49 research outputs found
Security considerations in the open source software ecosystem
Open source software plays an important role in the software supply chain, allowing stakeholders to
utilize open source components as building blocks in their software, tooling, and infrastructure. But
relying on the open source ecosystem introduces unique challenges, both in terms of security and trust,
as well as in terms of supply chain reliability.
In this dissertation, I investigate approaches, considerations, and encountered challenges of stakeholders in the context of security, privacy, and trustworthiness of the open source software supply
chain. Overall, my research aims to empower and support software experts with the knowledge and
resources necessary to achieve a more secure and trustworthy open source software ecosystem. In the
first part of this dissertation, I describe a research study investigating the security and trust practices
in open source projects by interviewing 27 owners, maintainers, and contributors from a diverse set
of projects to explore their behind-the-scenes processes, guidance and policies, incident handling, and
encountered challenges, finding that participantsâ projects are highly diverse in terms of their deployed
security measures and trust processes, as well as their underlying motivations. More on the consumer
side of the open source software supply chain, I investigated the use of open source components in
industry projects by interviewing 25 software developers, architects, and engineers to understand their
projectsâ processes, decisions, and considerations in the context of external open source code, finding
that open source components play an important role in many of the industry projects, and that most
projects have some form of company policy or best practice for including external code. On the side of
end-user focused software, I present a study investigating the use of software obfuscation in Android
applications, which is a recommended practice to protect against plagiarism and repackaging. The
study leveraged a multi-pronged approach including a large-scale measurement, a developer survey, and
a programming experiment, finding that only 24.92% of apps are obfuscated by their developer, that
developers do not fear theft of their own apps, and have difficulties obfuscating their own apps. Lastly,
to involve end users themselves, I describe a survey with 200 users of cloud office suites to investigate
their security and privacy perceptions and expectations, with findings suggesting that users are generally
aware of basic security implications, but lack technical knowledge for envisioning some threat models.
The key findings of this dissertation include that open source projects have highly diverse security
measures, trust processes, and underlying motivations. That the projectsâ security and trust needs are
likely best met in ways that consider their individual strengths, limitations, and project stage, especially
for smaller projects with limited access to resources. That open source components play an important
role in industry projects, and that those projects often have some form of company policy or best
practice for including external code, but developers wish for more resources to better audit included
components.
This dissertation emphasizes the importance of collaboration and shared responsibility in building and maintaining the open source software ecosystem, with developers, maintainers, end users,
researchers, and other stakeholders alike ensuring that the ecosystem remains a secure, trustworthy, and
healthy resource for everyone to rely on
Online Communities of Creation as Collective Action. Access, Use, and Participation in a Digitalized Knowledge Economy
This document presents the research I have undertaken over the last decade. It is both retrospective and prospective in the sense that, although it is obviously focused on my past activities, it also indicates ways for future research. The main topic of my overall research can be summarized as follows: I explore the development of online, open projects, or communities of creation, such as Free, Libre, Open Source Software (FLOSS), from an economics point of view. This means that in addition to renewing the answers to Olson's question about the individual participation to collective action (1965), it questions also the why and how companies participate in this process, renewing Arrow's dilemma (1962) on the incentives to produce innovation and the incentive to disseminate this innovation, and the way people organize themselves to transform participation into concrete pieces of knowledge, being software or encyclopedia articles
Open source software development and maintenance: an exploratory analysis
The purpose of this research was to create measures and models for the
evaluation of Open Source Software (OSS) projects. An exploratory analysis of the
development and maintenance processes in OSS was conducted for this purpose. Data
mining and text mining techniques were used to discover knowledge from transactional
datasets maintained on OSS projects. Large and comprehensive datasets were used to
formulate, test and validate the models.
A new multidimensional measure of OSS project performance, called project viability
was defined and validated. A theoretical and empirical measurement framework was used to
evaluate the new measure. OSS project data from SourceForge.net was used to validate the
new measure. Results indicated that project viability is a measure of the performance of OSS
projects.
Three models were then created for each dimension of project viability. Multiple data
mining techniques were used to create the models. Variables identified from process, product, resource and end-user characteristics of the project were used. The use of new
variables created through text mining improved the performance of the models.
The first model was created for OSS projects in the development phase. The results
indicated that end-user involvement could play a significant role in the development of OSS
projects. It was also discovered that certain types of projects are more suitable for
development in OSS communities. The second model was developed for OSS projects in
their maintenance phase. A two-stage model for maintenance performance was selected. The
results indicated that high project usage and usefulness could improve the maintenance
performance of OSS projects. The third model was developed to investigate the affects of
maintenance activities on the project internal structure. Maintenance data for Linux project
was used to develop a new taxonomy for OSS maintenance patches. These results were then
used to study the affects of various types of patches on the internal structure of the software.
It was found that performing proactive maintenance on the software moderates its internal
structure
Education data futures: critical, regulatory and practical reflections
The data collected from children at or through their participation in school are exponentially increasing in variety, velocity and volume. But whose interests are served by this âdataficationâ of education and childhood? This essay collection offers critical, practical and creative reflections that identify exciting possibilities for beneficial uses of childrenâs education data as well as tackling the exploitative uses or misuse of such data. Collectively, the essays set out principled yet practical proposals for our childrenâs education data futures