Top

Automatic Control and Computer Sciences

Published in:

01-12-2023

Risk Assessment of Using Open Source Projects: Analysis of the Existing Approaches

Authors: M. A. Eremeev, I. I. Zakharchuk

Published in: Automatic Control and Computer Sciences | Issue 8/2023

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This article analyzes the existing approaches to assess and account for the components used in software, including open source software. The existing frameworks for assessing software development processes, including information security, are analyzed. The typical risks of using open source components and free licenses are considered. The possibility of assessing development processes to identify threats to information security in open source projects and the need to automate this process in order to ensure the efficiency of dependence management in projects that use open components as dependencies are noted.

previous article Empirical Study of the Stability of a Linear Filter Based on the Neyman–Pearson Criterion to Changes in the Average Values

next article Searching for Software Vulnerabilities Using an Ensemble of Algorithms for the Analysis of a Graph Representation of the Code

Musseau, J., Meyers, J.S., Sieniawski, G.P., Thompson, C.A., and German, D., Is open source eating the world’s software?, Proceedings of the 19th Int. Conf. on Mining Software Repositories, Pittsburgh, Pa., 2022, New York: Association for Computing Machinery, 2022, vol. 561, p. 565. https://doi.org/10.1145/3524842.3528473

Qiu, H.S., Li, Yu.L., Padala, S., Sarma, A., and Vasilescu, B., The signals that potential contributors look for when choosing open-source projects, Proc. ACM Hum.-Comput. Interaction, 2019, vol. 3, no. CSCW, pp. 1–29. https://doi.org/10.1145/3359224

Barb, A.S., Neill, C.J., Sangwan, R.S., and Piovoso, M.J., A statistical study of the relevance of lines of code measures in software projects, Innovations Syst. Software Eng., 2014, vol. 10, no. 4, pp. 243–260. https://doi.org/10.1007/s11334-014-0231-5CrossRef

Midha, V. and Palvia, P., Factors affecting the success of open source software, J. Syst. Software, 2012, vol. 85, no. 4, pp. 895–905. https://doi.org/10.1016/j.jss.2011.11.010CrossRef

Blincoe, K., Sheoran, J., Goggins, S., Petakovic, E., and Damian, D., Understanding the popular users: Following, affiliation influence and leadership on GitHub, Inf. Software Technol., 2015, vol. 70, pp. 30–39. https://doi.org/10.1016/j.infsof.2015.10.002CrossRef

Casalnuovo, C., Vasilescu, B., Devanbu, P., and Filkov, V., Developer onboarding in GitHub: The role of prior social links and language experience, Proc. 2015 10th Joint Meeting on Foundations of Software Engineering, Bergamo, Italy, 2015, New York: Association for Computing Machinery, 2015, pp. 817–828. https://doi.org/10.1145/2786805.2786854

Coelho, J. and Valente, M.T., Why modern open source projects fail, Proc. 2017 11th Joint Meeting on Foundations of Software Engineering, Paderborn, Germany, 2017, New York: Association for Computing Machinery, 2017, pp. 186–196. https://doi.org/10.1145/3106237.3106246

Cox, J., Bouwers, E., Eekelen, M.V., and Visser, J., Measuring dependency freshness in software systems, 2015 IEEE/ACM 37th IEEE Int. Conf. on Software Engineering, Florence, Italy, 2015, IEEE, 2015, pp. 109–118. https://doi.org/10.1109/icse.2015.140

Hilton, M., Tunnell, T., Huang, K., Marinov, D., and Dig, D., Usage, costs, and benefits of continuous integration in open-source projects, Proc. 31st IEEE/ACM Int. Conf. on Automated Software Engineering, Singapore, 2016, New York: Association for Computing Machinery, 2016, pp. 426–437. https://doi.org/10.1145/2970276.2970358

10.

Joblin, M., Apel, S., Hunsen, C., and Mauerer, W., Classifying developers into core and peripheral: An empirical study on count and network metrics, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE), Buenos Aires, 2017, IEEE, 2017, vol. 39, pp. 164–174. https://doi.org/10.1109/icse.2017.23

11.

Trockman, A., Adding sparkle to social coding: An empirical study of repository badges in the npm ecosystem, Proc. 40th Int. Conf. on Software Engineering: Companion Proc., Gothenburg, Sweden, 2018, New York: Association for Computing Machinery, 2018, pp. 524–526. https://doi.org/10.1145/3183440.3190335

12.

Fowler, M., Refactoring: Improving the design of existing code, Extreme Programming and Agile Methods—XP/Agile Universe 2002, Wells, D. and Williams, L., Eds., Lecture Notes in Computer Science, vol. 2418, Berlin: Springer, 2012, pp. 256–256. https://doi.org/10.1007/3-540-45672-4_31CrossRef

13.

Bibiano, A.C., Fernandes, E., Oliveira, D., Garcia, A., Kalinowski, M., Fonseca, B., Oliveira, R., Oliveira, A., and Cedrim, D., A quantitative study on characteristics and effect of batch refactoring on code smells, 2019 ACM/IEEE Int. Symp. on Empirical Software Engineering and Measurement (ESEM), Porto de Galinhas, Brazil, 2019, IEEE, 2019, vol. 1, p. 11. https://doi.org/10.1109/esem.2019.8870183

14.

Rêgo, D.C.G., Understanding and improving batch refactoring in software systems, PhD Thesis, Rio de Janeiro: Pontificia Universidade Catolica do Rio de Janeiro, 2018.

15.

Fernandes, E., Uchoa, A., Bibiano, A.C., and Garcia, A., On the alternatives for composing batch refactoring, 2019 IEEE/ACM 3rd Int. Workshop on Refactoring (IWoR), Montreal, 2019, IEEE, 2019, pp. 9–12. https://doi.org/10.1109/iwor.2019.00009

16.

Niu, F., Assunção, W.K.G., Huang, L., Mayr-Dorn, C., Ge, J., Luo, B., and Egyed, A., RAT: A refactoring-aware traceability model for bug localization, 2023 IEEE/ACM 45th Int. Conf. on Software Engineering (ICSE), Melbourne, Australia, 2023, IEEE, 2023, pp. 196–207. https://doi.org/10.1109/icse48619.2023.00028

17.

Brito, A., Hora, A., and Valente, M.T., Refactoring graphs: Assessing refactoring over time, 2020 IEEE 27th Int. Conf. on Software Analysis, Evolution and Reengineering (SANER), London, Canada, 2020, IEEE, 2020, pp. 367–377. https://doi.org/10.1109/saner48275.2020.9054864

18.

Mrówka, R., Decision-making in the process of implementation of open source projects, 2012, vol. 2, no. 2. https://www.proquest.com/scholarly-journals/decision-making-process-implementation-open/docview/ 1426666281/se-2.

19.

Eseryel, U.Ye., Wie, K., and Crowston, K., Decision-making processes in community-based free/libre open source software-development teams with internal governance: An extension to decision-making theory, Commun. Assoc. Inf. Syst., 2020, vol. 46, pp. 484–510. https://doi.org/10.17705/1CAIS.04620CrossRef

20.

Nand Sharma, P., Tony Roy Savarimuthu, B., and Stanger, N., Unearthing open source decision-making processes: A case study of Python enhancement proposals, Software: Pract. Exper., 2022, vol. 52, no. 10, pp. 2312–2346. https://doi.org/10.1002/spe.3128CrossRef

21.

CMMI Product Team et al., CMMI for development, version 1.2, Pittsburgh: Software Engineering Institute, 2006.

22.

Chrissis, M., Konrad, M., and Shrum, S., CMMI for Development: Guidelines for Process Integration and Product Improvement, Pearson Education, 2011.

23.

Wen, Sh.-F., Software security in open source development: A systematic literature review, 21st Conf. of Open Innovations Association (FRUCT), Helsinki, Finland, 2017, IEEE, 2017, pp. 364–373.

24.

Ramirez, A., Aiello, A., and Lincke, S.J., A survey and comparison of secure software development standards, 2020 13th CMI Conf. on Cybersecurity and Privacy (CMI)-Digital Transformation-Potentials and Challenges(51275), Copenhagen, 2020, IEEE, 2020, pp. 1–6. https://doi.org/10.1109/cmi51275.2020.9322704

Title: Risk Assessment of Using Open Source Projects: Analysis of the Existing Approaches
Authors: M. A. Eremeev
I. I. Zakharchuk
Publication date: 01-12-2023
Publisher: Pleiades Publishing
Published in: Automatic Control and Computer Sciences / Issue 8/2023
Print ISSN: 0146-4116
Electronic ISSN: 1558-108X
DOI: https://doi.org/10.3103/S0146411623080059

Springer Professional

Abstract

Please log in to get access to your license.

Other articles of this Issue 8/2023

Investigation of the Structure of the Isogeny Graph for Postquantum Cryptography Protocols

Analysis of Cryptographic Protection of the Bitcoin Core Cryptographic Wallet

Resistance of a Two-Component Steganographic System to Unauthorized Information Extraction

Data Modeling in Big Data Systems Including Polystore and Heterogeneous Information Processing Components

Decimation of M Sequences As a Way of Obtaining Primitive Polynomials

Method for Detecting Manipulation Attacks on Recommender Systems with Collaborative Filtering