BIGDATA: Collaborative Research: IA: OSCAR - Open Source Supply Chains and Avoidance of Risk: An Evidence Based Approach to Improve FLOSS Supply Chains

BIGDATA：协作研究：IA：OSCAR - 开源供应链和风险规避：改进 FLOSS 供应链的基于证据的方法

• 批准号: 1633437
• 负责人: Audris Mockus
• 金额: $ 130万
• 依托单位: University of Tennessee Knoxville
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-09-01 至 2021-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1633437&HistoricalAwards=false
• 关键词: BIGDATA; Collaborative; Research; IA; OSCAR

Open source software is an engine for innovation and a critical infrastructure for the nation and yet it is implemented by communities formed from a loose collection of individuals. With each software project relying on thousands of other software projects, this complex and dynamic supply chain introduces new risks and unpredictability, since, unlike in traditional software projects, no contractual relationships with the community exist and individuals could simply lose interest or move on to other activities.The big data-based approach to software supply chains will stimulate academic and practical work. The tools and practices to quantify and mitigate risks in the rapidly changing global environment with no centralized control or authority will lead to dramatic reductions in risk manifested in, for example, the spread of vulnerabilities thus making the nation both safer and more innovative. The theoretical frameworks and approaches developed will likely influence research and practice in other supply chain contexts.The objective of this research is to advance the state of knowledge of software supply chains by collecting and integrating massive public operational data representing development activity and source code from all open source projects and using it to develop novel theories, methods, and tools. The construction and analysis of the entire open source supply chain provides static and dynamic properties of the network, risk propagation, and system-level risks. Novel statistical and game-theoretic models are used to assess and mitigate these risks, while methods to contextualize, augment, and correct operational data provide ways to cope with data?s size, complexity, and observational nature.

开源软件是创新的引擎，是国家的关键基础设施，但它是由松散的个人集合组成的社区实现的。由于每个软件项目都依赖于成千上万的其他软件项目，这种复杂而动态的供应链引入了新的风险和不可预测性，因为与传统软件项目不同，与社区不存在合同关系，个人可能会失去兴趣或转移到其他活动。基于大数据的软件供应链方法将刺激学术和实际工作。在没有集中控制或权威的快速变化的全球环境中，量化和减轻风险的工具和实践将导致风险的大幅减少，例如，脆弱性的蔓延，从而使国家更安全，更创新。所开发的理论框架和方法可能会影响其他供应链背景下的研究和实践。本研究的目标是通过收集和集成代表开发活动和所有开源项目源代码的大量公共操作数据，并使用它来开发新的理论、方法和工具，来推进软件供应链的知识状态。整个开源供应链的构建和分析提供了网络、风险传播和系统级风险的静态和动态特性。新的统计和博弈论模型用于评估和减轻这些风险，而情境化、增强和纠正操作数据的方法提供了处理数据的方法。S的大小、复杂性和可观察性。

项目成果

Companies’ Participation in OSS Development–An Empirical Study of OpenStack

• DOI: 10.1109/tse.2019.2946156
• 发表时间: 2019-10
• 期刊: IEEE Transactions on Software Engineering
• 影响因子: 7.4
• 作者: Yuxia Zhang;Minghui Zhou;A. Mockus;Zhi Jin

A Complete Set of Related Git Repositories Identified via Community Detection Approaches Based on Shared Commits

基于共享提交的社区检测方法识别出的一整套相关Git存储库

• 发表时间: 2020
• 期刊: IEEE Working Conference on Mining Software Repositories
• 作者: A. Mockus;D. Spinellis;Zoe Kotti;G. J. Dusing
• 通讯作者: G. J. Dusing

Insights from open source software supply chains

来自开源软件供应链的见解

• DOI: 10.1145/3338906.3342813
• 发表时间: 2019
• 期刊: ESEC/FSE '19: 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
• 作者: Mockus, Audris

Experiences on Clustering High-Dimensional Data using pbdR

使用pbdR对高维数据进行聚类的经验

• DOI: 10.1145/3144763.3144768
• 发表时间: 2017
• 期刊: Proceedings of the 1st International Workshop on Software Engineering for High Performance Computing in Computational and Data-enabled Science & Engineering
• 作者: Amreen, Sadika;Mockus, Audris
• 通讯作者: Mockus, Audris

Deriving a usage-independent software quality metric

• DOI: 10.1007/s10664-019-09791-w
• 发表时间: 2020-02-19
• 期刊: EMPIRICAL SOFTWARE ENGINEERING
• 影响因子: 4.1
• 作者: Dey, Tapajit;Mockus, Audris
• 通讯作者: Mockus, Audris