Open Source Software: An Approach to Controlling Usage and Risk in Application Ecosystems

by   Stan Zajdel, et al.

The Open Source Software movement has been growing exponentially for a number of years with no signs of slowing. Driving this growth is the widespread availability of libraries and frameworks that provide many functionalities. Developers are saving time and money incorporating this functionality into their applications resulting in faster more feature-rich releases. Despite the growing success and the advantages that open source software provides, there is a dark side. Due to its community construction and largely unregulated distribution, the majority of open source software contains bugs, vulnerabilities and other issues making it highly susceptible to exploits. The lack of oversight, in general, hinders the quality of this software resulting in a trickle-down effect in the applications that use it. Additionally, developers who use open source tend to arbitrarily download the software into their build systems but rarely keep track of what they have downloaded resulting in an excessive amount of open source software in their applications and in their ecosystem. This paper discusses processes and practices that users of open source software can implement into their environments that can safely track and control the introduction and usage of open source software into their applications, and report on some preliminary results obtained in an industrial context. We conclude by discussing governance issues related to the disciplined use and reuse of open source and areas for further improvements.


Tamil Open-Source Landscape - Opportunities and Challenges

We report in this paper, Tamil open-source software community is a vibra...

Trust Challenges in Reusing Open Source Software: An Interview-based Initial Study

Open source projects play a significant role in software production. Mos...

Ethical Considerations Towards Protestware

A key drawback to using a Open Source third-party library is the risk of...

Patterns for Documenting Open Source Frameworks

Documenting frameworks provides its users and maintainers useful informa...

Kani: A Lightweight and Highly Hackable Framework for Building Language Model Applications

Language model applications are becoming increasingly popular and comple...

Underproduction: An Approach for Measuring Risk in Open Source Software

The widespread adoption of Free/Libre and Open Source Software (FLOSS) m...

DeepPERF: A Deep Learning-Based Approach For Improving Software Performance

Improving software performance is an important yet challenging part of t...

Please sign up or login with your details

Forgot password? Click here to reset