ABSTRACT
The supply chain is an extremely successful way to cope with the risk posed by distributed decision making in product sourcing and distribution. While open source software has similarly distributed decision making and involves code and information flows similar to those in ordinary supply chains, the actual networks necessary to quantify and communicate risks in software supply chains have not been constructed on large scale. This work proposes to close this gap by measuring dependency, code reuse, and knowledge flow networks in open source software. We have done preliminary work by developing suitable tools and methods that rely on public version control data to measure and comparing these networks for R language and emberjs packages. We propose ways to calculate the three networks for the entirety of public software, evaluate their accuracy, and to provide public infrastructure to build risk assessment and mitigation tools for various individual and organizational participants in open sources software. We hope that this infrastructure will contribute to more predictable experience with OSS and lead to its even wider adoption.
- Jack Greenfield and Keith Short. 2003. Software factories: assembling applications with patterns, models, frameworks and tools. In Companion of the 18th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications. ACM, 16--27. Google ScholarDigital Library
- Jacqueline Holdsworth. 1995. Software Process Design. McGraw-Hill, Inc. Google ScholarDigital Library
- Audris Mockus. 2009. Succession: Measuring transfer of code and developer productivity. In Proceedings of the 31st International Conference on Software Engineering. IEEE Computer Society, 67--77. Google ScholarDigital Library
Index Terms
- Constructing supply chains in open source software
Recommendations
Open source software licenses: Strong-copyleft, non-copyleft, or somewhere in between?
Studies on open source software (OSS) have shown that the license under which an OSS is released has an impact on the success or failure of the software. In this paper, we model the relationship between an OSS developer's utility, the effort that goes ...
Open source license alternatives for software applications: is it a solution to stop software piracy?
ACM-SE 43: Proceedings of the 43rd annual Southeast regional conference - Volume 2The open source movement has introduced a wealth of software applications that may challenge commercial applications in ease of use, features, and speed. Typically open source applications are available "free-of-charge", but the potential for hidden ...
Do software developers understand open source licenses?
ICPC '17: Proceedings of the 25th International Conference on Program ComprehensionSoftware provided under open source licenses is widely used, from forming high-profile stand-alone applications (e.g., Mozilla Firefox) to being embedded in commercial offerings (e.g., network routers). Despite the high frequency of use of open source ...
Comments