Open Source Software (OSS) Transparency for DoD Acquisition
- URL: http://arxiv.org/abs/2404.16737v1
- Date: Thu, 25 Apr 2024 16:47:34 GMT
- Title: Open Source Software (OSS) Transparency for DoD Acquisition
- Authors: Nancy Mead, Carol Woody, Scott Hissam,
- Abstract summary: Caveat emptor, or let the buyer beware, is commonly attributed to open source software (OSS)
We observe challenges for the OSS consumer to obtain information about the process(es), project(s) used to produce a product and the protection(s) employed by those projects.
- Score: 0.0
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Caveat emptor, or let the buyer beware, is commonly attributed to open source software (OSS)-the onus is on the OSS consumer to ensure that it is fit for use in the consumer's context. OSS has been compared to an open market bazaar where consumers are free to browse all the source code and take a copy. In this paper, we observe challenges for the OSS consumer to obtain information about the process(es), project(s) used to produce a product and the protection(s) employed by those projects. We discuss the need for more transparency by OSS projects, where possible and introduce a framework for reasoning about those OSS projects and their products for use by the OSS consumer.
Related papers
- An Overview and Catalogue of Dependency Challenges in Open Source Software Package Registries [52.23798016734889]
This article provides a catalogue of dependency-related challenges that come with relying on OSS packages or libraries.
The catalogue is based on the scientific literature on empirical research that has been conducted to understand, quantify and overcome these challenges.
arXiv Detail & Related papers (2024-09-27T16:20:20Z) - CROSS: A Contributor-Project Interaction Lifecycle Model for Open Source Software [2.9631016562930546]
Cross model is a novel contributor-project interaction lifecycle model for open source software.
It explains a range of archetypal cases of contributor engagement and highlights research gaps, especially in EoS/offboarding scenarios.
arXiv Detail & Related papers (2024-09-12T17:57:12Z) - Efficient and Deployable Knowledge Infusion for Open-World Recommendations via Large Language Models [53.547190001324665]
We propose REKI to acquire two types of external knowledge about users and items from large language models (LLMs)
We develop individual knowledge extraction and collective knowledge extraction tailored for different scales of scenarios, effectively reducing offline resource consumption.
Experiments demonstrate that REKI outperforms state-of-the-art baselines and is compatible with lots of recommendation algorithms and tasks.
arXiv Detail & Related papers (2024-08-20T03:45:24Z) - The Code the World Depends On: A First Look at Technology Makers' Open Source Software Dependencies [3.6840775431698893]
Open-source software (OSS) supply chain security has become a topic of concern for organizations.
Patching an OSS vulnerability can require updating other dependent software products in addition to the original package.
We do not know what packages are most critical to patch, hindering efforts to improve OSS security where it is most needed.
arXiv Detail & Related papers (2024-04-17T21:44:38Z) - An Exploratory Study on the Evidence of Hackathons' Role in Solving OSS
Newcomers' Challenges [54.56931759953522]
We aim to understand and discuss the challenges newcomers face when joining an OSS project.
We collect evidence on how hackathons were used to address those challenges.
arXiv Detail & Related papers (2023-05-16T15:40:19Z) - Towards a Critical Open-Source Software Database [0.0]
CrOSSD project aims to build a database of OSS projects and measure their current project "health" status.
quantitative metrics will be gathered through automated crawling of meta information such as the number of contributors, commits and lines of code.
qualitative metrics will be gathered for selected "critical" projects through manual analysis and automated tools.
arXiv Detail & Related papers (2023-05-02T10:43:21Z) - FAT Forensics: A Python Toolbox for Implementing and Deploying Fairness,
Accountability and Transparency Algorithms in Predictive Systems [69.24490096929709]
We developed an open source Python package called FAT Forensics.
It can inspect important fairness, accountability and transparency aspects of predictive algorithms.
Our toolbox can evaluate all elements of a predictive pipeline.
arXiv Detail & Related papers (2022-09-08T13:25:02Z) - Towards Measuring Vulnerabilities and Exposures in Open-Source Packages [0.0]
We provide an up-to-date overview of the open source landscape.
We discuss approaches to map entries of the Common Vulnerabilities and Exposures ( CVE) list to open-source libraries.
We show the frequency and distribution of existing CVE entries with respect to popular programming languages.
arXiv Detail & Related papers (2022-06-29T10:51:23Z) - LAGOON: An Analysis Tool for Open Source Communities [7.3861897382622015]
LAGOON is an open source platform for understanding the ecosystems of Open Source Software (OSS) communities.
LAGOON ingests artifacts from several common sources, including source code repositories, issue trackers, mailing lists and scraping content from websites.
A user interface is provided for visualization and exploration of an OSS project's complete sociotechnical graph.
arXiv Detail & Related papers (2022-01-26T18:52:11Z) - Towards Utility-based Prioritization of Requirements in Open Source
Environments [51.65930505153647]
We show how utility-based prioritization approaches can be used to support contributors in conventional and open source Requirements Engineering scenarios.
As an example, we show how dependencies can be taken into account in utility-based prioritization processes.
arXiv Detail & Related papers (2021-02-17T09:05:54Z) - Knowledge Integration of Collaborative Product Design Using Cloud
Computing Infrastructure [65.2157099438235]
The main focus of this paper is the concept of ongoing research in providing the knowledge integration service for collaborative product design and development using cloud computing infrastructure.
Proposed knowledge integration services support users by giving real-time access to knowledge resources.
arXiv Detail & Related papers (2020-01-16T18:44:27Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.