23]
Wen, Sh.-F., Software security in open source development: A systematic literature review, 21st Conf. of Open Innovations Association (FRUCT), Helsinki, Finland, 2017, IEEE, 2017, pp. 364–373.
[24]
Ramirez, A., Aiello, A., and Lincke, S.J., A survey and comparison of secure software development standards, 2020 13th CMI Conf. on Cybersecurity and Privacy (CMI)-Digital Transformation-Potentials and Challenges(51275), Copenhagen, 2020, IEEE, 2020, pp. 1–6.
Recommendations
Open Source Developer Layer Assessment: Open Onion
Open Source developers play fundamental determinant role in the life of any open source project. This paper investigates developer motivation in contributing tirelessly to an open source project. Open source Onions were investigated and the developer ...
LicenseRec: Knowledge Based Open Source License Recommendation for OSS Projects
ICSE '23: Proceedings of the 45th International Conference on Software Engineering: Companion ProceedingsOpen Source license is a prerequisite for open source software, which regulates the use, modification, redistribution, and attribution of the software. Open source license is crucial to the community development and commercial interests of an OSS ...
Comparison of open source maturity models
Component based development was formerly dependent on propriety/closed source softwares (CSS) components. Open Source software components has attracted noteworthy attention and become an operational alternative of proprietary software because of OSS ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
© Allerton Press, Inc. 2023. ISSN 0146-4116, Automatic Control and Computer Sciences, 2023, Vol. 57, No. 8, pp. 938–946. © Allerton Press, Inc., 2023. Russian Text © The Author(s), 2023, published in Problemy Informatsionnoi Bezopasnosti, Komp’yuternye Sistemy.
Publisher
Allerton Press, Inc.
United States
Publication History
Published: 29 February 2024
Accepted: 11 July 2023
Revision received: 30 June 2023
Received: 10 June 2023
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 18 Dec 2024