Myths and Realities about Online Forums in Open Source Software Development: An Empirical Study

The use of free and open source software (OSS) is gaining momentum due to the ever increasing availability and use of the Internet. Organizations are also now adopting open source software, despite some reservations, in particular regarding the provision and availability of support. Some of the biggest concerns about free and open source software are post release software defects and their rectification, management of dynamic requirements and support to the users. A common belief is that there is no appropriate support available for this class of software. A contradictory argument is that due to the active involvement of Internet users in online forums, there is in fact a large resource available that communicates and manages the provision of support. The research model of this empirical investigation examines the evidence available to assess whether this commonly held belief is based on facts given the current developments in OSS or simply a myth, which has developed around OSS development. We analyzed a dataset consisting of 1880 open source software projects covering a broad range of categories in this investigation. The results show that online forums play a significant role in managing software defects, implementation of new requirements and providing support to the users in open source software and have become a major source of assistance in maintenance of the open source projects

Mitigating the Effects of Structural Complexity on Open Source Software Maintenance through Accountability

In this research, we investigate the relationships between structural complexity, accountability, and software maintenance performance in Open Source Software development projects. Additionally, we investigate the moderating role of monetary incentives on various relationships. We collected data on 5,000 bug reports from the SourceForge database and perceptual data from 181 open source software developers registered on SourceForge for model validation. Results support our hypotheses. The important implications of the results are discussed

Security assessment of open source third-parties applications

Free and Open Source Software (FOSS) components are ubiquitous in both proprietary and open source applications. In this dissertation we discuss challenges that large software vendors face when they must integrate and maintain FOSS components into their software supply chain. Each time a vulnerability is disclosed in a FOSS component, a software vendor must decide whether to update the component, patch the application itself, or just do nothing as the vulnerability is not applicable to the deployed version that may be old enough to be not vulnerable. This is particularly challenging for enterprise software vendors that consume thousands of FOSS components, and offer more than a decade of support and security fixes for applications that include these components. First, we design a framework for performing security vulnerability experimentations. In particular, for testing known exploits for publicly disclosed vulnerabilities against different versions and software configurations. Second, we provide an automatic screening test for quickly identifying the versions of FOSS components likely affected by newly disclosed vulnerabilities: a novel method that scans across the entire repository of a FOSS component in a matter of minutes. We show that our screening test scales to large open source projects. Finally, for facilitating the global security maintenance of a large portfolio of FOSS components, we discuss various characteristics of FOSS components and their potential impact on the security maintenance effort, and empirically identify the key drivers

On the Quality of Relational Database Schemas in Open-source Software

International audienceThe relational schemas of 512 open-source projects storing their data in MySQL or PostgreSQL databases are investigated by querying the standard information schema, looking for overall design issues. The set of SQL queries used in our research is released as the Salix free software. As it is fully relational and relies on standards, it may be installed in any compliant database to help improve schemas. Our research shows that the overall quality of the surveyed schemas is poor: a majority of projects have at least one table without any primary key or unique constraint to identify a tuple; data security features such as referential integrity or transactional back-ends are hardly used; projects that advertise supporting both databases often have missing tables or attributes. PostgreSQL projects appear to be of higher quality than MySQL projects, and have been updated more recently, suggesting a more active maintenance. This is even better for projects with PostgreSQL-only support. However, the quality difference between both databases management systems is mostly due to MySQL-specific issues. An overall predictor of bad database quality is that a project chooses MySQL or PHP, while good design is found with PostgreSQL and Java. The few declared constraints allow to detect latent bugs, that are worth fixing: more declarations would certainly help unveil more bugs. Our survey also suggests that some features of MySQL and PostgreSQL are particularly error-prone. This first survey on the quality of relational schemas in open-source software provides a unique insight in the data engineering practice of these projects

Studying the Characteristics of AIOps Projects on GitHub

Artificial Intelligence for IT Operations (AIOps) leverages AI approaches to handle the massive data generated during the operations of software systems. Prior works have proposed various AIOps solutions to support different tasks in system operations and maintenance (e.g., anomaly detection). In this work, we investigate open-source AIOps projects in-depth to understand the characteristics of AIOps in practice. We first carefully identify a set of AIOps projects from GitHub and analyze their repository metrics (e.g., the used programming languages). Then, we qualitatively study the projects to understand their input data, analysis techniques, and goals. Finally, we analyze the quality of these projects using different quality metrics, such as the number of bugs. We also sample two sets of baseline projects from GitHub: a random sample of machine learning projects, and a random sample of general purpose projects. We compare different metrics of our identified AIOps projects with these baselines. Our results show a recent and growing interest in AIOps solutions. However, the quality metrics indicate that AIOps projects suffer from more issues than our baseline projects. We also pinpoint the most common issues in AIOps approaches and discuss the possible solutions to overcome them. Our findings help practitioners and researchers understand the current state of AIOps practices and sheds light to different ways to improve AIOps weak aspects. To the best of our knowledge, this work is the first to characterize open source AIOps projects.Comment: 31 pages, 6 pages of references, 8 figures, 12 table

Exploitation and Sustainability Final Plan

This document describes StratusLab's plans for exploitation and sustainability be- yond the project lifetime. The plans cover commercial exploitation, primarily through commercial integration and support; and non-commercial exploitation, through use in national and international research e-infrastructures: for operating grid resources on private clouds, and for running research-oriented community clouds. In addition, we plan exploitation through partner projects such as EGI and through training and future research. Plans are in place to ensure the sustainability of the critical infrastructures used by the project partners, users and collaborating projects. Similarly, the software outputs of the project have been identified and a plan for the future development of each has been created. These plans include the formation of an open-source StratusLab community, identifying key partners to continue development of specific components, identifying funding options (public, private and community contributions) for continued development and engaging with collaborating projects to ensure that they will contribute to the maintenance and development of the components that they use