Visible to the public Constructing Supply Chains in Open Source Software

TitleConstructing Supply Chains in Open Source Software
Publication TypeConference Paper
Year of Publication2018
AuthorsMa, Y.
Conference Name2018 IEEE/ACM 40th International Conference on Software Engineering: Companion (ICSE-Companion)
KeywordsKnowledge engineering, knowledge flow, Metrics, open source, Open Source Software, Production facilities, pubcrawl, resilience, Resiliency, risk management, Scalability, software supply chain, supply chain risk assessment, Supply chains, Tools
AbstractThe supply chain is an extremely successful way to cope with the risk posed by distributed decision making in product sourcing and distribution. While open source software has similarly distributed decision making and involves code and information flows similar to those in ordinary supply chains, the actual networks necessary to quantify and communicate risks in software supply chains have not been constructed on large scale. This work proposes to close this gap by measuring dependency, code reuse, and knowledge flow networks in open source software. We have done preliminary work by developing suitable tools and methods that rely on public version control data to measure and comparing these networks for R language and emberjs packages. We propose ways to calculate the three networks for the entirety of public software, evaluate their accuracy, and to provide public infrastructure to build risk assessment and mitigation tools for various individual and organizational participants in open sources software. We hope that this infrastructure will contribute to more predictable experience with OSS and lead to its even wider adoption.
Citation Keyma_constructing_2018