open source software components are widely used to improve software development cost and schedule. However, in order to have confidence in open source software, more work is needed to adequately measure the cybersecur...
详细信息
open source software components are widely used to improve software development cost and schedule. However, in order to have confidence in open source software, more work is needed to adequately measure the cybersecurity risks associated with use of opensoftware components. This article discusses the measurement challenges.
This article provides a brief introduction to the open source software (OSS) movement in libraries from a serialist's perspective. After defining what the open source software movement is about, the article highli...
详细信息
Context The adoption of open source software (OSS) in Public Sector Organizations (PSOs) is on the rise, driven by benefits such as enhanced interoperability and transparency. However, PSOs encounter challenges stemmi...
详细信息
Context The adoption of open source software (OSS) in Public Sector Organizations (PSOs) is on the rise, driven by benefits such as enhanced interoperability and transparency. However, PSOs encounter challenges stemming from limited technical capabilities and regulatory constraints in public procurement. Objective This study, based on a registered report, explores the organizational aspects of development in public sector OSS projects, i.e., projects initiated, developed, and governed by PSOs. We conjecture that the development diverges significantly from the commonly adopted bazaar model, wherein development is carried out collaboratively within a broader community. Method A purposefully sampled set of six public sector OSS projects was investigated using mixed-methods and compared with previously reported cases of bazaar OSS projects. Results Among the cases, we note that most (80%) of development efforts typically involve a small group of developers (<15) and rely on formalised processes. Developers are commonly procured from national and local service suppliers. Projects are planned top-down by involved PSOs with funding and contributions to development enabled through centralized or decentralized sponsorship. Projects with a centralized sponsorship have one or a few main PSOs funding the major part of the development. Decentralized sponsorship implies multiple PSOs being mutually dependent on each other to pool the necessary resources for the development. All OSS are reported as being of high quality despite limited size and contributions from their communities. Conclusions Findings suggest that public sector OSS projects deviate from the typical bazaar model, highlighting the need for tailored approaches to address challenges and solutions specific to their context.
There is growing concern about maintainers self-sabotaging their work in order to take political or economic stances, a practice referred to as "protestware". Our objective is to understand the discourse aro...
详细信息
There is growing concern about maintainers self-sabotaging their work in order to take political or economic stances, a practice referred to as "protestware". Our objective is to understand the discourse around discussions on such an attack, how it is received by the community, and whether developers respond to the attack in a timely manner. We study two notable protestware cases i.e., *** and es5-ext. Results indicate that protestware discussions are spread more quickly on the GitHub platform, while security vulnerabilities are faster on social media. By establishing a taxonomy of protestware discussions, we identify posts that express stances and provide technical mitigation instructions. We applied a thematic analysis to 684 protestware related posts to identify five major themes during the discussions: i. disseminate and response, ii. stance, iii. reputation, iv. communicative styles, v. rights and ethics. This work sheds light on the nuanced landscape of protestware discussions, offering insights for both researchers and developers into maintaining a healthy balance between the political or social actions of developers and the collective well-being of the open-source community.
In this article we revisit the history of formal methods with a focus on important aspects that contribute to their interdisciplinary role. We consider: the variability of mathematical representation techniques on whi...
详细信息
In this article we revisit the history of formal methods with a focus on important aspects that contribute to their interdisciplinary role. We consider: the variability of mathematical representation techniques on which the theoretical foundations of formal methods are based;formal methods multidisciplinarity;their capability to serve at a meta-level in providing the semantics of programming languages, specification and modelling languages as well as higher- level and domain-specific formal notations;and, finally, how some of these higher-level and domain-specific notations may be lifted at an interdisciplinary level. Within this historical review, we are inspired by Luis Barbosa's "components as coalgebras" approach in seeing that the duality data-process is underlying all those aspects of formal methods. We also see that such a duality may not only be expressed in universal terms within category theory, but may also be characterised in practical terms and focused applications by two distinct logic paradigms, equational logic for the data and rewriting logic for the process, by two modelling directions, forward process definitions and backward data-driven process transformations, and by the distinction between syntax, defined by the data structures, and semantics, provided by rewrite rules. We use the Maude modelling language to illustrate the application of the data- process duality. In fact, Maude use equational logic to define data types and rewriting logic to express system evolution. Illustrative examples are from the areas of cognitive science and human- computer interaction (HCI). We then define a data-driven model transformation, which we call elaborative mining, , which adopts a backward perspective to recover a behaviour that was observed in real life but was not predicted forward by the original model. Finally, we see how the "open source software bazaar", which is a metaphor for the apparently chaotic opensource development process, offers us a big dat
The massive emergence of open source software (OSS) projects led to the rapid increment of data available to software engineers and those who would like to contribute to an OSS project. There is an arising need for a ...
详细信息
The massive emergence of open source software (OSS) projects led to the rapid increment of data available to software engineers and those who would like to contribute to an OSS project. There is an arising need for a way to analyze and draw conclusions about the value of an OSS project, from an epistemic point of view. OSS projects have been used for a long time as vehicles for learning programming and software engineering. However, there is a need for more evidence about the scientific value conveyed by OSS projects. We posit that if we deeply study the dialogues of software engineers involved in the communities of the various projects and draw conclusions from them, this can be an additional way of assessing OSS projects. Learning analytics, data mining and data science provide diverse statistical and computational approaches to analyzing data. In this work, we describe Epistemic Network Analysis (ENA), a network analysis technique used by a growing community of researchers to support thick descriptions based on large volumes of data. ENA is based on the theory of epistemic frames. The theory of epistemic frames models the ways of being, thinking and acting inside some community of practice. In this research, we focus on the epistemic frame of software engineering and discuss the elements of this frame: the knowledge, the set of skills and values and the set of processes for making and justifying decisions. We coded the discourses of two well-known opensource projects, LibreOffice and openOffice, and we used the online tool ENA WebKit to analyze the coded rows of the discourses, but also to visualize and compare the networks of different units of data. We conducted three types of experiments and comparisons on the mean networks of the two projects, on the networks of the different bugs, as well as on the networks of some software engineers who participated in the discussions, and we came to conclusions about how epistemic these dialogues were and therefore assess
Click analytical chemistry (CAC) is a novel approach inspired by the principles of click chemistry, emphasizing simplicity, efficiency, and reliability. While click chemistry revolutionized synthetic methods, CAC aims...
详细信息
Click analytical chemistry (CAC) is a novel approach inspired by the principles of click chemistry, emphasizing simplicity, efficiency, and reliability. While click chemistry revolutionized synthetic methods, CAC aims to enhance chemical analysis by providing a framework for method assessment from a different perspective, focusing on improving the practicality and applicability of analytical techniques. In this work, we present the Click Analytical Chemistry Index (CACI) as a practical and user-friendly tool that provides both a metric and software solution for evaluating analytical methods. The software is available as an opensource at *** /CACI2025. The CACI system allows for objective and unbiased comparisons between techniques, encouraging the development of methods that are easier to implement without sacrificing performance. By promoting simplicity and practicality in method design, CACI supports the development of analytical procedures that not only meet rigorous performance standards but also simplify the analytical process. This work explores the principles and methodology of CAC and presents case studies that demonstrate its practical applications in advancing chemical analysis towards more efficient method development and evaluation.
This paper presents a trustworthiness measurement model for open source software (OSS) trustworthiness assessment. The model decomposes trustworthiness attributes at the source code level and evaluates contributor con...
详细信息
ISBN:
(纸本)9789819603534;9789819603541
This paper presents a trustworthiness measurement model for open source software (OSS) trustworthiness assessment. The model decomposes trustworthiness attributes at the source code level and evaluates contributor contribution values. By quantifying attributes such as security, maintainability, reliability, testability, and compatibility, and introducing a novel method for measuring contributor impact based on Abstract Syntax Trees (ASTs), our model provides a holistic view of OSS trustworthiness. Through contributor segmentation and weight assignment, it reflects the varying influence of contributors. Experimental validation using Huawei's openEuler OSS demonstrates the model's effectiveness, bridging theory and practice in OSS quality assurance and empowering stakeholders in critical system decisions.
open-sourcesoftware systems have proliferated over the past few decades, with increasing penetration across domains. The wide availability of development data from such systems has led to studies on various aspects o...
详细信息
This tutorial aims to support modellers working in healthcare research or practice to build Discrete-Event Simulation models using the Free and open source software SimPy and Python. We provide a step-by-step guide to...
详细信息
暂无评论