Underproduction: An Approach for Measuring Risk in Open Source Software
- URL: http://arxiv.org/abs/2103.00352v1
- Date: Sat, 27 Feb 2021 23:18:21 GMT
- Title: Underproduction: An Approach for Measuring Risk in Open Source Software
- Authors: Kaylea Champion and Benjamin Mako Hill
- Abstract summary: 'Underproduction' occurs when the supply of software engineering labor becomes out of alignment with the demand of people who rely on the software produced.
We present a conceptual framework for identifying relative underproduction in software as well as a statistical method for applying our framework to a comprehensive dataset.
- Score: 9.701036831490766
- License: http://creativecommons.org/licenses/by-sa/4.0/
- Abstract: The widespread adoption of Free/Libre and Open Source Software (FLOSS) means
that the ongoing maintenance of many widely used software components relies on
the collaborative effort of volunteers who set their own priorities and choose
their own tasks. We argue that this has created a new form of risk that we call
'underproduction' which occurs when the supply of software engineering labor
becomes out of alignment with the demand of people who rely on the software
produced. We present a conceptual framework for identifying relative
underproduction in software as well as a statistical method for applying our
framework to a comprehensive dataset from the Debian GNU/Linux distribution
that includes 21,902 source packages and the full history of 461,656 bugs. We
draw on this application to present two experiments: (1) a demonstration of how
our technique can be used to identify at-risk software packages in a large
FLOSS repository and (2) a validation of these results using an alternate
indicator of package risk. Our analysis demonstrates both the utility of our
approach and reveals the existence of widespread underproduction in a range of
widely-installed software components in Debian.
Related papers
- Tracking Down Software Cluster Bombs: A Current State Analysis of the Free/Libre and Open Source Software (FLOSS) Ecosystem [0.43981305860983705]
This study provides a summary of the current state of available FLOSS package repositories.
It addresses the challenge of identifying problematic areas within a software ecosystem.
The results indicate that while there are well-maintained projects within the FLOSS ecosystem, there are also high-impact projects that are susceptible to supply chain attacks.
arXiv Detail & Related papers (2025-02-12T08:57:57Z) - A Machine Learning-Based Approach For Detecting Malicious PyPI Packages [4.311626046942916]
In modern software development, the use of external libraries and packages is increasingly prevalent.
This reliance on reusing code introduces serious risks for deployed software in the form of malicious packages.
We propose a data-driven approach that uses machine learning and static analysis to examine the package's metadata, code, files, and textual characteristics.
arXiv Detail & Related papers (2024-12-06T18:49:06Z) - A Computational Method for Measuring "Open Codes" in Qualitative Analysis [47.358809793796624]
Open coding is an inductive qualitative process that identifies and interprets "open codes" from datasets.
We present a computational method to measure and identify potential biases from "open codes" systematically.
arXiv Detail & Related papers (2024-11-19T00:44:56Z) - Measuring Software Innovation with Open Source Software Development Data [0.0]
This paper introduces a novel measure of software innovation based on open source software (OSS) development activity on GitHub.
We examine the dependency growth and release complexity among $sim$200,000 unique releases from 28,000 unique packages over two years post-release.
We conclude that major releases of OSS packages count as a unit of innovation complementary to scientific publications, patents, and standards.
arXiv Detail & Related papers (2024-11-07T19:11:32Z) - An Overview and Catalogue of Dependency Challenges in Open Source Software Package Registries [52.23798016734889]
This article provides a catalogue of dependency-related challenges that come with relying on OSS packages or libraries.
The catalogue is based on the scientific literature on empirical research that has been conducted to understand, quantify and overcome these challenges.
arXiv Detail & Related papers (2024-09-27T16:20:20Z) - OmniBOR: A System for Automatic, Verifiable Artifact Resolution across
Software Supply Chains [0.0]
OmniBOR is a minimalistic scheme for build tools to create an artifact dependency graph.
We present the architecture of OmniBOR, the underlying data representations, and two implementations that produce OmniBOR data and embed it into built software.
arXiv Detail & Related papers (2024-02-14T06:50:16Z) - Charting a Path to Efficient Onboarding: The Role of Software
Visualization [49.1574468325115]
The present study aims to explore the familiarity of managers, leaders, and developers with software visualization tools.
This approach incorporated quantitative and qualitative analyses of data collected from practitioners using questionnaires and semi-structured interviews.
arXiv Detail & Related papers (2024-01-17T21:30:45Z) - Finding Software Vulnerabilities in Open-Source C Projects via Bounded
Model Checking [2.9129603096077332]
We advocate that bounded model-checking techniques can efficiently detect vulnerabilities in general software systems.
We have developed and evaluated a methodology to verify large software systems using a state-of-the-art bounded model checker.
arXiv Detail & Related papers (2023-11-09T11:25:24Z) - Collaborative, Code-Proximal Dynamic Software Visualization within Code
Editors [55.57032418885258]
This paper introduces the design and proof-of-concept implementation for a software visualization approach that can be embedded into code editors.
Our contribution differs from related work in that we use dynamic analysis of a software system's runtime behavior.
Our visualization approach enhances common remote pair programming tools and is collaboratively usable by employing shared code cities.
arXiv Detail & Related papers (2023-08-30T06:35:40Z) - Lessons from Formally Verified Deployed Software Systems (Extended version) [65.69802414600832]
This article examines a range of projects, in various application areas, that have produced formally verified systems and deployed them for actual use.
It considers the technologies used, the form of verification applied, the results obtained, and the lessons that the software industry should draw regarding its ability to benefit from formal verification techniques and tools.
arXiv Detail & Related papers (2023-01-05T18:18:46Z) - Machine Learning for Software Engineering: A Systematic Mapping [73.30245214374027]
The software development industry is rapidly adopting machine learning for transitioning modern day software systems towards highly intelligent and self-learning systems.
No comprehensive study exists that explores the current state-of-the-art on the adoption of machine learning across software engineering life cycle stages.
This study introduces a machine learning for software engineering (MLSE) taxonomy classifying the state-of-the-art machine learning techniques according to their applicability to various software engineering life cycle stages.
arXiv Detail & Related papers (2020-05-27T11:56:56Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.