| Cybersecurity | |
| Evaluation indicators for open-source software: a review | |
| article | |
| Zhao, Yuhang1 Liang, Ruigang1 Chen, Xiang3 Zou, Jing4 | |
| [1] Institute of Information Engineering, Chinese Academy of Sciences;School of Cyber Security, University of Chinese Academy of Sciences;School of Information Science and Technology, Nantong University;State Grid Economic and Technological Research Institute Co. Ltd. | |
| 关键词: Open-source Software; Evaluation; Indicator; Correlation; Vulnerability; License; | |
| DOI : 10.1186/s42400-021-00084-8 | |
| 学科分类:社会科学、人文和艺术(综合) | |
| 来源: Springer | |
 PDF
|
|
【 摘 要 】
In recent years, the widespread applications of open-source software (OSS) have brought great convenience for software developers. However, it is always facing unavoidable security risks, such as open-source code defects and security vulnerabilities. To find out the OSS risks in time, we carry out an empirical study to identify the indicators for evaluating the OSS. To achieve a comprehensive understanding of the OSS assessment, we collect 56 papers from prestigious academic venues (such as IEEE Xplore, ACM Digital Library, DBLP, and Google Scholar) in the past 21 years. During the process of the investigation, we first identify the main concerns for selecting OSS and distill five types of commonly used indicators to assess OSS. We then conduct a comparative analysis to discuss how these indicators are used in each surveyed study and their differences. Moreover, we further undertake a correlation analysis between these indicators and uncover 13 confirmed conclusions and four cases with controversy occurring in these studies. Finally, we discuss several possible applications of these conclusions, which are insightful for the research on OSS and software supply chain.
【 授权许可】
CC BY
【 预 览 】
| Files | Size | Format | View |
|---|---|---|---|
| RO202108110000091ZK.pdf | 1155KB |  download |
878987797
028-85220240
