1021 lines
97 KiB
BibTeX
1021 lines
97 KiB
BibTeX
@article{10.4018/IJSSSP.356659,
|
||
author = {Schreiber, Roland Robert},
|
||
title = {Organizational Influence on Security Development in Open-Source Software Projects},
|
||
year = {2024},
|
||
issue_date = {Oct 2024},
|
||
publisher = {IGI Global},
|
||
address = {USA},
|
||
volume = {15},
|
||
number = {1},
|
||
issn = {2640-4265},
|
||
url = {https://doi.org/10.4018/IJSSSP.356659},
|
||
doi = {10.4018/IJSSSP.356659},
|
||
abstract = {Increasing technological complexity, intensified competition, and security requirements have driven open-source software (OSS) projects to become a crucial part of organizations' software development. This study focuses on the OSS project TensorFlow (TF) and uses a case study to examine how organizations and their associated developers collaborate to identify, fix and prevent security vulnerabilities. Social Network Analysis (SNA) of archived security data from software repositories is used to gain insight into security activities. The study examines the internal structure and evolution of security code collaboration, organizational networks, and top organizational contributors to TF. It also examines productivity, homophily, development diversity, and turnover rates among developers across various software releases. The in-depth insights from this research enhance our understanding of collaborative patterns in OSS communities within open software ecosystems, particularly in the security context.},
|
||
journal = {International Journal of Systems and Software Security and Protection},
|
||
month = oct,
|
||
pages = {1–20},
|
||
numpages = {20},
|
||
keywords = {Diversity, Evolution, Open source, Organizational Influence, Productivity, Security, Social Network Analysis, Software Development Project, Structural, TensorFlow, Vulnerabilities}
|
||
}
|
||
|
||
@article{10.1145/3687047,
|
||
author = {Frluckaj, Hana and Stevens, Nikki and Howison, James and Dabbish, Laura},
|
||
title = {Paradoxes of Openness: Trans Experiences in Open Source Software},
|
||
year = {2024},
|
||
issue_date = {November 2024},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {8},
|
||
number = {CSCW2},
|
||
url = {https://doi.org/10.1145/3687047},
|
||
doi = {10.1145/3687047},
|
||
abstract = {In recent years, concerns have increased over the lack of contributor diversity in open source software (OSS), despite its status as a paragon of open collaboration. OSS is an important form of digital infrastructure and part of a career path for many developers. While there exists a growing body of literature on cisgender women's under-representation in OSS, the experiences of contributors from other marginalized groups are comparatively absent from the literature. Such is the case for trans contributors, a historically influential group in OSS. In this study, we interviewed 21 trans participants to understand and represent their experiences in the OSS literature. From their experiences, we theorize two related paradoxes of openness in OSS: the paradox of openness and display and the paradox of openness and governance. In an increasingly violent world for trans people, we draw on our theorizing to build recommendations for more inclusive and safer OSS projects for contributors.},
|
||
journal = {Proc. ACM Hum.-Comput. Interact.},
|
||
month = nov,
|
||
articleno = {508},
|
||
numpages = {24},
|
||
keywords = {diversity, gender, inclusion, open collaboration, open source software}
|
||
}
|
||
|
||
@article{10.1145/3690632,
|
||
author = {Li, Xuetao and Zhang, Yuxia and Osborne, Cailean and Zhou, Minghui and Jin, Zhi and Liu, Hui},
|
||
title = {Systematic Literature Review of Commercial Participation in Open Source Software},
|
||
year = {2025},
|
||
issue_date = {February 2025},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {34},
|
||
number = {2},
|
||
issn = {1049-331X},
|
||
url = {https://doi.org/10.1145/3690632},
|
||
doi = {10.1145/3690632},
|
||
abstract = {Open source software (OSS) has been playing a fundamental role in not only information technology but also our social lives. Attracted by various advantages of OSS, increasing commercial companies are participating extensively in open source development, and this has had a broad impact. Enormous research efforts have been devoted to understanding this phenomenon and trying to pursue a win-win result. To characterize the current research achievement and identify challenges, this article provides a comprehensive systematic literature review (SLR) of existing research on company participation in OSS. We collected 105 papers and organized them based on their research topics, which cover three main directions, i.e., participation motivation, contribution model, and impact on OSS development. We found that companies have diverse motivations from economic, technological, and social aspects, and no one study covered all the motivation categories. Existing studies categorize five main companies’ contribution models in OSS projects through their objectives and how they shape OSS communities. Researchers also explored how commercial participation affects OSS development, including companies, developers, and OSS projects. This study contributes to a comprehensive understanding of commercial participation in OSS development. Based on our findings, we present a set of research challenges and promising directions for companies’ better participation in OSS.},
|
||
journal = {ACM Trans. Softw. Eng. Methodol.},
|
||
month = jan,
|
||
articleno = {33},
|
||
numpages = {31},
|
||
keywords = {Open Source Ecosystem, Software Development, Commercial Participation, Survey}
|
||
}
|
||
|
||
@article{10.1145/3715907,
|
||
author = {Jahanshahi, Mahmoud and Reid, David and Mockus, Audris},
|
||
title = {Beyond Dependencies: The Role of Copy-Based Reuse in Open Source Software Development},
|
||
year = {2025},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
issn = {1049-331X},
|
||
url = {https://doi.org/10.1145/3715907},
|
||
doi = {10.1145/3715907},
|
||
abstract = {In Open Source Software, resources of any project are open for reuse by introducing dependencies or copying the resource itself. In contrast to dependency-based reuse, the infrastructure to systematically support copy-based reuse appears to be entirely missing. Our aim is to enable future research and tool development to increase efficiency and reduce the risks of copy-based reuse. We seek a better understanding of such reuse by measuring its prevalence and identifying factors affecting the propensity to reuse. To identify reused artifacts and trace their origins, our method exploits World of Code infrastructure. We begin with a set of theory-derived factors related to the propensity to reuse, sample instances of different reuse types, and survey developers to better understand their intentions. Our results indicate that copy-based reuse is common, with many developers being aware of it when writing code. The propensity for a file to be reused varies greatly among languages and between source code and binary files, consistently decreasing over time. Files introduced by popular projects are more likely to be reused, but at least half of reused resources originate from “small” and “medium” projects. Developers had various reasons for reuse but were generally positive about using a package manager.},
|
||
note = {Just Accepted},
|
||
journal = {ACM Trans. Softw. Eng. Methodol.},
|
||
month = jan,
|
||
keywords = {Reuse, Open Source Software, Software Development, Copy-based Reuse, Software Supply Chain, World of Code}
|
||
}
|
||
|
||
@article{10.1145/3637307,
|
||
author = {Sanei, Arghavan and Cheng, Jinghui},
|
||
title = {Characterizing Usability Issue Discussions in Open Source Software Projects},
|
||
year = {2024},
|
||
issue_date = {April 2024},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {8},
|
||
number = {CSCW1},
|
||
url = {https://doi.org/10.1145/3637307},
|
||
doi = {10.1145/3637307},
|
||
abstract = {Usability is a crucial factor but one of the most neglected concerns in open source software (OSS). While far from an ideal approach, a common practice that OSS communities adopt to collaboratively address usability is through discussions on issue tracking systems (ITSs). However, there is little knowledge about the extent to which OSS community members engage in usability issue discussions, the aspects of usability they frequently target, and the characteristics of their collaboration around usability issue discussions. This knowledge is important for providing practical recommendations and research directions to better support OSS communities in addressing this important topic and improve OSS usability in general. To help achieve this goal, we performed an extensive empirical study on issues discussed in five popular OSS applications: three data science notebook projects (Jupyter Lab, Google Colab, and CoCalc) and two code editor projects (VSCode and Atom). Our results indicated that while usability issues are extensively discussed in the OSS projects, their scope tended to be limited to efficiency and aesthetics. Additionally, these issues are more frequently posted by experienced community members and display distinguishable characteristics, such as involving more visual communication and more participants. Our results provide important implications that can inform the OSS practitioners to better engage the community in usability issue discussion and shed light on future research efforts toward collaboration techniques and tools for discussing niche topics in diverse communities, such as the usability issues in the OSS context.},
|
||
journal = {Proc. ACM Hum.-Comput. Interact.},
|
||
month = apr,
|
||
articleno = {30},
|
||
numpages = {26},
|
||
keywords = {issue tracking systems, open source software, usability}
|
||
}
|
||
|
||
@article{10.1177/26339137241231912,
|
||
author = {Schueller, William and Wachs, Johannes},
|
||
title = {Modeling interconnected social and technical risks in open source software ecosystems},
|
||
year = {2024},
|
||
issue_date = {January-March 2024},
|
||
publisher = {Sage Publications, Inc.},
|
||
address = {USA},
|
||
volume = {3},
|
||
number = {1},
|
||
url = {https://doi.org/10.1177/26339137241231912},
|
||
doi = {10.1177/26339137241231912},
|
||
abstract = {Open source software ecosystems consist of thousands of interdependent libraries, which users can combine to great effect. Recent work has pointed out two kinds of risks in these systems: that technical problems like bugs and vulnerabilities can spread through dependency links, and that relatively few developers are responsible for maintaining even the most widely used libraries. However, a more holistic diagnosis of systemic risk in software ecosystem should consider how these social and technical sources of risk interact and amplify one another. Motivated by the observation that the same individuals maintain several libraries within dependency networks, we present a methodological framework to measure risk in software ecosystems as a function of both dependencies and developers. In our models, a library’s chance of failure increases as its developers leave and as its upstream dependencies fail. We apply our method to data from the Rust ecosystem, highlighting several systemically important libraries that are overlooked when only considering technical dependencies. We compare potential interventions, seeking better ways to deploy limited developer resources with a view to improving overall ecosystem health and software supply chain resilience.},
|
||
journal = {Collective Intelligence},
|
||
month = feb,
|
||
numpages = {16},
|
||
keywords = {Open source software, decentralized collaboration, systemic risk, networks, social-technical systems}
|
||
}
|
||
|
||
@article{10.1145/3569949,
|
||
author = {Joblin, Mitchell and Eckl, Barbara and Bock, Thomas and Schmid, Angelika and Siegmund, Janet and Apel, Sven},
|
||
title = {Hierarchical and Hybrid Organizational Structures in Open-source Software Projects: A Longitudinal Study},
|
||
year = {2023},
|
||
issue_date = {July 2023},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {32},
|
||
number = {4},
|
||
issn = {1049-331X},
|
||
url = {https://doi.org/10.1145/3569949},
|
||
doi = {10.1145/3569949},
|
||
abstract = {Despite the absence of a formal process and a central command-and-control structure, developer organization in open-source software (OSS) projects are far from being a purely random process. Prior work indicates that, over time, highly successful OSS projects develop a hybrid organizational structure that comprises a hierarchical part and a non-hierarchical part. This suggests that hierarchical organization is not necessarily a global organizing principle and that a fundamentally different principle is at play below the lowest positions in the hierarchy. Given the vast proportion of developers are in the non-hierarchical part, we seek to understand the interplay between these two fundamentally differently organized groups, how this hybrid structure evolves, and the trajectory individual developers take through these structures over the course of their participation. We conducted a longitudinal study of the full histories of 20 popular OSS projects, modeling their organizational structures as networks of developers connected by communication ties and characterizing developers’ positions in terms of hierarchical (sub)structures in these networks. We observed a number of notable trends and patterns in the subject projects: (1) hierarchy is a pervasive structural feature of developer networks of OSS projects; (2) OSS projects tend to form hybrid organizational structures, consisting of a hierarchical and a non-hierarchical part; and (3) the positional trajectory of a developer starts loosely connected in the non-hierarchical part and then tightly integrate into the hierarchical part, which is associated with the acquisition of experience (tenure), in addition to coordination and coding activities. Our study (a) provides a methodological basis for further investigations of hierarchy formation, (b) suggests a number of hypotheses on prevalent organizational patterns and trends in OSS projects to be addressed in further work, and (c) may ultimately guide the governance of organizational structures.},
|
||
journal = {ACM Trans. Softw. Eng. Methodol.},
|
||
month = may,
|
||
articleno = {86},
|
||
numpages = {29},
|
||
keywords = {Open-source software projects, developer networks, organizational structure, hierarchy}
|
||
}
|
||
|
||
@article{10.1145/3555129,
|
||
author = {Yin, Likang and Chakraborti, Mahasweta and Yan, Yibo and Schweik, Charles and Frey, Seth and Filkov, Vladimir},
|
||
title = {Open Source Software Sustainability: Combining Institutional Analysis and Socio-Technical Networks},
|
||
year = {2022},
|
||
issue_date = {November 2022},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {6},
|
||
number = {CSCW2},
|
||
url = {https://doi.org/10.1145/3555129},
|
||
doi = {10.1145/3555129},
|
||
abstract = {Sustainable Open Source Software (OSS) forms much of the fabric of our digital society, especially successful and sustainable ones. But many OSS projects do not become sustainable, resulting in abandonment and even risks for the world's digital infrastructure. Prior work has looked at the reasons for this mainly from two very different perspectives. In software engineering, the focus has been on understanding success and sustainability from the socio-technical perspective: the OSS programmers' day-to-day activities and the artifacts they create. In institutional analysis, on the other hand, emphasis has been on institutional designs (e.g., policies, rules, and norms) that structure project governance. Even though each is necessary for a comprehensive understanding of OSS projects, the connection and interaction between the two approaches have been barely explored.In this paper, we make the first effort toward understanding OSS project sustainability using a dual-view analysis, by combining institutional analysis with socio-technical systems analysis. In particular, we (i) use linguistic approaches to extract institutional rules and norms from OSS contributors' communications to represent the evolution of their governance systems, and (ii) construct socio-technical networks based on longitudinal collaboration records to represent each project's organizational structure. We combined the two methods and applied them to a dataset of developer digital traces from 253 nascent OSS projects within the Apache Software Foundation (ASF) incubator. We find that the socio-technical and institutional features relate to each other, and provide complimentary views into the progress of the ASF's OSS projects. Refining these combined analyses can help provide a more precise understanding of the synchronization between the evolution of institutional governance and organizational structure.},
|
||
journal = {Proc. ACM Hum.-Comput. Interact.},
|
||
month = nov,
|
||
articleno = {404},
|
||
numpages = {23},
|
||
keywords = {socio-technical systems, institutional design, OSS sustainability}
|
||
}
|
||
|
||
@article{10.1145/3510460,
|
||
author = {Trinkenreich, Bianca and Wiese, Igor and Sarma, Anita and Gerosa, Marco and Steinmacher, Igor},
|
||
title = {Women’s Participation in Open Source Software: A Survey of the Literature},
|
||
year = {2022},
|
||
issue_date = {October 2022},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {31},
|
||
number = {4},
|
||
issn = {1049-331X},
|
||
url = {https://doi.org/10.1145/3510460},
|
||
doi = {10.1145/3510460},
|
||
abstract = {Women are underrepresented in Open Source Software (OSS) projects, as a result of which, not only do women lose career and skill development opportunities, but the projects themselves suffer from a lack of diversity of perspectives. Practitioners and researchers need to understand more about the phenomenon; however, studies about women in open source are spread across multiple fields, including information systems, software engineering, and social science. This article systematically maps, aggregates, and synthesizes the state-of-the-art on women’s participation in OSS. It focuses on women contributors’ representation and demographics, how they contribute, their motivations and challenges, and strategies employed by communities to attract and retain women. We identified 51 articles (published between 2000 and 2021) that investigated women’s participation in OSS. We found evidence in these papers about who are the women who contribute, what motivates them to contribute, what types of contributions they make, challenges they face, and strategies proposed to support their participation. According to these studies, only about 5% of projects were reported to have women as core developers, and women authored less than 5% of pull-requests, but had similar or even higher rates of pull-request acceptances than men. Women make both code and non-code contributions, and their motivations to contribute include learning new skills, altruism, reciprocity, and kinship. Challenges that women face in OSS are mainly social, including lack of peer parity and non-inclusive communication from a toxic culture. We found 10 strategies reported in the literature, which we mapped to the reported challenges. Based on these results, we provide guidelines for future research and practice.},
|
||
journal = {ACM Trans. Softw. Eng. Methodol.},
|
||
month = aug,
|
||
articleno = {81},
|
||
numpages = {37},
|
||
keywords = {female, bias, motivation, challenges, Gender}
|
||
}
|
||
|
||
@article{10.5555/3381540.3381541,
|
||
author = {Occhialino, Amy R.},
|
||
title = {Social change in open source software},
|
||
year = {2019},
|
||
issue_date = {October 2019},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {35},
|
||
number = {1},
|
||
issn = {1937-4771},
|
||
abstract = {You may know Intel only as a hardware company, and in many ways this is true. Intel's core business is semiconductor design and manufacturing. What may be news to you is that Intel has spent close to two decades working in the open source software community, collaborating on projects that enhance Intel Architecture and advocating for the beauty, elegance, and possibilities that exist within open source software development.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = oct,
|
||
pages = {12–13},
|
||
numpages = {2}
|
||
}
|
||
|
||
@article{10.1145/3610092,
|
||
author = {Hsieh, Jane and Kim, Joselyn and Dabbish, Laura and Zhu, Haiyi},
|
||
title = {"Nip it in the Bud": Moderation Strategies in Open Source Software Projects and the Role of Bots},
|
||
year = {2023},
|
||
issue_date = {October 2023},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {7},
|
||
number = {CSCW2},
|
||
url = {https://doi.org/10.1145/3610092},
|
||
doi = {10.1145/3610092},
|
||
abstract = {Much of our modern digital infrastructure relies critically upon open sourced software. The communities responsible for building this cyberinfrastructure require maintenance and moderation, which is often supported by volunteer efforts. Moderation, as a non-technical form of labor, is a necessary but often overlooked task that maintainers undertake to sustain the community around an OSS project. This study examines the various structures and norms that support community moderation, describes the strategies moderators use to mitigate conflicts, and assesses how bots can play a role in assisting these processes. We interviewed 14 practitioners to uncover existing moderation practices and ways that automation can provide assistance. Our main contributions include a characterization of moderated content in OSS projects, moderation techniques, as well as perceptions of and recommendations for improving the automation of moderation tasks. We hope that these findings will inform the implementation of more effective moderation practices in open source communities.},
|
||
journal = {Proc. ACM Hum.-Comput. Interact.},
|
||
month = oct,
|
||
articleno = {301},
|
||
numpages = {29},
|
||
keywords = {automation, coordination, moderation, open source}
|
||
}
|
||
|
||
@article{10.1145/3449093,
|
||
author = {Li, Renee and Pandurangan, Pavitthra and Frluckaj, Hana and Dabbish, Laura},
|
||
title = {Code of Conduct Conversations in Open Source Software Projects on Github},
|
||
year = {2021},
|
||
issue_date = {April 2021},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {5},
|
||
number = {CSCW1},
|
||
url = {https://doi.org/10.1145/3449093},
|
||
doi = {10.1145/3449093},
|
||
abstract = {The rapid growth of open source software necessitates a deeper understanding of moderation and governance methods currently used within these projects. The code of conduct, a set of rules articulating standard behavior and responsibilities for participation within a community, is becoming an increasingly common policy document in open source software projects for setting project norms of behavior and discouraging negative or harassing comments and conversation. This study describes the conversations around adopting and crafting a code of conduct as well as those utilizing code of conduct for community governance. We conduct a qualitative analysis of a random sample of GitHub issues that involve the code of conduct. We find that codes of conduct are used both proactively and reactively to govern community behavior in project issues. Oftentimes, the initial addition of a code of conduct does not involve much community participation and input. However, a controversial moderation act is capable of inciting mass community feedback and backlash. Project maintainers balance the tension between disciplining potentially offensive forms of speech and encouraging broad and inclusive participation. These results have implications for the design of inclusive and effective governance practices for open source software communities.},
|
||
journal = {Proc. ACM Hum.-Comput. Interact.},
|
||
month = apr,
|
||
articleno = {19},
|
||
numpages = {31},
|
||
keywords = {collaboration, open source software}
|
||
}
|
||
|
||
@article{10.1145/3473139,
|
||
author = {Bock, Thomas and Schmid, Angelika and Apel, Sven},
|
||
title = {Measuring and Modeling Group Dynamics in Open-Source Software Development: A Tensor Decomposition Approach},
|
||
year = {2021},
|
||
issue_date = {April 2022},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {31},
|
||
number = {2},
|
||
issn = {1049-331X},
|
||
url = {https://doi.org/10.1145/3473139},
|
||
doi = {10.1145/3473139},
|
||
abstract = {Many open-source software projects depend on a few core developers, who take over both the bulk of coordination and programming tasks. They are supported by peripheral developers, who contribute either via discussions or programming tasks, often for a limited time. It is unclear what role these peripheral developers play in the programming and communication efforts, as well as the temporary task-related sub-groups in the projects. We mine code-repository data and mailing-list discussions to model the relationships and contributions of developers in a social network and devise a method to analyze the temporal collaboration structures in communication and programming, learning about the strength and stability of social sub-groups in open-source software projects. Our method uses multi-modal social networks on a series of time windows. Previous work has reduced the network structure representing developer collaboration to networks with only one type of interaction, which impedes the simultaneous analysis of more than one type of interaction. We use both communication and version-control data of open-source software projects and model different types of interaction over time. To demonstrate the practicability of our measurement and analysis method, we investigate 10 substantial and popular open-source software projects and show that, if sub-groups evolve, modeling these sub-groups helps predict the future evolution of interaction levels of programmers and groups of developers. Our method allows maintainers and other stakeholders of open-source software projects to assess instabilities and organizational changes in developer interaction and can be applied to different use cases in organizational analysis, such as understanding the dynamics of a specific incident or discussion.},
|
||
journal = {ACM Trans. Softw. Eng. Methodol.},
|
||
month = nov,
|
||
articleno = {19},
|
||
numpages = {50},
|
||
keywords = {tensor decomposition, repository mining, open-source software, group structures, Coordination}
|
||
}
|
||
|
||
@article{10.1145/3449249,
|
||
author = {Geiger, R. Stuart and Howard, Dorothy and Irani, Lilly},
|
||
title = {The Labor of Maintaining and Scaling Free and Open-Source Software Projects},
|
||
year = {2021},
|
||
issue_date = {April 2021},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {5},
|
||
number = {CSCW1},
|
||
url = {https://doi.org/10.1145/3449249},
|
||
doi = {10.1145/3449249},
|
||
abstract = {Free and/or open-source software (or F/OSS) projects now play a major and dominant role in society, constituting critical digital infrastructure relied upon by companies, academics, non-profits, activists, and more. As F/OSS has become larger and more established, we investigate the labor of maintaining and sustaining those projects at various scales. We report findings from an interview-based study with contributors and maintainers working in a wide range of F/OSS projects. Maintainers of F/OSS projects do not just maintain software code in a more traditional software engineering understanding of the term: fixing bugs, patching security vulnerabilities, and updating dependencies. F/OSS maintainers also perform complex and often-invisible interpersonal and organizational work to keep their projects operating as active communities of users and contributors. We particularly focus on how this labor of maintaining and sustaining changes as projects and their software grow and scale across many dimensions. In understanding F/OSS to be as much about maintaining a communal project as it is maintaining software code, we discuss broadly applicable considerations for peer production communities and other socio-technical systems more broadly.},
|
||
journal = {Proc. ACM Hum.-Comput. Interact.},
|
||
month = apr,
|
||
articleno = {175},
|
||
numpages = {28},
|
||
keywords = {free software, infrastructure, labor, maintenance, open source}
|
||
}
|
||
|
||
@article{10.1145/3434167,
|
||
author = {Ahmed, Alex A. and Kok, Bryan and Howard, Coranna and Still, Klew},
|
||
title = {Online Community-based Design of Free and Open Source Software for Transgender Voice Training},
|
||
year = {2021},
|
||
issue_date = {December 2020},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {4},
|
||
number = {CSCW3},
|
||
url = {https://doi.org/10.1145/3434167},
|
||
doi = {10.1145/3434167},
|
||
abstract = {This paper describes Project Spectra, a collective of open source developers that aims to build free and open source voice training technology for transgender people. We demonstrate how a design prioritizing the agency of trans users was made possible through sustained community collaboration. Using an autoethnographic approach, we discuss our community-based design process, which was documented with memos, online meetings and text conversations, sketches, and other data sources. We illustrate how we articulated our values as a group: deciding our programming framework (including a Statement of Principles), elaborating our "Experience Goals" (the feelings we wanted our design to elicit), and determining the features we wanted to implement in our app. We conclude with a reflection on the benefits and challenges of conducting community-based design research through an open-source organizational model.},
|
||
journal = {Proc. ACM Hum.-Comput. Interact.},
|
||
month = jan,
|
||
articleno = {258},
|
||
numpages = {27},
|
||
keywords = {transgender, free and open source software, feminist epistemologies, community-based collaborative design, autoethnography}
|
||
}
|
||
|
||
@article{10.1145/3476042,
|
||
author = {Wessel, Mairieli and Wiese, Igor and Steinmacher, Igor and Gerosa, Marco Aurelio},
|
||
title = {Don't Disturb Me: Challenges of Interacting with Software Bots on Open Source Software Projects},
|
||
year = {2021},
|
||
issue_date = {October 2021},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {5},
|
||
number = {CSCW2},
|
||
url = {https://doi.org/10.1145/3476042},
|
||
doi = {10.1145/3476042},
|
||
abstract = {Software bots are used to streamline tasks in Open Source Software (OSS) projects' pull requests, saving development cost, time, and effort. However, their presence can be disruptive to the community. We identified several challenges caused by bots in pull request interactions by interviewing 21 practitioners, including project maintainers, contributors, and bot developers. In particular, our findings indicate noise as a recurrent and central problem. Noise affects both human communication and development workflow by overwhelming and distracting developers. Our main contribution is a theory of how human developers perceive annoying bot behaviors as noise on social coding platforms. This contribution may help practitioners understand the effects of adopting a bot, and researchers and tool designers may leverage our results to better support human-bot interaction on social coding platforms.},
|
||
journal = {Proc. ACM Hum.-Comput. Interact.},
|
||
month = oct,
|
||
articleno = {301},
|
||
numpages = {21},
|
||
keywords = {collaborative development, github bots, human-bot interaction, open source software, software bots, software engineering}
|
||
}
|
||
|
||
@article{10.1145/3230012,
|
||
author = {Hjelsvold, Rune and Mishra, Deepti},
|
||
title = {Exploring and Expanding GSE Education with Open Source Software Development},
|
||
year = {2019},
|
||
issue_date = {June 2019},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {19},
|
||
number = {2},
|
||
url = {https://doi.org/10.1145/3230012},
|
||
doi = {10.1145/3230012},
|
||
abstract = {Global software engineering (GSE) courses traditionally require cooperation between at least two universities so as to provide a distributed development environment to the students. In this study, we explore an alternative way to organize a global software engineering course where students work on open source software development (OSSD) projects rather than in a multi-university collaboration setting. The results show that the new setup may provide core GSE challenges as well as challenges associated with software development outsourcing and challenges related to working on large open source software. The present article compares the experiences gained from running a combined GSE and OSSD course against the experiences gained from running a traditional GSE course. The two alternatives are compared in terms of students’ learning outcomes and course organization. The authors found that a combined GSE and OSSD course provides learning opportunities that are partly overlapping with, and partly complementary to, a traditional GSE course. The authors also found that the combined OSSD and GSE course was somewhat easier to organize because most of the activities took place in a single university setting. The authors used the extended GSE taxonomy for the comparison and found it to be a useful tool for this, although it had some limitations in expressive power. Therefore, two additional relationship dimensions are proposed that will further enrich the extended taxonomy in classifying GSE (and OSSD) projects.},
|
||
journal = {ACM Trans. Comput. Educ.},
|
||
month = jan,
|
||
articleno = {12},
|
||
numpages = {23},
|
||
keywords = {Software Development Outsourcing, Open Source Software Development, OSS, Global software engineering, GSE Taxonomy, GSE Education}
|
||
}
|
||
|
||
@article{10.5555/2835377.2835383,
|
||
author = {Callaway, Tom},
|
||
title = {An introduction to open source software and communities: tutorial presentation},
|
||
year = {2016},
|
||
issue_date = {January 2016},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {31},
|
||
number = {3},
|
||
issn = {1937-4771},
|
||
abstract = {This tutorial is intended to provide instructors with working knoowledge of open source software concepts and communities. In this brief introduction, we will:• talk about what open source is and why it is gaining traction in the business world;• explore how instgructors (and their students) can benefit by incorporating open source into the curriculum;• review what differentiates open source from proprietzry software; and• discuss how teaching open source in an open way aligns with many current pedagogical practices, such as continuous assessment and cooperative learning.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = jan,
|
||
pages = {34–35},
|
||
numpages = {2}
|
||
}
|
||
|
||
@article{10.5555/2752981.2752996,
|
||
author = {Likins, Gin},
|
||
title = {An introduction to open source software concepts and communities: conference tutorial},
|
||
year = {2015},
|
||
issue_date = {May 2015},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {30},
|
||
number = {5},
|
||
issn = {1937-4771},
|
||
abstract = {Intended Audience: Instructors who are curious about open source software and how to incorporate it into their classes. This tutorial is intended to provide instructors with working knowledge of open source software concepts and communities. In this brief introduction, we will:• talk about what open source is and why it is gaining traction in the business world;• explore how instructors (and their students) can benefit by incorporating open source into the curriculum;• review what differentiates open source from proprietary software; and• discuss how teaching open source in an open way aligns with many current pedagogical practices, such as continuous assessment and cooperative learning.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = may,
|
||
pages = {60},
|
||
numpages = {1}
|
||
}
|
||
|
||
@article{10.5555/2752628.2752639,
|
||
author = {Likins, Gin},
|
||
title = {An introduction to open source software concepts and communities: conference tutorial},
|
||
year = {2015},
|
||
issue_date = {April 2015},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {30},
|
||
number = {4},
|
||
issn = {1937-4771},
|
||
abstract = {Intended Audience: Instructors who are curious about open source software and how to incorporate it into their classes. This tutorial is intended to provide instructors with working knowledge of open source software concepts and communities.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = apr,
|
||
pages = {48},
|
||
numpages = {1}
|
||
}
|
||
|
||
@article{10.1145/2594458,
|
||
author = {Rigby, Peter C. and German, Daniel M. and Cowen, Laura and Storey, Margaret-Anne},
|
||
title = {Peer Review on Open-Source Software Projects: Parameters, Statistical Models, and Theory},
|
||
year = {2014},
|
||
issue_date = {August 2014},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {23},
|
||
number = {4},
|
||
issn = {1049-331X},
|
||
url = {https://doi.org/10.1145/2594458},
|
||
doi = {10.1145/2594458},
|
||
abstract = {Peer review is seen as an important quality-assurance mechanism in both industrial development and the open-source software (OSS) community. The techniques for performing inspections have been well studied in industry; in OSS development, software peer reviews are not as well understood.To develop an empirical understanding of OSS peer review, we examine the review policies of 25 OSS projects and study the archival records of six large, mature, successful OSS projects. We extract a series of measures based on those used in traditional inspection experiments. We measure the frequency of review, the size of the contribution under review, the level of participation during review, the experience and expertise of the individuals involved in the review, the review interval, and the number of issues discussed during review. We create statistical models of the review efficiency, review interval, and effectiveness, the issues discussed during review, to determine which measures have the largest impact on review efficacy.We find that OSS peer reviews are conducted asynchronously by empowered experts who focus on changes that are in their area of expertise. Reviewers provide timely, regular feedback on small changes. The descriptive statistics clearly show that OSS review is drastically different from traditional inspection.},
|
||
journal = {ACM Trans. Softw. Eng. Methodol.},
|
||
month = sep,
|
||
articleno = {35},
|
||
numpages = {33},
|
||
keywords = {Peer review, inspection, mining software repositories, open-source software}
|
||
}
|
||
|
||
@article{10.1145/2684812,
|
||
author = {Ellis, Heidi J. C. and Hislop, Gregory W. and Jackson, Stoney and Postner, Lori},
|
||
title = {Team Project Experiences in Humanitarian Free and Open Source Software (HFOSS)},
|
||
year = {2015},
|
||
issue_date = {December 2015},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {15},
|
||
number = {4},
|
||
url = {https://doi.org/10.1145/2684812},
|
||
doi = {10.1145/2684812},
|
||
abstract = {Providing students with the professional, communication, and technical skills necessary to contribute to an ongoing software project is critical, yet often difficult in higher education. Involving student teams in real-world projects developed by professional software engineers for actual users is invaluable. Free and Open Source Software (FOSS) has emerged as an important approach to creating, managing, and distributing software products. Involvement in a FOSS project provides students with experience developing within a professional environment, with a professional community, and has the additional benefit that all communication and artifacts are publicly accessible. Humanitarian Free and Open Source Software (HFOSS) projects benefit the human condition in some manner. They can range from disaster management to microfinance to election-monitoring applications. This article discusses the benefits and challenges of students participating in HFOSS projects within the context of undergraduate computing degree programs. This article reports on a 6-year study of students' self-reported attitudes and learning from participation in an HFOSS project. Results indicate that working on an HFOSS project increases interest in computing. In addition, students perceive that they are gaining experience in developing software in a distributed environment with the attendant skills of communication, distributed teamwork, and more.},
|
||
journal = {ACM Trans. Comput. Educ.},
|
||
month = dec,
|
||
articleno = {18},
|
||
numpages = {23},
|
||
keywords = {Humanitarian free and open source software (HFOSS)}
|
||
}
|
||
|
||
@article{10.5555/2753024.2753056,
|
||
author = {Jackson, Stoney and Ellis, Heidi J. C. and Hislop, Gregory W. and Postner, Lori and Jackson, Stoney},
|
||
title = {Team project experiences in humanitarian free and open source software (HFOSS): faculty poster abstract},
|
||
year = {2015},
|
||
issue_date = {June 2015},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {30},
|
||
number = {6},
|
||
issn = {1937-4771},
|
||
abstract = {Providing students with the professional, communication and technical skills necessary to contribute to an ongoing software project is critical, yet often difficult in higher education. Involving student teams in real-world projects developed by professional software engineers for actual users is invaluable. Involvement in a Free and Open Source Software (FOSS) project provides students with experience developing within a professional environment, with a professional community, and has the additional benefit that all communication and artifacts are publicly accessible. Humanitarian Free and Open Source Software (HFOSS) projects benefit the human condition in some manner. They can range from disaster management to microfinance to election monitoring applications. This poster presents results of a six-year study of students' self-reported attitudes and learning from participation in an HFOSS project [1].},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = jun,
|
||
pages = {156–157},
|
||
numpages = {2}
|
||
}
|
||
|
||
@article{10.1145/2555596,
|
||
author = {Bouktif, Salah and Sahraoui, Houari and Ahmed, Faheem},
|
||
title = {Predicting Stability of Open-Source Software Systems Using Combination of Bayesian Classifiers},
|
||
year = {2014},
|
||
issue_date = {April 2014},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {5},
|
||
number = {1},
|
||
issn = {2158-656X},
|
||
url = {https://doi.org/10.1145/2555596},
|
||
doi = {10.1145/2555596},
|
||
abstract = {The use of free and Open-Source Software (OSS) systems is gaining momentum. Organizations are also now adopting OSS, despite some reservations, particularly about the quality issues. Stability of software is one of the main features in software quality management that needs to be understood and accurately predicted. It deals with the impact resulting from software changes and argues that stable components lead to a cost-effective software evolution. Changes are most common phenomena present in OSS in comparison to proprietary software. This makes OSS system evolution a rich context to study and predict stability. Our objective in this work is to build stability prediction models that are not only accurate but also interpretable, that is, able to explain the link between the architectural aspects of a software component and its stability behavior in the context of OSS. Therefore, we propose a new approach based on classifiers combination capable of preserving prediction interpretability. Our approach is classifier-structure dependent. Therefore, we propose a particular solution for combining Bayesian classifiers in order to derive a more accurate composite classifier that preserves interpretability. This solution is implemented using a genetic algorithm and applied in the context of an OSS large-scale system, namely the standard Java API. The empirical results show that our approach outperforms state-of-the-art approaches from both machine learning and software engineering.},
|
||
journal = {ACM Trans. Manage. Inf. Syst.},
|
||
month = apr,
|
||
articleno = {3},
|
||
numpages = {26},
|
||
keywords = {Bayesian classifiers, Software stability prediction, genetic algorithm}
|
||
}
|
||
|
||
@article{10.1145/3447245,
|
||
author = {Bogart, Chris and K\"{a}stner, Christian and Herbsleb, James and Thung, Ferdian},
|
||
title = {When and How to Make Breaking Changes: Policies and Practices in 18 Open Source Software Ecosystems},
|
||
year = {2021},
|
||
issue_date = {October 2021},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {30},
|
||
number = {4},
|
||
issn = {1049-331X},
|
||
url = {https://doi.org/10.1145/3447245},
|
||
doi = {10.1145/3447245},
|
||
abstract = {Open source software projects often rely on package management systems that help projects discover, incorporate, and maintain dependencies on other packages, maintained by other people. Such systems save a great deal of effort over ad hoc ways of advertising, packaging, and transmitting useful libraries, but coordination among project teams is still needed when one package makes a breaking change affecting other packages. Ecosystems differ in their approaches to breaking changes, and there is no general theory to explain the relationships between features, behavioral norms, ecosystem outcomes, and motivating values. We address this through two empirical studies. In an interview case study, we contrast Eclipse, NPM, and CRAN, demonstrating that these different norms for coordination of breaking changes shift the costs of using and maintaining the software among stakeholders, appropriate to each ecosystem’s mission. In a second study, we combine a survey, repository mining, and document analysis to broaden and systematize these observations across 18 ecosystems. We find that all ecosystems share values such as stability and compatibility, but differ in other values. Ecosystems’ practices often support their espoused values, but in surprisingly diverse ways. The data provides counterevidence against easy generalizations about why ecosystem communities do what they do.},
|
||
journal = {ACM Trans. Softw. Eng. Methodol.},
|
||
month = jul,
|
||
articleno = {42},
|
||
numpages = {56},
|
||
keywords = {Software ecosystems, collaboration, dependency management, qualitative research, semantic versioning}
|
||
}
|
||
|
||
@article{10.5555/2460156.2460184,
|
||
author = {MacKellar, Bonnie K. and Sabin, Mihaela and Tucker, Allen},
|
||
title = {Scaling a framework for client-driven open source software projects: a report from three schools},
|
||
year = {2013},
|
||
issue_date = {June 2013},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {28},
|
||
number = {6},
|
||
issn = {1937-4771},
|
||
abstract = {While large ongoing humanitarian open source software (HFOSS) projects are often seen as a way to engage students in capstone courses, they can be difficult to incorporate into an academic setting. One way this problem can be mitigated is by growing student-oriented open source projects within academia while still involving real world clients. One such project, called Homebase, involved a team of students working with a local Ronald McDonald House to develop volunteer scheduling software. In true open source fashion, this project has since been extended over a number of course iterations, with different clients, and has been adopted at other schools. In this paper, we report on our experiences using this approach for similar projects at three quite different schools, and discuss ways to adapt and enhance this approach for differing student populations.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = jun,
|
||
pages = {140–147},
|
||
numpages = {8}
|
||
}
|
||
|
||
@article{10.5555/2460156.2460191,
|
||
author = {Gokhale, Swapna and Smith, Th\'{e}r\`{e}se and McCartney, Robert},
|
||
title = {Teaching software engineering from a maintenance-centric view using open-source software},
|
||
year = {2013},
|
||
issue_date = {June 2013},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {28},
|
||
number = {6},
|
||
issn = {1937-4771},
|
||
abstract = {Software engineering (SE) careers are disproportionately devoted towards maintaining and evolving existing large systems, rather than building them from ground up. To address this focus, we have developed a maintenance-centric SE course that provides students experience in the maintenance and evolution of realistic software projects. For this purpose, we use Open-Source Software (OSS) which is freely available, as a source of realistic software projects.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = jun,
|
||
pages = {189–191},
|
||
numpages = {3}
|
||
}
|
||
|
||
@article{10.5555/1352627.1352628,
|
||
author = {Morelli, Ralph and de Lanerolle, Trishan and Lyengar, Janardhan},
|
||
title = {Teaching and building humanitarian open source software},
|
||
year = {2008},
|
||
issue_date = {May 2008},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {23},
|
||
number = {5},
|
||
issn = {1937-4771},
|
||
abstract = {This hands-on workshop will introduce participants to the world of free and open source software (FOSS) development and how to incorporate FOSS into undergraduate computing curricula. We will focus on existing humanitarian FOSS projects that the presenters are involved with. Participants will learn how FOSS projects are organized and how to set up a small scale project at their own schools. Introduction will be provided to FOSS development tools, including Eclipse, Subversion, Media WIKI, and Trac. Participants will install a development environment on their laptops and build a simple module for an existing humanitarian FOSS project. See http://www.hfoss.org for further details.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = may,
|
||
pages = {5–6},
|
||
numpages = {2}
|
||
}
|
||
|
||
@article{10.1145/3449232,
|
||
author = {Klug, Daniel and Bogart, Christopher and Herbsleb, James D.},
|
||
title = {"They Can Only Ever Guide": How an Open Source Software Community Uses Roadmaps to Coordinate Effort},
|
||
year = {2021},
|
||
issue_date = {April 2021},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {5},
|
||
number = {CSCW1},
|
||
url = {https://doi.org/10.1145/3449232},
|
||
doi = {10.1145/3449232},
|
||
abstract = {Unlike in commercial software development, open source software (OSS) projects do not generally have managers with direct control over how developers spend their time, yet for projects with large, diverse sets of contributors, the need exists to focus and steer development in a particular direction in a coordinated way. This is especially important for "infrastructure" projects, such as critical libraries and programming languages that many other people depend on. Some projects have taken the approach of borrowing planning tools that originated in commercial development, despite the fact that these techniques were designed for very different contexts, e.g. strong top-down control and profit motives. Little research has been done to understand how these practices are adapted to a new context. In this paper, we examine the Rust project's use of roadmaps: how has an important OSS infrastructure project adapted an inherently top-down tool to the freewheeling world of OSS? We find that because Rust's roadmaps are built in part by summarizing what motivated developers most prefer to work on, they are in some ways more a description of the motivated labor available than they are a directive that the community move in a particular direction. They allow the community to avoid wasting time on unpopular proposals by revealing that there will be little help in building them, and encouraging work on popular features by making visible the amount of consensus in those features. Roadmaps generate a collective focus without limiting the full scope of what developers work on: roadmap issues consume proportionally more effort than other issues, but constitute a minority of the work done (i.e issues and pull requests made) by both central and peripheral participants. They also create transparency among and beyond the community into what central contributors' plans are, and allow more rational decision-making by providing a way for evidence about community needs to be linked to decision-making.},
|
||
journal = {Proc. ACM Hum.-Comput. Interact.},
|
||
month = apr,
|
||
articleno = {158},
|
||
numpages = {28},
|
||
keywords = {collaboration, common pool resources, open source, rust language}
|
||
}
|
||
|
||
@article{10.5555/1229637.1229673,
|
||
author = {Beard, Ashley and Kim, Hyunju},
|
||
title = {A survey on open source software licenses: student paper},
|
||
year = {2007},
|
||
issue_date = {April 2007},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {22},
|
||
number = {4},
|
||
issn = {1937-4771},
|
||
abstract = {Software products have been considered as intellectual properties that are protected through patents and/or law. On the other hand, Open Source Software (OSS) allows access to source code so that the users can read, modify, and redistribute the code. OSS is usually developed under an open environment with collaborations among numerous developers. The software is considered more reliable, and the development process is considered more successful in terms of speed, productivity, and quality compared to software developed under the traditional closed development process. This paper studies the basics of OSS including history and background, and OSS licenses. The OSS licenses implement the "copyleft" concept, which is a method to make software free to use and modify. By studying the licenses, we expect to understand the philosophy of OSS movement in depth and under what conditions, OSS products are distributed.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = apr,
|
||
pages = {205–211},
|
||
numpages = {7}
|
||
}
|
||
|
||
@article{10.1145/2089125.2089127,
|
||
author = {Crowston, Kevin and Wei, Kangning and Howison, James and Wiggins, Andrea},
|
||
title = {Free/Libre open-source software development: What we know and what we do not know},
|
||
year = {2008},
|
||
issue_date = {February 2012},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {44},
|
||
number = {2},
|
||
issn = {0360-0300},
|
||
url = {https://doi.org/10.1145/2089125.2089127},
|
||
doi = {10.1145/2089125.2089127},
|
||
abstract = {We review the empirical research on Free/Libre and Open-Source Software (FLOSS) development and assess the state of the literature. We develop a framework for organizing the literature based on the input-mediator-output-input (IMOI) model from the small groups literature. We present a quantitative summary of articles selected for the review and then discuss findings of this literature categorized into issues pertaining to inputs (e.g., member characteristics, technology use, and project characteristics), processes (software development practices, social processes, and firm involvement practices), emergent states (e.g., social states and task-related states), and outputs (e.g. team performance, FLOSS implementation, and project evolution). Based on this review, we suggest topics for future research, as well as identify methodological and theoretical issues for future inquiry in this area, including issues relating to sampling and the need for more longitudinal studies.},
|
||
journal = {ACM Comput. Surv.},
|
||
month = mar,
|
||
articleno = {7},
|
||
numpages = {35},
|
||
keywords = {Free/Libre open-source software, computer-mediated communication, development, distributed work}
|
||
}
|
||
|
||
@article{10.5555/3417639.3417680,
|
||
author = {Wurst, Karl R. and Jackson, Stoney and Ellis, Heidi J. C. and Burdge, Darci and Postner, Lori},
|
||
title = {LibreFoodPantry: developing a multi-institutional, faculty-led, humanitarian free and open source software community},
|
||
year = {2020},
|
||
issue_date = {April 2020},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {35},
|
||
number = {8},
|
||
issn = {1937-4771},
|
||
abstract = {Engaging students in humanitarian free and open source software (HFOSS) projects allows them to gain real-world software development skills while helping society. For years the authors have been working to encourage student and faculty participation in HFOSS projects and communities, but they have found that participating in an existing HFOSS project, although ripe with learning opportunities, presents a number of hurdles for faculty and students. An alternative to joining an existing HFOSS project community is to participate in a faculty-led HFOSS project. These projects provide the instructor with more control over the learning environment, but often lack an active community outside of the classroom.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = apr,
|
||
pages = {286–287},
|
||
numpages = {2}
|
||
}
|
||
|
||
@article{10.5555/1314498.1314577,
|
||
author = {Sonnenburg, S\"{o}ren and Braun, Mikio L. and Ong, Cheng Soon and Bengio, Samy and Bottou, Leon and Holmes, Geoffrey and LeCun, Yann and M\"{u}ller, Klaus-Robert and Pereira, Fernando and Rasmussen, Carl Edward and R\"{a}tsch, Gunnar and Sch\"{o}lkopf, Bernhard and Smola, Alexander and Vincent, Pascal and Weston, Jason and Williamson, Robert},
|
||
title = {The Need for Open Source Software in Machine Learning},
|
||
year = {2007},
|
||
issue_date = {12/1/2007},
|
||
publisher = {JMLR.org},
|
||
volume = {8},
|
||
issn = {1532-4435},
|
||
abstract = {Open source tools have recently reached a level of maturity which makes them suitable for building large-scale real-world systems. At the same time, the field of machine learning has developed a large body of powerful learning algorithms for diverse applications. However, the true potential of these methods is not used, since existing implementations are not openly shared, resulting in software with low usability, and weak interoperability. We argue that this situation can be significantly improved by increasing incentives for researchers to publish their software under an open source model. Additionally, we outline the problems authors are faced with when trying to publish algorithmic implementations of machine learning methods. We believe that a resource of peer reviewed software accompanied by short articles would be highly valuable to both the machine learning and the general scientific community.},
|
||
journal = {J. Mach. Learn. Res.},
|
||
month = dec,
|
||
pages = {2443–2466},
|
||
numpages = {24}
|
||
}
|
||
|
||
@article{10.5555/1516546.1516558,
|
||
author = {Crowley, Ed},
|
||
title = {Designing applied cryptology laboratory modules with free and open source software},
|
||
year = {2009},
|
||
issue_date = {April 2009},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {24},
|
||
number = {4},
|
||
issn = {1937-4771},
|
||
abstract = {For today's computer professionals, secure data storage and secure data communications are vital competencies. In the current Internet aware environment, effective security necessitates the application of cryptology. Daily, modern businesses rely on cryptographic services such as authentication, non-repudiation, integrity, and confidentiality, to secure their information. Creating relevant applied cryptology laboratory modules can be a challenge. One interesting challenge is the choice of laboratory software. By design, most commercial cryptology software shields the user from operational details. Consequently, most commercial software does not lend itself well to laboratory activities. Fortunately, there are Open Source Cryptographic Toolkits that have worked well in our lab environment. This paper presents the author's experience with the development and evolution of applied cryptography laboratory modules. These laboratory modules utilize Free and Open Source Software (FOSS) exclusively.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = apr,
|
||
pages = {61–67},
|
||
numpages = {7}
|
||
}
|
||
|
||
@article{10.5555/1791129.1791158,
|
||
author = {Ellis, Heidi J. C. and Hislop, Gregory W. and Morelli, Ralph and Danner, Norman},
|
||
title = {Instructional aspects of student participation in humanitarian Free and Open Source Software: panel discussion},
|
||
year = {2010},
|
||
issue_date = {June 2010},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {25},
|
||
number = {6},
|
||
issn = {1937-4771},
|
||
abstract = {Active participation in Free and Open Source Software (FOSS) projects can provide students with large-scale collaborative software development experience. Frequently these experiences include interacting with an international group of professionals. The ability to participate in an active project empowers and motivates students to learn. FOSS projects of a humanitarian nature further motivate students by providing students with the satisfaction of improving the human condition in some manner. Thus Humanitarian FOSS (HFOSS) provides a fertile environment for student learning.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = jun,
|
||
pages = {152–154},
|
||
numpages = {3}
|
||
}
|
||
|
||
@article{10.5555/1229637.1229654,
|
||
author = {Reed, Matthew W. and Balogh, Benjamin A. and Miller, David C. and Chiang, Chia-Chu},
|
||
title = {Developing and learning web services with open source software: an experience report},
|
||
year = {2007},
|
||
issue_date = {April 2007},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {22},
|
||
number = {4},
|
||
issn = {1937-4771},
|
||
abstract = {To simultaneously teach the principles of software engineering and expose students to current in-demand technologies in the business world, one recent undergraduate course put them through a semester-long project to design and build a web service from the ground up. This project was conducted in a simulated business environment with the course instructor playing the role of customer. In the interests of demonstrating the benefits of software reuse, the instructor insisted that the web services be built using open-source software. By the end of the semester, and with the benefit of outside consultation, the teams managed to produce a finished working prototype. This paper will describe their effort and experiences, underscoring risks encountered, strengths embraced, and lessons learned by the end of the project.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = apr,
|
||
pages = {93–100},
|
||
numpages = {8}
|
||
}
|
||
|
||
@article{10.5555/1119128.1119137,
|
||
author = {Embry, Randall P.},
|
||
title = {Three case studies in community-oriented, open-source software development},
|
||
year = {2006},
|
||
issue_date = {February 2006},
|
||
publisher = {Belltown Media},
|
||
address = {Houston, TX},
|
||
volume = {2006},
|
||
number = {142},
|
||
issn = {1075-3583},
|
||
abstract = {What does a PDA, video capture card and multimedia appliance have in common?},
|
||
journal = {Linux J.},
|
||
month = feb,
|
||
pages = {9}
|
||
}
|
||
|
||
@article{10.5555/1127389.1127418,
|
||
author = {Crowley, Ed},
|
||
title = {Developing "hands-on" security activities with open source software and live CDs},
|
||
year = {2006},
|
||
issue_date = {April 2006},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {21},
|
||
number = {4},
|
||
issn = {1937-4771},
|
||
abstract = {Developing "hand on" information security lab activities often requires a substantial budget and resource commitment. In addition to an appropriate software budget, activities such as installing security software, setting up user accounts, and configuring lab systems can require significant time and labor resources. In a conventional environment, it may also require a dedicated computer lab for each security class. In a given educational environment, obtaining these resources may be problematic.To mitigate these problems, we developed a "hand on" security design process that utilizes Live CDs and Open Source tools. By definition, a Live CD is a bootable CD that contains a complete operating system. Many Live CDs also include useful security utilities. In our security classes, we have utilized both general purpose Live CDs, such as Knoppix, and dedicated security centric Live CDs, such as Auditor. [8] In addition to being self configuring, Live CDs may also be remastered to accommodate additional security tools and related information.This paper presents an overview of our experiences developing "hands on" security activities with Live CD and Open Source components. Our "hands on" activities were developed to support our four course security specialization. To provide a context for this, we first present a brief overview of the security specialization.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = apr,
|
||
pages = {139–145},
|
||
numpages = {7}
|
||
}
|
||
|
||
@article{10.5555/948785.948817,
|
||
author = {Zaritski, Roman M.},
|
||
title = {Using open source software for scientific simulations, data visualization, and publishing},
|
||
year = {2003},
|
||
issue_date = {December 2003},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {19},
|
||
number = {2},
|
||
issn = {1937-4771},
|
||
abstract = {There is a growing number of software packages that can be legally downloaded from the Internet and used in educational and research projects under licenses that involve no costs and few practical restrictions. Primarily, this is open source software. Using an investigation of waves in simulated excitable media as a case study, it is shown that an extensive project, from parallel computer simulations and data visualization stages to the final publication preparation stage, can be carried out completely based on free software. This creates favorable research and educational opportunities in low budget environments.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = dec,
|
||
pages = {218–222},
|
||
numpages = {5}
|
||
}
|
||
|
||
@article{10.1145/2795235,
|
||
author = {Bhowmik, Tanmay and Niu, Nan and Singhania, Prachi and Wang, Wentao},
|
||
title = {On the Role of Structural Holes in Requirements Identification: An Exploratory Study on Open-Source Software Development},
|
||
year = {2015},
|
||
issue_date = {October 2015},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {6},
|
||
number = {3},
|
||
issn = {2158-656X},
|
||
url = {https://doi.org/10.1145/2795235},
|
||
doi = {10.1145/2795235},
|
||
abstract = {Requirements identification is a human-centric activity that involves interaction among multiple stakeholders. Traditional requirements engineering (RE) techniques addressing stakeholders’ social interaction are mainly part of a centralized process intertwined with a specific phase of software development. However, in open-source software (OSS) development, stakeholders’ social interactions are often decentralized, iterative, and dynamic. Little is known about new requirements identification in OSS and the stakeholders’ organizational arrangements supporting such an activity. In this article, we investigate the theory of structural hole from the context of contributing new requirements in OSS projects. Structural hole theory suggests that stakeholders positioned in the structural holes in their social network are able to produce new ideas. In this study, we find that structural hole positions emerge in stakeholders’ social network and these positions are positively related to contributing a higher number of new requirements. We find that along with structural hole positions, stakeholders’ role is also an important part in identifying new requirements. We further observe that structural hole positions evolve over time, thereby identifying requirements to realize enriched features. Our work advances the fundamental understanding of the RE process in a decentralized environment and opens avenues for improved techniques supporting this process.},
|
||
journal = {ACM Trans. Manage. Inf. Syst.},
|
||
month = sep,
|
||
articleno = {10},
|
||
numpages = {30},
|
||
keywords = {Requirements identification, brokerage, open-source requirements engineering, social capital, social information foraging theory, stakeholders’ social network, structural hole}
|
||
}
|
||
|
||
@article{10.5555/2752981.2753004,
|
||
author = {Goggins, Sean Patrick},
|
||
title = {HFOSS: humanitarian open source software in the college classroom: pre-conference workshop},
|
||
year = {2015},
|
||
issue_date = {May 2015},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {30},
|
||
number = {5},
|
||
issn = {1937-4771},
|
||
abstract = {"Working in an OSS environment has helped teach me the importance of documentation and how development outside of college works.... I finally got a feel for what is expected of me as a software engineer.... I appreciate the lessons learned in this class because it was a real-life experience in the work field as opposed to studying theoretical approaches and practicing writing programs which will never be used again." Senior student, Western New England College, December, 2010.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = may,
|
||
pages = {91–92},
|
||
numpages = {2}
|
||
}
|
||
|
||
@article{10.1109/TNET.2024.3413789,
|
||
author = {Zhao, Ziming and Li, Zhaoxuan and Xie, Xiaofei and Yu, Jiongchi and Zhang, Fan and Zhang, Rui and Chen, Binbin and Luo, Xiangyang and Hu, Ming and Ma, Wenrui},
|
||
title = {FOSS: Towards Fine-Grained Unknown Class Detection Against the Open-Set Attack Spectrum With Variable Legitimate Traffic},
|
||
year = {2024},
|
||
issue_date = {Oct. 2024},
|
||
publisher = {IEEE Press},
|
||
volume = {32},
|
||
number = {5},
|
||
issn = {1063-6692},
|
||
url = {https://doi.org/10.1109/TNET.2024.3413789},
|
||
doi = {10.1109/TNET.2024.3413789},
|
||
abstract = {Anomaly-based network intrusion detection systems (NIDSs) are essential for ensuring cybersecurity. However, the security communities realize some limitations when they put most existing proposals into practice. The challenges are mainly concerned with (i) fine-grained unknown attack detection and (ii) ever-changing legitimate traffic adaptation. To tackle these problem, we present three key design norms. The core idea is to construct a model to split the data distribution hyperplane and leverage the concept of isolation, as well as advance the incremental model update. We utilize the isolation tree as the backbone to design our model, named FOSS, to echo back three norms. By analyzing the popular dataset of network intrusion traces, we show that FOSS significantly outperforms the state-of-the-art methods. Further, we perform an initial deployment of FOSS by working with the Internet Service Provider (ISP) to detect distributed denial of service (DDoS) attacks. With real-world tests and manual analysis, we demonstrate the effectiveness of FOSS to identify previously-unseen attacks in a fine-grained manner.},
|
||
journal = {IEEE/ACM Trans. Netw.},
|
||
month = aug,
|
||
pages = {3945–3960},
|
||
numpages = {16}
|
||
}
|
||
|
||
@article{10.5555/1060081.1060117,
|
||
author = {Donorfio, Brian},
|
||
title = {The politics of "free": open source software in government},
|
||
year = {2004},
|
||
issue_date = {May 2004},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {19},
|
||
number = {5},
|
||
issn = {1937-4771},
|
||
abstract = {"Linux has become a Wall Street buzzword, much like 'e-commerce' and 'dot-com' before it" according to Sam Williams in <u>Free as in Freedom</u>. Even after the dot-com bust, however, the adoption of open source alternatives, such as the GNU/Linux operating system, is still a hot topic in both the public and private sectors. With large companies such as Sun Microsystems and IBM now giving their full support to open source initiatives and the growing consumer backlash against the Microsoft Windows operating system, the so-called open source movement is beginning to gain popular exposure, both in the private sector, as well as in government applications. Governmental use of free software --- not just free in the commercial sense, but "free as in speech" --- can have a democratizing effect on the government.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = may,
|
||
pages = {279–280},
|
||
numpages = {2}
|
||
}
|
||
|
||
@article{10.1145/3705303,
|
||
author = {Chen, Yunqi and Wan, Zhiyuan and Zhuang, Yifei and Liu, Ning and Lo, David and Yang, Xiaohu},
|
||
title = {Understanding the OSS Communities of Deep Learning Frameworks: A Comparative Case Study of PyTorch and TensorFlow},
|
||
year = {2025},
|
||
issue_date = {March 2025},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {34},
|
||
number = {3},
|
||
issn = {1049-331X},
|
||
url = {https://doi.org/10.1145/3705303},
|
||
doi = {10.1145/3705303},
|
||
abstract = {Over the past two decades, deep learning has received tremendous success in developing software systems across various domains. Deep learning frameworks have been proposed to facilitate the development of such software systems, among which, PyTorch and TensorFlow stand out as notable examples. Considerable attention focuses on exploring software engineering practices and addressing diverse technical aspects in developing and deploying deep learning frameworks and software systems. Despite these efforts, little is known about the open source software communities involved in the development of deep learning frameworks.In this article, we perform a comparative investigation into the open source software communities of the two representative deep learning frameworks, PyTorch and TensorFlow. To facilitate the investigation, we compile a dataset of 2,792 and 3,288 code commit authors, along with 9,826 and 19,750 participants engaged in issue events on GitHub, from the two communities, respectively. With the dataset, we first characterize the structures of the two communities by employing four operationalizations to classify contributors into various roles and inspect the contributions made by common contributors across the two communities. We then conduct a longitudinal analysis to characterize the evolution of the two communities across various releases, in terms of the numbers of contributors with various roles and role transitions among contributors. Finally, we explore the causal effects between community characteristics and the popularity of the two frameworks.We find that the TensorFlow community harbors a larger base of contributors, encompassing a higher proportion of core developers and a more extensive cohort of active users compared to the PyTorch community. In terms of the technical background of the developers, 64.4% and 56.1% developers in the PyTorch and TensorFlow communities are employed by the leading companies of the corresponding open source software projects, Meta and Google, respectively; 25.9% and 21.9% core developers in the PyTorch and TensorFlow communities possess Ph.D. degrees, while 77.2% and 77.7% contribute to other machine learning or deep learning open source projects, respectively. Developers contributing to both communities demonstrate spatial and temporal similarities to some extent in their pull requests across the respective projects. The evolution of contributors with various roles exhibits a consistent upward trend over time in the PyTorch community. Conversely, a noticeable turning point in the growth of contributors characterizes the evolution of the TensorFlow community. Both communities show a statistically significant decreasing trend in the inflow rates of core developers. Furthermore, we observe statistically significant causal effects between the expansion of communities and retention of core developers and the popularity of deep learning frameworks. Based on our findings, we discuss implications, provide recommendations for sustaining open source software communities of deep learning frameworks, and outline directions for future research.},
|
||
journal = {ACM Trans. Softw. Eng. Methodol.},
|
||
month = feb,
|
||
articleno = {70},
|
||
numpages = {30},
|
||
keywords = {Deep learning, community evolution, GitHub, developer classification}
|
||
}
|
||
|
||
@article{10.1145/3290837,
|
||
author = {Gasson, Susan and Purcelle, Michelle},
|
||
title = {A Participation Architecture to Support User Peripheral Participation in a Hybrid FOSS Community},
|
||
year = {2018},
|
||
issue_date = {December 2018},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {1},
|
||
number = {4},
|
||
url = {https://doi.org/10.1145/3290837},
|
||
doi = {10.1145/3290837},
|
||
abstract = {Participation by product users is critical to success in free, open-source software (FOSS) software communities as they originate and develop valuable ideas for product innovation that are unlikely to originate from the core software development community. Users tend to be involved at the periphery of FOSS communities, suggesting new product ideas, highlighting problems with user documentation, or explaining when the product design fails to fit with the needs of their local user application domain. As an increasing number of FOSS projects employ a hybrid participation model that combines volunteer effort with paid software development effort or product support, it can be difficult for non-developer users to participate in product innovation. In colocated organizations, it is theorized that peripheral participants learn how to engage with the practices and cultural identity of a community through a sociocultural apprenticeship known as legitimate peripheral participation. But we have little literature that explores how legitimate peripheral participation is enabled in online communities.The research study presented in this article explores how participation by peripheral users in a hybrid FOSS project is afforded by participation architecture channels and community mechanisms that mediate two forms of engagement: a “cognitive apprenticeship” that introduces participants to situated domain activity, such as the community processes involved in product innovation, and a “social apprenticeship” by which participants become enculturated in the system of meanings, values, norms, and behaviors that govern community/participant identity. We identified five stages of community innovation, analyzing sociotechnical affordances of the online participation architecture that enable peripheral participants to internalize the meanings of community practice and to develop a social identity within the FOSS community. Our contribution to theory is provided by the substantive explanation of the cognitive and social translations that enable legitimate peripheral participation in online communities, mediated by sociotechnical access channels and mechanisms that afford two contrasting forms of opportunities for action: those resulting from interactions between a goal-oriented actor and the technology platform features or channels of participation, and those associated with the social structures, roles, and relationships underpinning community interactions. Neither of these is sufficient without the other. Our contribution to practice is provided by an explanation of how four distinct categories of affordance provide these cognitive and social apprenticeship benefits, allowing participation architecture designers to cater to all forms of peripheral user participation. We conclude that the technical affordances of a typical FOSS community participation architecture are insufficient to mediate peripheral participation by nontechnical users. Meaningful participation is mediated by interactions between boundary spanners who play knowledge-brokering and organizational bridging roles. The combination of technical and social affordances enables peripheral participants to acquire an interior view of community practices and social culture and in turn to introduce new ideas, new values, and new rationales to produce a generative dance of innovation that percolates through the community.},
|
||
journal = {Trans. Soc. Comput.},
|
||
month = dec,
|
||
articleno = {14},
|
||
numpages = {46},
|
||
keywords = {Legitimate peripheral participation, affordances, hybrid-FOSS community, innovation, participation architecture, user participation}
|
||
}
|
||
|
||
@article{10.5555/1064866.1064872,
|
||
author = {Ruffolo, Joe and Terry, Ron},
|
||
title = {Linux in the classroom: an experience with linux and open-source software in an educational environment},
|
||
year = {2005},
|
||
issue_date = {May 2005},
|
||
publisher = {Belltown Media},
|
||
address = {Houston, TX},
|
||
volume = {2005},
|
||
number = {133},
|
||
issn = {1075-3583},
|
||
journal = {Linux J.},
|
||
month = may,
|
||
pages = {6}
|
||
}
|
||
|
||
@article{10.1145/3145476,
|
||
author = {Braught, Grant and Maccormick, John and Bowring, James and Burke, Quinn and Cutler, Barbara and Goldschmidt, David and Krishnamoorthy, Mukkai and Turner, Wesley and Huss-Lederman, Steven and Mackellar, Bonnie and Tucker, Allen},
|
||
title = {A Multi-Institutional Perspective on H/FOSS Projects in the Computing Curriculum},
|
||
year = {2018},
|
||
issue_date = {June 2018},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {18},
|
||
number = {2},
|
||
url = {https://doi.org/10.1145/3145476},
|
||
doi = {10.1145/3145476},
|
||
abstract = {Many computer science programs have capstone experiences or project courses that allow students to integrate knowledge from the full breadth of their major. Such capstone projects may be student-designed, instructor-designed, designed in conjunction with outside companies, or integrated with ongoing free and open source (FOSS) projects. The literature shows that the FOSS approach has attracted a great deal of interest, in particular when implemented with projects that have humanitarian goals (HFOSS). In this article, we describe five unique models from five distinct types of institutions for incorporating sustained FOSS or HFOSS (alternatively H/FOSS) project work into capstone experiences or courses. The goal is to provide instructors wishing to integrate open source experiences into their curriculum with additional perspectives and resources to help in adapting this approach to the specific needs and goals of their institution and students. All of the models presented are based on sustained engagement with H/FOSS projects that last at least one semester and often more. Each model is described in terms of its characteristics and how it fits the needs of the institution using the model. Assessment of each model is also presented. We then discuss the themes that are common across the models, such as project selection, team formation, mentoring, and student assessment. We examine the choices made by each model, as well as the challenges faced. We end with a discussion how the models have leveraged institutional initiatives and collaborations with outside organizations to address some of the challenges associated with these projects.},
|
||
journal = {ACM Trans. Comput. Educ.},
|
||
month = jul,
|
||
articleno = {7},
|
||
numpages = {31},
|
||
keywords = {FOSS, HFOSS, Open source, capstones, humanitarian, projects}
|
||
}
|
||
|
||
@article{10.1145/3694782,
|
||
author = {Lin, Ruyan and Fu, Yulong and Yi, Wei and Yang, Jincheng and Cao, Jin and Dong, Zhiqiang and Xie, Fei and Li, Hui},
|
||
title = {Vulnerabilities and Security Patches Detection in OSS: A Survey},
|
||
year = {2024},
|
||
issue_date = {January 2025},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {57},
|
||
number = {1},
|
||
issn = {0360-0300},
|
||
url = {https://doi.org/10.1145/3694782},
|
||
doi = {10.1145/3694782},
|
||
abstract = {Over the past decade, Open Source Software (OSS) has experienced rapid growth and widespread adoption, attributed to its openness and editability. However, this expansion has also brought significant security challenges, particularly introducing and propagating software vulnerabilities. Despite the use of machine learning and formal methods to tackle these issues, there remains a notable gap in comprehensive surveys that summarize and analyze both Vulnerability Detection (VD) and Security Patch Detection (SPD) in OSS. This article seeks to bridge this gap through an extensive survey that evaluates 127 technical studies published between 2014 and 2023, structured around the Vulnerability-Patch lifecycle. We begin by delineating the six critical events that constitute the Vulnerability-Patch lifecycle, leading to an in-depth exploration of the Vulnerability-Patch ecosystem. We then systematically review the databases commonly used in VD and SPD, and analyze their characteristics. Subsequently, we examine existing VD methods, focusing on traditional and deep learning based approaches. Additionally, we organize current security patch identification methods by kernel type and discuss techniques for detecting the presence of security patches. Based on our comprehensive review, we identify open research questions and propose future research directions that merit further exploration.},
|
||
journal = {ACM Comput. Surv.},
|
||
month = oct,
|
||
articleno = {23},
|
||
numpages = {37},
|
||
keywords = {Open source software, vulnerability detection, security patch detection, software security, AI security}
|
||
}
|
||
|
||
@article{10.5555/2460156.2460194,
|
||
author = {Ellis, Heidi J. C. and Hislop, Gregory W.},
|
||
title = {Community-based student learning via participation in humanitarian FOSS projects},
|
||
year = {2013},
|
||
issue_date = {June 2013},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {28},
|
||
number = {6},
|
||
issn = {1937-4771},
|
||
abstract = {Free and Open Source Software (FOSS) projects offer a rich learning environment for computing students due to the transparent nature of the process and artifacts used to develop the product. Student participation in such a project allows students to learn collaboratively within a professional community while working on a real-world, frequently international project. This learning differs from a traditional classroom environment because students learn from the community itself and the instructor becomes a guide rather than the main source of knowledge. Humanitarian FOSS (HFOSS) projects have the additional benefit of attracting students due to their altruistic nature and the possibility for benefiting the human condition.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = jun,
|
||
pages = {196–198},
|
||
numpages = {3}
|
||
}
|
||
|
||
@article{10.5555/2400161.2400169,
|
||
author = {Ellis, Heidi J. C. and Hislop, Gregory W.},
|
||
title = {Community-based student learning via participation in humanitarian Foss projects},
|
||
year = {2013},
|
||
issue_date = {January 2013},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {28},
|
||
number = {3},
|
||
issn = {1937-4771},
|
||
abstract = {Free and Open Source Software (FOSS) projects offer a rich learning environment for computing students due to the transparent nature of the process and artifacts used to develop the product. Student participation in such a project allows students to learn collaboratively within a professional community while working on a real-world, frequently international project. This learning differs from a traditional classroom environment because students learn from the community itself and the instructor becomes a guide rather than the main source of knowledge. Humanitarian FOSS (HFOSS) projects have the additional benefit of attracting students due to their altruistic nature and the possibility for benefiting the human condition.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = jan,
|
||
pages = {33–34},
|
||
numpages = {2}
|
||
}
|
||
|
||
@article{10.1145/3479551,
|
||
author = {Guizani, Mariam and Chatterjee, Amreeta and Trinkenreich, Bianca and May, Mary Evelyn and Noa-Guevara, Geraldine J. and Russell, Liam James and Cuevas Zambrano, Griselda G. and Izquierdo-Cortazar, Daniel and Steinmacher, Igor and Gerosa, Marco A. and Sarma, Anita},
|
||
title = {The Long Road Ahead: Ongoing Challenges in Contributing to Large OSS Organizations and What to Do},
|
||
year = {2021},
|
||
issue_date = {October 2021},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {5},
|
||
number = {CSCW2},
|
||
url = {https://doi.org/10.1145/3479551},
|
||
doi = {10.1145/3479551},
|
||
abstract = {Open source communities hosted in large foundations operate in a complex socio-technical ecosystem, which includes a heterogeneous mix of projects and stakeholders. Previous work has thus far investigated the challenges faced in OSS communities from the point of view of specific stakeholders, primarily at the level of individual projects. None have yet studied the challenges faced within a large, federated open source organization. In this paper, we aim to bridge this gap to identify ongoing challenges contributors face in a mature OSS organization. To do so, we surveyed 624 contributors at the Apache Software Foundation (ASF) and ran 11 semi-structured follow up interviews. We validated our findings through member checking with the interviewees as well as the ASF Diversity and Inclusion (D&I) committee. The contributions of this paper include: (1) an empirically-evidenced conceptual model of the 88 challenges that contributors face in a mature OSS foundation and (2) a set of 48 community-recommended strategies for alleviating these challenges. Our results show that even well-established and mature organizations still face a variety of individual and project-specific challenges and that it is difficult to design a comprehensive set of processes and guidelines to match the needs and expectations of a diverse and large federated community. Our conceptual challenges model and associated strategies to mitigate them can provide guidance to other OSS foundations and projects helping them in building better support processes and tools to create a successful, thriving community of contributors.},
|
||
journal = {Proc. ACM Hum.-Comput. Interact.},
|
||
month = oct,
|
||
articleno = {407},
|
||
numpages = {30},
|
||
keywords = {challenges, collaborative development, open source foundation}
|
||
}
|
||
|
||
@article{10.5555/2460156.2460162,
|
||
author = {Ellis, Heidi J. C. and Hislop, Gregory W. and Purcell, Michelle and Postner, Lori},
|
||
title = {Project selection for student participation in humanitarian FOSS},
|
||
year = {2013},
|
||
issue_date = {June 2013},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {28},
|
||
number = {6},
|
||
issn = {1937-4771},
|
||
abstract = {Many faculty members are excited by the learning potential inherent in student participation in a Free and Open Source Software (FOSS) project. Student learning can range from software development to technical writing to team skills to professionalism and more. The altruistic nature of humanitarian FOSS provides additional appeal to students by providing the ability to do some social good. However, selection of an appropriate project can be difficult due to the large number of humanitarian FOSS projects available, and the wide range of size, complexity, domains, and communities in those projects. We have developed an approach to FOSS project selection [1] based on several years of experience involving students in humanitarian FOSS projects. This workshop will provide participants with a hands-on experience in selecting such a project. Participants will understand the key aspects of FOSS projects that are important when evaluating a project for use in the classroom. Participants will also be guided through the process of identifying and evaluating candidate projects for their classes.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = jun,
|
||
pages = {16–18},
|
||
numpages = {3}
|
||
}
|
||
|
||
@article{10.5555/2184451.2184456,
|
||
author = {Kussmaul, Clif and Ellis, Heidi J. C. and Hislop, Gregory W.},
|
||
title = {Learning foss collaboration tools & techniques through guided inquiry activities: workshop},
|
||
year = {2012},
|
||
issue_date = {June 2012},
|
||
publisher = {Consortium for Computing Sciences in Colleges},
|
||
address = {Evansville, IN, USA},
|
||
volume = {27},
|
||
number = {6},
|
||
issn = {1937-4771},
|
||
abstract = {Many faculty members (and students) desire to know more about free & open source software (FOSS) development and its tools and practices. This workshop introduces participants to collaboration tools & techniques used in FOSS. In particular, we will focus on task tracking systems and version control systems, which are unfamiliar to many faculty and students. To help participants understand what these tools do and how to use them, we will use process oriented guided inquiry learning (POGIL) activities. In POGIL, learners work in groups of 3 or 4 in guided activities that are structured to help them construct new knowledge. In the two hands-on activities, teams will work through a series of increasingly sophisticated models. In each model, teams will use tools, answer questions, explore options, and report out their findings and lessons learned. We particularly welcome students, who should enjoy the activities and could help faculty observe the strengths and limitations of the tools and activities. Participants will receive copies of all activities, presentation slides, and other materials, and an annotated bibliography on FOSS, POGIL, and related topics.},
|
||
journal = {J. Comput. Sci. Coll.},
|
||
month = jun,
|
||
pages = {13–15},
|
||
numpages = {3}
|
||
}
|
||
|
||
@article{10.1145/3485819,
|
||
author = {Kapur, Ritu and Sodhi, Balwinder},
|
||
title = {OSS Effort Estimation Using Software Features Similarity and Developer Activity-Based Metrics},
|
||
year = {2022},
|
||
issue_date = {April 2022},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {31},
|
||
number = {2},
|
||
issn = {1049-331X},
|
||
url = {https://doi.org/10.1145/3485819},
|
||
doi = {10.1145/3485819},
|
||
abstract = {Software development effort estimation (SDEE) generally involves leveraging the information about the effort spent in developing similar software in the past. Most organizations do not have access to sufficient and reliable forms of such data from past projects. As such, the existing SDEE methods suffer from low usage and accuracy.We propose an efficient SDEE method for open source software, which provides accurate and fast effort estimates. The significant contributions of our article are (i) novel SDEE software metrics derived from developer activity information of various software repositories, (ii) an SDEE dataset comprising the SDEE metrics’ values derived from approximately 13,000 GitHub repositories from 150 different software categories, and (iii) an effort estimation tool based on SDEE metrics and a software description similarity model. Our software description similarity model is basically a machine learning model trained using the PVA on the software product descriptions of GitHub repositories. Given the software description of a newly envisioned software, our tool yields an effort estimate for developing it.Our method achieves the highest standardized accuracy score of 87.26% (with Cliff’s δ = 0.88 at 99.999% confidence level) and 42.7% with the automatically transformed linear baseline model. Our software artifacts are available at https://doi.org/10.5281/zenodo.5095723.},
|
||
journal = {ACM Trans. Softw. Eng. Methodol.},
|
||
month = mar,
|
||
articleno = {33},
|
||
numpages = {35},
|
||
keywords = {Effort estimation, software development effort, developer activity, software maintenance, software planning}
|
||
}
|
||
|
||
@article{10.1145/3415251,
|
||
author = {Trinkenreich, Bianca and Guizani, Mariam and Wiese, Igor and Sarma, Anita and Steinmacher, Igor},
|
||
title = {Hidden Figures: Roles and Pathways of Successful OSS Contributors},
|
||
year = {2020},
|
||
issue_date = {October 2020},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {4},
|
||
number = {CSCW2},
|
||
url = {https://doi.org/10.1145/3415251},
|
||
doi = {10.1145/3415251},
|
||
abstract = {Open Source Software (OSS) development is a collaborative endeavor where expert developers, distributed around the globe create software solutions. Given this characteristic, OSS communities have been studied as technical communities, where stakeholders join and evolve in their careers based on their (often voluntary) code contributions to the project. However, the OSS landscape is slowly changing with more people and companies getting involved in OSS. This means that projects now need people in non-technical roles and activities to keep the project sustainable and evolving. In this paper, we focus on understanding the roles and activities that are part of the current OSS landscape and the different career pathways in OSS. By conducting and analyzing 17 interviews with OSS contributors who are well known in the community, we provide empirical evidence of the existence and importance of community-centric roles (e.g advocate, license manager, community founder) in addition to the well-known project-centric ones (e.g maintainer, core member). However, the community-centric roles typically remain hidden, since these roles may not leave traces in software repositories typically analyzed by researchers. We found that people can build a career in OSS through different roles and activities, with different backgrounds, including those not related to writing software. Furthermore, people's career pathways are fluid, moving between project and community-centric roles. Our work highlights that communities and researchers need to take action to acknowledge the importance of these varied roles, making these roles visible and well-recognized, which can ultimately help attract and retain more people in the OSS projects.},
|
||
journal = {Proc. ACM Hum.-Comput. Interact.},
|
||
month = oct,
|
||
articleno = {180},
|
||
numpages = {22},
|
||
keywords = {career, collaborative development, open-source, role}
|
||
}
|
||
|
||
@article{10.1145/2876443,
|
||
author = {Zhou, Minghui and Mockus, Audris and Ma, Xiujuan and Zhang, Lu and Mei, Hong},
|
||
title = {Inflow and Retention in OSS Communities with Commercial Involvement: A Case Study of Three Hybrid Projects},
|
||
year = {2016},
|
||
issue_date = {May 2016},
|
||
publisher = {Association for Computing Machinery},
|
||
address = {New York, NY, USA},
|
||
volume = {25},
|
||
number = {2},
|
||
issn = {1049-331X},
|
||
url = {https://doi.org/10.1145/2876443},
|
||
doi = {10.1145/2876443},
|
||
abstract = {Motivation: Open-source projects are often supported by companies, but such involvement often affects the robust contributor inflow needed to sustain the project and sometimes prompts key contributors to leave. To capture user innovation and to maintain quality of software and productivity of teams, these projects need to attract and retain contributors. Aim: We want to understand and quantify how inflow and retention are shaped by policies and actions of companies in three application server projects. Method: We identified three hybrid projects implementing the same JavaEE specification and used published literature, online materials, and interviews to quantify actions and policies companies used to get involved. We collected project repository data, analyzed affiliation history of project participants, and used generalized linear models and survival analysis to measure contributor inflow and retention. Results: We identified coherent groups of policies and actions undertaken by sponsoring companies as three models of community involvement and quantified tradeoffs between the inflow and retention each model provides. We found that full control mechanisms and high intensity of commercial involvement were associated with a decrease of external inflow and with improved retention. However, a shared control mechanism was associated with increased external inflow contemporaneously with the increase of commercial involvement. Implications: Inspired by a natural experiment, our methods enabled us to quantify aspects of the balance between community and private interests in open- source software projects and provide clear implications for the structure of future open-source communities.},
|
||
journal = {ACM Trans. Softw. Eng. Methodol.},
|
||
month = apr,
|
||
articleno = {13},
|
||
numpages = {29},
|
||
keywords = {Hybrid project, commercial involvement, contributor inflow, contributor retention, extent and intensity of involvement, natural experiment}
|
||
}
|
||
|