Exploring the Impact of Socio-Technical Core-Periphery Structures in Open Source Software Development

In this paper we apply the social network concept of core-periphery structure to the sociotechnical structure of a software development team. We propose a socio-technical pattern that can be used to locate emerging coordination problems in Open Source projects. With the help of our tool and method called TESNA, we demonstrate a method to monitor the socio-technical core-periphery movement in Open Source projects. We then study the impact of different core-periphery movements on Open Source projects. We conclude that a steady core-periphery shift towards the core is beneficial to the project, whereas shifts away from the core are clearly not good. Furthermore, oscillatory shifts towards and away from the core can be considered as an indication of the instability of the project. Such an analysis can provide developers with a good insight into the health of an Open Source project. Researchers can gain from the pattern theory, and from the method we use to study the core-periphery movements

On the Geographic Allocation of Open Source Software Activities

Open source software (OSS) is marked by free access to the software and its source code. OSS is developed by a 'community' consisting of thousands of contributors from all over the world. Some research was undertaken in order to analyze how global the OSS community actually is, i.e. analyze the geographic origin of OSS developers. But as members of the OSS community differ in their activity levels, information about the allocation of activities are of importance. Our paper contributes to this as we analyze not only the geographic origin of (active) developers but also the geographic allocation of OSS activities. The paper is based on data from the SourceForge research Data Archive, referring to 2006. We exploit information about the developers' IP address, email address and indicated time-zone. This enables us to properly assign 1.3 million OSS developers from SourceForge to their countries, that are 94% of all registered ones in 2006. In addition we have information about the number of posted messages which is a good proxy for activity of each developer. Thus we can provide a detailed picture of the world-wide allocation of open source activities. Such country data about the supply-side of OSS is a valuable stock for both, cross-country studies on OSS, as well as country-specific research and policy advice.Open Source Software, Geographical Location, Open Source Activities

Open Source Software: The New Intellectual Property Paradigm

Open source methods for creating software rely on developers who voluntarily reveal code in the expectation that other developers will reciprocate. Open source incentives are distinct from earlier uses of intellectual property, leading to different types of inefficiencies and different biases in R&D investment. Open source style of software development remedies a defect of intellectual property protection, namely, that it does not generally require or encourage disclosure of source code. We review a considerable body of survey evidence and theory that seeks to explain why developers participate in open source collaborations instead of keeping their code proprietary, and evaluates the extent to which open source may improve welfare compared to proprietary development.

The Development and Usage of the Greenstone Digital Library Software

The Greenstone software has helped spread the practical impact of digital library technology throughout the world-particularly in developing countries. This article reviews the project’s origins, usage, and the development of support mechanisms for Greenstone users. We begin with a brief summary of salient aspects of this open source software package and its user population. Next we describe how its international, humanitarian focus arose. We then review the special requirements imposed by the conditions that prevail in developing courtiers. Finally we discuss efforts to establish regional support organizations for Greenstone in India and Africa

The Open Source Way of Working: a New Paradigm for the Division of Labour in Software Development?

The interest the Open Source Software Development Model has recently raised amongst social scientists has resulted in an accumulation of relevant research concerned with explaining and describing the motivations of Open Source developers and the advantages the Open Source methodology has over traditional proprietary software development models. However, existing literature has often examined the Open Source phenomenon from an excessively abstract and idealised perspective of the common interests of open source developers, therefore neglecting the very important organisational and institutional aspects of communities of individuals that may, in fact, have diverse interests and motivations. It is the aim of this paper to begin remedying this shortcoming by analysing the sources of authority in Open Source projects and the hierarchical structures according to which this authority is organised and distributed inside them. In order to do so, a theoretical framework based on empirical evidence extracted from a variety of projects is built, its main concerns being the description and explanation of recruitment, enculturation, promotion and conflict resolution dynamics present in Open Source projects. The paper argues that 'distributed authority' is a principal means employed by such communities to increase stability, diminish the severity and scope of conflicts over technical direction, and ease the problems of assessing the quality of contributions. The paper also argues that distributed authority is principally derived from interpersonal interaction and the construction of trust between individuals drawn to the project by diverse interests that are mediated and moderated through participants' common interest in the project's successful outcome. The paper presents several conclusions concerning the governance of open source communities and priorities for future research.open source software, hierarchies, trust, teams, co-operation.

Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On

Single Sign-On (SSO) systems simplify login procedures by using an an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are modeled as trusted third parties. This is reasonable for SSO systems like Kerberos, MS Passport and SAML, where each SP explicitely specifies which IdP he trusts. However, in open systems like OpenID and OpenID Connect, each user may set up his own IdP, and a discovery phase is added to the protocol flow. Thus it is easy for an attacker to set up its own IdP. In this paper we use a novel approach for analyzing SSO authentication schemes by introducing a malicious IdP. With this approach we evaluate one of the most popular and widely deployed SSO protocols - OpenID. We found four novel attack classes on OpenID, which were not covered by previous research, and show their applicability to real-life implementations. As a result, we were able to compromise 11 out of 16 existing OpenID implementations like Sourceforge, Drupal and ownCloud. We automated discovery of these attacks in a open source tool OpenID Attacker, which additionally allows fine-granular testing of all parameters in OpenID implementations. Our research helps to better understand the message flow in the OpenID protocol, trust assumptions in the different components of the system, and implementation issues in OpenID components. It is applicable to other SSO systems like OpenID Connect and SAML. All OpenID implementations have been informed about their vulnerabilities and we supported them in fixing the issues