DOCSLIB.ORG

Repositories

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Repositories Exploring methods for dependency management in multi- repositories Design science research at Saab Training and simulation Main Subject area: Computer Engineering Author: Oskar Persson, Samuel Svensson Supervisor: Ragnar Nohre JÖNKÖPING 2021-07-15 This final thesis has been carried out at the School of Engineering at Jönköping University within Computer Engineering. The authors are responsible for the presented opinions, conclusions, and results. Examiner: Florian Westphal Supervisor: Ragnar Nohre Scope: 15 hp (first-cycle education) Date: 2021-07-15 i Abstract Dependency problems for developers are like sneezing for people with pollen allergies during the spring, an everyday problem. This is especially true when working in multi-repositories. The dependency problems that occur do so as a byproduct of enabling developers to work on different components of a project in smaller teams, where everything is version controlled. Nearly all developers use version control systems, such as Git, Mercurial, or Subversion. While version control systems have helped developers for nearly 40 years and are constantly getting updated, there are still functionalities that do not exist. One example of that is having a good way of managing dependencies and allowing developers to download projects without having to handle dependency problems manually. The solutions that version control systems offer to help manage dependencies (e.g., Git’s submodules or Mercurial’s subrepositories), do not enable developers a fail-safe download or build the project if it contains dependency problems. In this study, a case study was conducted at Saab Training and Simulation to explore methods for dependency management as well as discuss and highlight some of the problems that emerge when working with dependencies in multi-repositories. An argument can be made that the functionality of dependency management systems, both package managers and version control systems’ solutions are not up to date on how dependencies are used in the development, during this time. In this paper, a novel approach to dependency management is introduced with the possibility to describe the dependencies dynamically by providing the utility to describes usages of a repository (such as simulation of hardware or the main project). As well as discussing the necessary functionalities that are required to handle such a system. By re-opening the dialog about dependency management as well as describing problems that arise in such environments, the goal is to inspire further research within these areas. Keywords: dependency management, dependency problems, dependency conflicts, dependency hell, version control systems, git, mercurial, subversion. ii Table of content Abstract .......................................................................................... ii Table of content ............................................................................ iii 1 Introduction ............................................................................. 1 1.1 PROBLEM STATEMENT ...................................................................................... 3 1.2 CURRENT RESEARCH ........................................................................................ 3 1.3 PURPOSE AND RESEARCH QUESTIONS ............................................................... 4 1.4 SCOPE AND LIMITATIONS .................................................................................. 5 1.5 DISPOSITION ..................................................................................................... 5 2 Method and implementation .................................................. 7 2.1 DATA COLLECTION ......................................................................................... 10 2.2 ARTIFACT EVALUATION ................................................................................. 10 2.3 VALIDITY AND RELIABILITY ........................................................................... 11 2.4 CONSIDERATIONS ........................................................................................... 11 3 Theoretical framework ......................................................... 12 3.1 GIT ................................................................................................................. 13 3.1.1 Submodules ............................................................................................ 13 3.1.2 Subtrees .................................................................................................. 14 3.2 MERCURIAL ................................................................................................... 16 3.2.1 Subrepositories ....................................................................................... 16 3.3 SUBVERSION................................................................................................... 16 3.3.1 Externals ................................................................................................ 16 3.4 GOOGLE REPO ................................................................................................ 17 3.5 PACKAGE MANAGERS ..................................................................................... 17 4 Challenges with dependency management ......................... 19 iii 4.1 DIAMOND DEPENDENCY PROBLEMS .............................................................. 19 4.2 CIRCULAR DEPENDENCIES .............................................................................. 20 4.3 ALTERNATIVE DEPENDENCIES ........................................................................ 22 4.4 WORKFLOW ................................................................................................... 23 4.5 MERGING STRATEGIES .................................................................................... 25 5 Results ..................................................................................... 27 5.1 EVALUATION CRITERIA .................................................................................. 27 5.2 ARTIFACT ITERATIONS ................................................................................... 27 5.2.1 Iteration 1 ............................................................................................... 28 5.2.2 Iteration 2 ............................................................................................... 28 5.2.3 Iteration 3 ............................................................................................... 28 5.2.4 Iteration 4 ............................................................................................... 29 5.2.5 Iteration 5 ............................................................................................... 29 5.3 MANIFEST ...................................................................................................... 29 5.4 OVERLAY ....................................................................................................... 31 5.4.1 Gathering dependencies ......................................................................... 31 5.4.2 Dependency mitigation .......................................................................... 32 5.4.3 Cloning .................................................................................................. 32 5.5 GUIDELINES ................................................................................................... 33 5.6 RESEARCH QUESTIONS ................................................................................... 33 6 Discussion ............................................................................... 35 6.1 RESULT DISCUSSION ....................................................................................... 35 6.2 METHOD DISCUSSION ..................................................................................... 36 6.3 LIMITATIONS .................................................................................................. 36 6.4 RELATED WORK ............................................................................................. 37 7 Conclusions and further research ........................................ 39 iv 7.1 CONCLUSIONS ................................................................................................ 39 7.1.1 Practical implications ............................................................................. 39 7.1.2 Scientific implication ............................................................................. 39 7.2 FURTHER RESEARCH ....................................................................................... 39 8 Acknowledgments ................................................................. 40 9 References .............................................................................. 41 v 1 Introduction Developing software is a continuously ongoing process. According to Lehman, the law of continuing change “A program that is used and that as an implementation of its specification reflects some other reality undergoes continual change or becomes progressively less useful” applies to all software systems (Lehman; Lehman, 1980, p. 1068). Today, many larger systems are not developed monolithically but are instead divided into several components both internal and external (Florisson & Mycroft, 2015). This makes it more complicated as components have dependencies to other components in the system and that they are usually developed by different teams of developers. Even though most systems have moved from a monolithic development, the rules that were stated
Load more

Recommended publications
  • Inequalities in Open Source Software Development: Analysis of Contributor’S Commits in Apache Software Foundation Projects
    RESEARCH ARTICLE Inequalities in Open Source Software Development: Analysis of Contributor’s Commits in Apache Software Foundation Projects Tadeusz Chełkowski1☯, Peter Gloor2☯*, Dariusz Jemielniak3☯ 1 Kozminski University, Warsaw, Poland, 2 Massachusetts Institute of Technology, Center for Cognitive Intelligence, Cambridge, Massachusetts, United States of America, 3 Kozminski University, New Research on Digital Societies (NeRDS) group, Warsaw, Poland ☯ These authors contributed equally to this work. * [email protected] a11111 Abstract While researchers are becoming increasingly interested in studying OSS phenomenon, there is still a small number of studies analyzing larger samples of projects investigating the structure of activities among OSS developers. The significant amount of information that OPEN ACCESS has been gathered in the publicly available open-source software repositories and mailing- list archives offers an opportunity to analyze projects structures and participant involve- Citation: Chełkowski T, Gloor P, Jemielniak D (2016) Inequalities in Open Source Software Development: ment. In this article, using on commits data from 263 Apache projects repositories (nearly Analysis of Contributor’s Commits in Apache all), we show that although OSS development is often described as collaborative, but it in Software Foundation Projects. PLoS ONE 11(4): fact predominantly relies on radically solitary input and individual, non-collaborative contri- e0152976. doi:10.1371/journal.pone.0152976 butions. We also show, in the first published study of this magnitude, that the engagement Editor: Christophe Antoniewski, CNRS UMR7622 & of contributors is based on a power-law distribution. University Paris 6 Pierre-et-Marie-Curie, FRANCE Received: December 15, 2015 Accepted: March 22, 2016 Published: April 20, 2016 Copyright: © 2016 Chełkowski et al.
    [Show full text]
  • Exploring Factors and Measures to Select Open Source Software
    Exploring Factors and Measures to Select Open Source Software Xiaozhou Li*a, Sergio Moreschini*a, Zheying Zhanga, Davide Taibia aTampere University, Tampere (Finland) ∗ the two authors equally contributed to the paper Abstract [Context] Open Source Software (OSS) is nowadays used and integrated in most of the commercial products. However, the selection of OSS projects for integration is not a simple process, mainly due to a of lack of clear selection models and lack of information from the OSS portals. [Objective] We investigated the current factors and measures that prac- titioners are currently considering when selecting OSS, the source of infor- mation and portals that can be used to assess the factors, and the possibility to automatically get this information with APIs. [Method] We elicited the factors and the measures adopted to assess and compare OSS performing a survey among 23 experienced developers who often integrate OSS in the software they develop. Moreover, we investigated the APIs of the portals adopted to assess OSS extracting information for the most starred 100K projects in GitHub. [Result] We identified a set consisting of 8 main factors and 74 sub- factors, together with 170 related metrics that companies can use to select OSS to be integrated in their software projects. Unexpectedly, only a small part of the factors can be evaluated automatically, and out of 170 metrics, only 40 are available, of which only 22 returned information for all the 100K projects. [Conclusion.] OSS selection can be partially automated, by extracting arXiv:2102.09977v1 [cs.SE] 19 Feb 2021 the information needed for the selection from portal APIs.
    [Show full text]
  • Publishing Research Software As Open Source on Github
    Publishing Research Software as Open Source on GitHub Table of Contents 1. Introduction 2. Scope & Goals 3. Science & Software i. Reproducibility ii. Software Quality iii. Software Development iv. Software Documentation v. Guide 4. Open Source Basics i. Mindset ii. Arguments against open source... and how to disprove them iii. Success Stories iv. Legal Stuff v. People vi. Guide 5. GitHub i. Basics: Accounts & Repositories ii. Fork & Pull Workflow iii. Social Coding iv. GitHub for Education 6. Software Communities i. Community Building and Openness ii. Marketing and Public Relations iii. Types of Contributors and Tasks iv. Open Source in Your Domain 7. Scientific Publishing of Data and Software 8. Contribute 9. Glossary 2 Publishing Research Software as Open Source on GitHub Introduction How can you publish research software as open source? And do so without too much overhead and actually gain impact by leveraging the open source approach? These questions are answered in this best practice "Publishing Research Software as Open Source on GitHub". It is published by the GLUES project's SDI team. LICENSE This work is licensed under a Creative Commons Attribution 4.0 International License. About this best practice The "source code" of this document is hosted on GitHub and the book was written and published using GitBook. The text is designed to be read in the web view, but PDF and other formats, e.g. for e- readers, area available as well. Version: 0.1 Contributors Thanks to these people for providing contents, giving valuable feedback, reporting errors, ... Daniel Nüst Simon Jirka Ann Hitchcock Want to become a contributor? Check our contribution guidelines.
    [Show full text]
  • ESIP Software Guidelines: Bibliography and Resources
    ESIP Software Guidelines: Bibliography and Resources References “26.4. Unittest — Unit Testing Framework — Python 3.5.2 Documentation.” Accessed November 23, 2016. https://docs.python.org/3.5/library/unittest.html. “Accessibility - W3C.” Accessed June 15, 2016. https://www.w3.org/standards/webdesign/accessibility#wai. “Agile Project Management.” Accessed October 20, 2016. https://www.pivotaltracker.com/. “A JavaScript Library for Building User Interfaces - React.” Accessed October 26, 2016. https://facebook.github.io/react/. Alter, George, George C Banks, Denny Borsboom, Sara D Bowman, Steven J Breckler, Stuart Buck, Chris Chambers, et al. Transparency and Openness Promotion (TOP) Guidelines. Open Science Framework, 2016. osf.io/9f6gx. “Apache Subversion.” Accessed October 19, 2016. https://subversion.apache.org/. “API Blueprint | API Blueprint.” Accessed October 20, 2016. https://apiblueprint.org/. Atlassian. “Bitbucket | The Git Solution for Professional Teams.” Bitbucket. Accessed October 20, 2016. https://bitbucket.org/. “Backbone.js.” Accessed October 26, 2016. http://backbonejs.org/. “Best Practice Library | Section508.gov.” Accessed May 24, 2016. http://section508.gov/content/learn/best-practice-library. “Bootstrap · The World’s Most Popular Mobile-First and Responsive Front-End Framework.” Accessed October 20, 2016. http://getbootstrap.com/. Brutlag, Jake. “Speed Matters.” Google Research Blog, June 23, 2009. https://research.googleblog.com/2009/06/speed-matters.html. Burger, Matthias, Klaus Juenemann, and Thomas Koenig. RUnit: R Unit Test Framework (version 0.4.31), 2015. https://cran.r-project.org/web/packages/RUnit/index.html. Burgess, Annie. “2015 AIST Evaluations Overview.” Federation of Earth Science Information Partners, 2016. http://testbed.esipfed.org/sites/default/files/2015_AIST_Evaluations_Overview.pdf. Car, Nicholas. “Data Reuse Fitness Assessment Using Provenance.” Denver, CO, 2016.
    [Show full text]
  • A Platform for Building and Sharing Mining Software Repositories Tools As Apps Nitin Mukesh Tiwari Iowa State University
    Iowa State University Capstones, Theses and Graduate Theses and Dissertations Dissertations 2017 The design and implementation of Candoia: A platform for building and sharing mining software repositories tools as apps Nitin Mukesh Tiwari Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/etd Part of the Computer Sciences Commons Recommended Citation Tiwari, Nitin Mukesh, "The design and implementation of Candoia: A platform for building and sharing mining software repositories tools as apps" (2017). Graduate Theses and Dissertations. 15439. https://lib.dr.iastate.edu/etd/15439 This Thesis is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Graduate Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. The design and implementation of Candoia: A platform for building and sharing mining software repositories tools as apps by Nitin Mukesh Tiwari A thesis submitted to the graduate faculty in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE Major: Computer Science Program of Study Committee: Hridesh Rajan, Major Professor Gurpur Prabhu Steven M. Kautz Iowa State University Ames, Iowa 2017 Copyright c Nitin Mukesh Tiwari, 2017. All rights reserved. ii DEDICATION To my teachers, family and friends, who made me realize the real purpose of education. iii TABLE OF CONTENTS LIST OF FIGURES . iv ACKNOWLEDGEMENTS . v ABSTRACT . vi CHAPTER 1. INTRODUCTION . 1 CHAPTER 2. MOTIVATION . 4 CHAPTER 3. CANDOIA PLATFORM & ECOSYSTEM .
    [Show full text]
  • Open Source Softwareprojekte Zwischen Passion Und Kalkül
    STUTTGARTER BEITRÄGE ZUR ORGANISATIONS- UND INNOVATIONSFORSCHUNG SOI Discussion Paper 2015-02 Open Source Softwareprojekte zwischen Passion und Kalkül Jan-Felix Schrape Institut für Sozialwissenschaften Organisations- und Innovationssoziologie Jan-Felix Schrape Open Source Softwareprojekte zwischen Passion und Kalkül SOI Discussion Paper 2015-02 Universität Stuttgart Institut für Sozialwissenschaften Abteilung für Organisations- und Innovationssoziologie (SOWI VI) Seidenstr. 36 D-70174 Stuttgart http://www.uni-stuttgart.de/soz/oi/ Herausgeber Prof. Dr. Ulrich Dolata Tel.: 0711 / 685-81001 [email protected] Redaktion Dr. Jan-Felix Schrape Tel.: 0711 / 685-81004 [email protected] Stuttgarter Beiträge zur Organisations- und Innovationsforschung (SOI) Discussion Paper 2015-02 (11/2015) ISSN 2191-4990 © 2015 by the author(s) Jan-Felix Schrape ist wissenschaftlicher Mitarbeiter der Abteilung Innovations- und Organisationssoziologie am Institut für Sozialwissenschaften der Universität Stuttgart. [email protected] Weitere Downloads der Abteilung für Organisations- und Innovationssoziologie am Institut für Sozialwissenschaften der Universität Stuttgart finden sich unter: http://www.uni-stuttgart.de/soz/oi/publikationen/ Zusammenfassung Dieses Papier entwickelt auf der Grundlage von aggregierten Marktdaten, Dokumen- tenanalysen sowie Literaturauswertungen einen systematisierenden Überblick über Open Source Software Communities und ihre sozioökonomischen Kontexte. Nach einer Rekonstruktion der
    [Show full text]
  • Open Source Systems: Towards Robust Practices
    IFIP AICT 496 Federico Balaguer Roberto Di Cosmo Alejandra Garrido Fabio Kon Gregorio Robles Stefano Zacchiroli (Eds.) Open Source Systems: Towards Robust Practices 13th IFIP WG 2.13 International Conference, OSS 2017 Buenos Aires, Argentina, May 22–23, 2017 Proceedings IFIP Advances in Information and Communication Technology 496 Editor-in-Chief Kai Rannenberg, Goethe University Frankfurt, Germany Editorial Board TC 1 – Foundations of Computer Science Jacques Sakarovitch, Télécom ParisTech, France TC 2 – Software: Theory and Practice Michael Goedicke, University of Duisburg-Essen, Germany TC 3 – Education Arthur Tatnall, Victoria University, Melbourne, Australia TC 5 – Information Technology Applications Erich J. Neuhold, University of Vienna, Austria TC 6 – Communication Systems Aiko Pras, University of Twente, Enschede, The Netherlands TC 7 – System Modeling and Optimization Fredi Tröltzsch, TU Berlin, Germany TC 8 – Information Systems Jan Pries-Heje, Roskilde University, Denmark TC 9 – ICT and Society Diane Whitehouse, The Castlegate Consultancy, Malton, UK TC 10 – Computer Systems Technology Ricardo Reis, Federal University of Rio Grande do Sul, Porto Alegre, Brazil TC 11 – Security and Privacy Protection in Information Processing Systems Steven Furnell, Plymouth University, UK TC 12 – Artificial Intelligence Ulrich Furbach, University of Koblenz-Landau, Germany TC 13 – Human-Computer Interaction Marco Winckler, University Paul Sabatier, Toulouse, France TC 14 – Entertainment Computing Matthias Rauterberg, Eindhoven University of Technology, The Netherlands IFIP – The International Federation for Information Processing IFIP was founded in 1960 under the auspices of UNESCO, following the first World Computer Congress held in Paris the previous year. A federation for societies working in information processing, IFIP’s aim is two-fold: to support information processing in the countries of its members and to encourage technology transfer to developing na- tions.
    [Show full text]
  • Desarrollo Para Hacer Llegar Perceval a Las Masas ______
    Participación en el proyecto de código abierto Perceval: Desarrollo para hacer llegar Perceval a las masas __________________________________________ Desarrollo de aplicaciones Autor: José Miguel Cañibano Iglesias Consultor: Gregorio Robles Martínez Tutor externo: Santiago Dueñas Domínguez 8 de Enero de 2.017 LICENCIA La licencia de todo el contenido del proyecto, tanto de la memoria como del código, así como de cualquier otro contenido, está ligada a todos los efectos a la misma que la del proyecto Perceval [1], y que en el momento de hacer el presente trabajo está basada en GPU v3 (5.4 Licencia GNU v3, 29 de Junio de 2007, página. 65) RESUMEN DEL PROYECTO El proyecto gira en torno a la aplicación de recuperación y recolección de datos de repositorios Perceval [2]. Perceval puede manejar distintos tipos de repositorios como pueden ser: Bugzilla, Gerrit, Git, Jenkins, ReMo, etc. Debido a que Perceval es un proyecto colaborativo que evoluciona constantemente, adolece de determinadas características, y en este proyecto se ha intentado realizar la colaboración aportando al mismo esas características que lo harán una herramienta mucho más completa. La idea básica ha sido intentar llegar a un más amplio grupo de usuarios, haciendo el hincapié en dos puntos: por un lado el sistema operativo que use; por otro en qué formato de salida dé el resultado. Una de las bases ha sido usar herramientas de software libre en detrimento de las propietarias, haciendo un estudio en cada caso de las distintas posibilidades. En cualquier caso, en la realización del trabajo no sólo se basa en la realización de un documento o de unas líneas de código, sino en el trabajo continuo en una comunidad de Open Source, colaborando y participando con ella, pues, al fin y al cabo, parte esencial del Software Libre son las distintas comunidades que existen y que dan una razón de ser a este máster.
    [Show full text]
  • Git As an Encrypted Distributed Version Control System Russell G
    Air Force Institute of Technology AFIT Scholar Theses and Dissertations Student Graduate Works 3-26-2015 Git as an Encrypted Distributed Version Control System Russell G. Shirey Follow this and additional works at: https://scholar.afit.edu/etd Part of the Computer Engineering Commons Recommended Citation Shirey, Russell G., "Git as an Encrypted Distributed Version Control System" (2015). Theses and Dissertations. 57. https://scholar.afit.edu/etd/57 This Thesis is brought to you for free and open access by the Student Graduate Works at AFIT Scholar. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of AFIT Scholar. For more information, please contact [email protected]. GIT AS AN ENCRYPTED DISTRIBUTED VERSION CONTROL SYSTEM THESIS Russell G. Shirey, Captain, USAF AFIT-ENG-MS-15-M-022 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson Air Force Base, Ohio DISTRIBUTION STATEMENT A. APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. The views expressed in this thesis are those of the author and do not reflect the official policy or position of the United States Air Force, Department of Defense, or the United States Government. This material is declared a work of the U.S. Government and is not subject to copyright protection in the United States. AFIT-ENG-MS-15-M-022 GIT AS AN ENCRYPTED DISTRIBUTED VERSION CONTROL SYSTEM THESIS Presented to the Faculty Department of Electrical and Computer Engineering Graduate School of Engineering and Management Air Force Institute of Technology Air University Air Education and Training Command In Partial Fulfillment of the Requirements for the Degree of Master of Science in Computer Engineering Russell G.
    [Show full text]
  • Ultra-Large-Scale Software Repository and Source Code Mining
    1 Boa: Ultra-Large-Scale Software Repository and Source Code Mining ROBERT DYER, Bowling Green State University HOAN ANH NGUYEN, Iowa State University HRIDESH RAJAN, Iowa State University TIEN N. NGUYEN, Iowa State University In today’s software-centric world, ultra-large-scale software repositories, e.g. SourceForge, GitHub, and Google Code, are the new library of Alexandria. They contain an enormous corpus of software and related information. Scientists and engineers alike are interested in analyzing this wealth of information. However, systematic extraction and analysis of relevant data from these repositories for testing hypotheses is hard, and best left for mining software repository (MSR) experts! Specifically, mining source code yields significant insights into software development artifacts and processes. Unfortunately, mining source code at a large-scale remains a difficult task. Previous approaches had to either limit the scope of the projects studied, limit the scope of the mining task to be more coarse-grained, or sacrifice studying the history of the code. In this paper we address mining source code: a) at a very large scale; b) at a fine-grained level of detail; and c) with full history information. To address these challenges, we present domain-specific language features for source code mining in our language and infrastructure called Boa. The goal of Boa is to ease testing MSR-related hypotheses. Our evaluation demonstrates that Boa substantially reduces programming efforts, thus lowering the barrier to entry. We also show drastic improvements in scalability. CCS Concepts: •Software and its engineering ! Patterns; Concurrent programming structures; Additional Key Words and Phrases: Boa; mining software repositories; domain-specific language; scalable; ease of use; lower barrier to entry ACM Reference Format: Robert Dyer, Hoan Anh Nguyen, Hridesh Rajan, and Tien N.
    [Show full text]
  • Monzur Murshed
    An investigation of software vulnerabilities in open source software projects using data from publicly-available online sources S. M. Monzur Murshed A thesis submitted to the Faculty of Graduate and Postdoctoral Affairs in partial fulfillment of the requirements for the degree of Master of Applied Science in Technology Innovation Management Carleton University Ottawa, Ontario Copyright © 2017 S. M. Monzur Murshed An investigation of software vulnerabilities in open source software projects using data from publicly-available sources Copyright © 2017 S. M. Monzur Murshed _______________________________________________________________________________________________________________________________________________ Abstract Software vulnerabilities is an active area of research, but little is known about how publicly-observable properties of open source software projects and developer communities relate to the time taken to discover and fix vulnerabilities in the projects’ software. This thesis examines that relationship using data harvested from online sources about a sample of 60 open source content management system (CMS) projects and 1268 vulnerabilities affecting the software produced by those projects. Combining project release histories with metrics from two online databases provided reliable proxy dates for vulnerability introduction and fix, but not discovery. Higher commit density (a proxy for project activity) was associated with shorter time of exposure. The lifecycle model, data collection workflow, and software scripts will enable
    [Show full text]
  • Open Source Software Projects Needing Security Investments
    INSTITUTE FOR DEFENSE ANALYSES & Open Source Software Projects Needing Security Investments David A. Wheeler, Project Leader Samir Khakimov 19 June 2015 Approved for public release; distribution is unlimited. IDA Document D-5459 v.1.0 Log: H 15-000253 Copy INSTITUTE FOR DEFENSE ANALYSES 4850 Mark Center Drive Alexandria, Virginia 22311-1882 About This Publication This work was conducted by the Institute for Defense Analyses (IDA) under contract N66001-11-C-0001, subcontract D6384-S5, Task GT-5-3329, “Homeland Open Security Technology (HOST),” for Georgia Tech Research Institute and under agreement with The Linux Foundation. The views, opinions, and findings should not be construed as representing the official position of either the Department of Defense or the sponsoring organization. Copyright Notice © 2015 Institute for Defense Analyses 4850 Mark Center Drive, Alexandria, Virginia 22311-1882 • (703) 845-2000. Acknowledgments Clyde G. Roby This material may be reproduced by or for the U.S. Government pursuant to the copyright license under the clause at DFARS 252.227-7013 (a)(16) [Jun 2013]. INSTITUTE FOR DEFENSE ANALYSES IDA Document D-5459, v. 1.0 Open Source Software Projects Needing Security Investments David A. Wheeler, Project Leader Samir Khakimov Executive Summary The Heartbleed vulnerability in the open source software (OSS) program OpenSSL was a serious vulnerability with widespread impact. It highlighted that some OSS programs are widely used and depended on and that vulnerabilities in them can have serious ramifications, and yet some OSS programs have not received the level of security analysis appropriate to their importance. Some OSS projects have many participants, perform in-depth security analyses, and produce software that is widely considered to be of high quality and to have strong security.
    [Show full text]