Maartje van der Woude,Tomás Dodds,Guillén Torres

DOI: https://doi.org/10.1177/14648849241274104

IF: 3.1941

2024-08-13

Journalism

Abstract:Journalism, Ahead of Print. With the exploding availability of online data, digital open-source investigations (OSINV) methods have become increasingly popular in journalism. However, practitioners face novel challenges related to the tension between journalism's transparency ideals and its duty to safeguard the privacy and security of data subjects. This article explores this tension by drawing on data from eight in-depth interviews with professional open-source investigative journalists in the Netherlands. The findings of our study reveal that OSINV investigators rely heavily on personal assessments and ongoing dialogues with colleagues to make privacy-related editorial choices, as rules and guidelines have only recently emerged. This research provides valuable insights into the intricacies of OSINV journalism, uncovering the delicate balance between journalistic transparency and privacy/security considerations.

communication

Nicole Forsgren,Bas Alberts,Kevin Backhouse,Grey Baker,Greg Cecarelli,Derek Jedamski,Scot Kelly,Clair Sullivan

DOI: https://doi.org/10.48550/arXiv.2110.10246

2021-10-19

Software Engineering

Abstract:Open source is the connective tissue for much of the information economy. You would be hard-pressed to find a scenario where your data does not pass through at least one open source component. Many of the services and technology we all rely on, from banking to healthcare, also rely on open source software. The artifacts of open source code serve as critical i infrastructure for much of the global economy, making the security of open source software mission-critical to the world.

Dawn Foster

2024-11-07

Abstract:Many popular open source projects are owned and driven by vendors, and in today's difficult economic climate, those vendors are under increasing pressure from investors to deliver a strong return on their investments. One response to this pressure has been the relicensing of popular open source projects to more restrictive licenses in the hopes of generating more revenue, disrupting the idea of open source as a digital commons. In some cases, relicensing has resulted in a hard fork of the original project. These relicensing events and resulting forks can be disruptive to the organizations and individuals using these open source projects. This research compares and contrasts organizational affiliation data from three case studies based on license changes that resulted in forks: Elasticsearch / OpenSearch, Redis / Valkey, and Terraform / OpenTofu. The research indicates that the forks resulting from these relicensing events have more organizational diversity than the original projects, especially when the forks are created under a neutral foundation, like the Linux Foundation, rather than by a single company.

Software Engineering

Miron Lakomy

DOI: https://doi.org/10.1177/17506352231166322

2023-04-07

Media, War and Conflict

Abstract:Media, War &Conflict, Ahead of Print. This article explores key ethical and security challenges related to exploitation of open-source intelligence (OSINT) in research on online terrorist propaganda. In order to reach this objective, the most common approaches to OSINT-based projects are analysed through the lens of some of the most recognized ethical guidelines in science, which allowed several core dilemmas to be identified. First of all, this study discusses how personal data protection rules are applicable to investigations of potentially dangerous subjects, such as members and followers of Violent Extremist Organizations (VEOs). In addition, the author examines potential threats to the safety of researchers and the scientific infrastructure used in OSINT-based projects. He also discusses the risks of incidental findings and malevolent use of research results. Finally, drawing from existing legal regulations and good practices in other fields, as well as the author's previous experience in OSINT-based analyses of online terrorist activities, this article explores basic means of tackling these dilemmas.

Jose Teixeira,Salman Mian,Ulla Hytti

DOI: https://doi.org/10.48550/arXiv.1612.09462

2016-12-30

Abstract:Interorganizational interactions are often complex and paradoxical. In this research, we transcend two management paradoxes: competition versus cooperation and open-source versus proprietary technology development. We follow the OpenStack open-source ecosystem where competing firms cooperate in the joint-development of a cloud infrastructure for big data. We provide a narrative, complemented with social network visualizations, which depicts the evolution of cooperation and competition. Our findings suggest that development transparency and weak intellectual property rights (i.e., characteristics of open-source ecosystems) allow a focal firm to transfer information and resources more easily between multiple alliances.

Social and Information Networks,Physics and Society

John Sherlock,Manoj Muniswamaiah,Lauren Clarke,Shawn Cicoria

DOI: https://doi.org/10.48550/arXiv.1812.11697

2018-12-31

Other Computer Science

Abstract:Open Source Software (OSS) history is traced to initial efforts in 1971 at Massachusetts Institute of Technology (MIT) Artificial Intelligence (AI) Lab, the initial goals of OSS around Free vs. Freedom, and its evolution and impact on commercial and custom applications. Through OSS history, much of the research and has been around contributors (suppliers) to OSS projects, the commercialization, and overall success of OSS as a development process. In conjunction with OSS growth, intellectual property issues and licensing issues still remain. The consumers of OSS, application architects, in developing commercial or internal applications based upon OSS should consider license risk as they compose their applications using Component Based Software Development (CBSD) approaches, either through source code, binary, or standard protocols such as HTTP.

Jérôme Hergueux,Samuel Kessler

DOI: https://doi.org/10.1145/3491102.3517516

2022-04-29

Abstract:We conduct the first comprehensive study of the behavioral factors which predict leader emergence within open source software (OSS) virtual teams. We leverage the full history of developers’ interactions with their teammates and projects at github.com between January 2010 and April 2017 (representing about 133 million interactions) to establish that – contrary to a common narrative describing open source as a pure “technical meritocracy” – developers’ communication abilities and community building skills are significant predictors of whether they emerge as team leaders. Inspirational communication therefore appears as central to the process of leader emergence in virtual teams, even in a setting like OSS, where technical contributions have often been conceptualized as the sole pathway to gaining community recognition. Those results should be of interest to researchers and practitioners theorizing about OSS in particular and, more generally, leadership in geographically dispersed virtual teams, as well as to online community managers.

Jessy Ayala,Yu-Jye Tung,Joshua Garcia

2024-09-12

Abstract:In open-source software (OSS), software vulnerabilities have significantly increased. Although researchers have investigated the perspectives of vulnerability reporters and OSS contributor security practices, understanding the perspectives of OSS maintainers on vulnerability management and platform security features is currently understudied. In this paper, we investigate the perspectives of OSS maintainers who maintain projects listed in the GitHub Advisory Database. We explore this area by conducting two studies: identifying aspects through a listing survey ($n_1=80$) and gathering insights from semi-structured interviews ($n_2=22$). Of the 37 identified aspects, we find that supply chain mistrust and lack of automation for vulnerability management are the most challenging, and barriers to adopting platform security features include a lack of awareness and the perception that they are not necessary. Surprisingly, we find that despite being previously vulnerable, some maintainers still allow public vulnerability reporting, or ignore reports altogether. Based on our findings, we discuss implications for OSS platforms and how the research community can better support OSS vulnerability management efforts.

Software Engineering,Cryptography and Security

John Meluso,Amanda Casari,Katie McLaughlin,Milo Z. Trujillo

2024-01-13

Abstract:Invisible labor is work that is not fully visible, not appropriately compensated, or both. In open source software (OSS) ecosystems, essential tasks that do not involve code (like content moderation) often become invisible to the detriment of individuals and organizations. However, invisible labor is so difficult to measure that we do not know how much of OSS activities are invisible. Our study addresses this challenge, demonstrating that roughly half of OSS work is invisible. We do this by developing a survey technique with cognitive anchoring that measures OSS developer self-assessments of labor visibility and attribution. Survey respondents (n=142) reported that their work is more likely to be nonvisible or partially visible (i.e. visible to at most 1 other person) than fully visible (i.e. visible to 2 or more people). Furthermore, cognitively anchoring participants to the idea of high work visibility increased perceptions of labor visibility and decreased visibility importance compared to anchoring to low work visibility. This suggests that advertising OSS activities as "open" may not make labor visible to most people, but rather lead contributors to overestimate labor visibility. We therefore add to a growing body of evidence that designing systems that recognize all kinds of labor as legitimate contributions is likely to improve fairness in software development while providing greater transparency into work designs that help organizations and communities achieve their goals.

Software Engineering

Nicholas F. Polys

DOI: https://doi.org/10.1109/mcg.2024.3384728

IF: 1.909

2024-06-25

IEEE Computer Graphics and Applications

Abstract:This inaugural article sets the stage and scope for a new department in IEEE Computer Graphics and Applications: @theSource. In this department, we set out to address the questions, "How have open source projects and open Standards driven graphics innovations and applications?" and "What can we learn from them?" Thus, we are broadly concerned with how open communities and ecosystems have (and are) impacting computer graphics. The intent is to highlight: open source software (such as architectures, engines, frameworks, libraries, services); open Standards and open source data and models; and applications as well as the impacts of open graphics technologies. We also consider historical and summative reviews on the cultural and economic aspects of open source and open Standards graphics ecosystems, such as visualization and mixed reality.

computer science, software engineering

Nancy Mead,Carol Woody,Scott Hissam

2024-04-26

Abstract:Caveat emptor, or let the buyer beware, is commonly attributed to open source software (OSS)-the onus is on the OSS consumer to ensure that it is fit for use in the consumer's context. OSS has been compared to an open market bazaar where consumers are free to browse all the source code and take a copy. In this paper, we observe challenges for the OSS consumer to obtain information about the process(es), project(s) used to produce a product and the protection(s) employed by those projects. We discuss the need for more transparency by OSS projects, where possible and introduce a framework for reasoning about those OSS projects and their products for use by the OSS consumer.

Software Engineering

Marco Berti,Ace V. Simpson

DOI: https://doi.org/10.5465/amr.2017.0208

IF: 16.4

2021-04-01

Academy of Management Review

Abstract:The idea that interdependent and persistent tensions are intrinsic to organizing is now well accepted. Organizational paradox theory has further stressed the importance of accepting such paradoxes, to turn them into generative forces. This recommendation assumes, however, that actors have full agency in responding to paradoxes, overlooking the role of power dynamics. We expand upon paradox theory by drawing attention to organizational pragmatic paradoxes, contradictory demands received within the context of an intense managerial relationship, such as when a subordinate is ordered to 'take initiative'. Our model highlights how organizational pragmatic paradoxes derive from power relations restricting actors' capacities for enacting legitimate responses to tensions. Specifically, we link different organizational power dimensions to various manifestations of pragmatic paradoxes. We further outline concrete actions for mitigating the occurrence of these pathological phenomena. Our conceptualization contributes to a critical reading of paradox theory that is sensitive to power inequalities.

management,business

Nicholas Boucher,Ross Anderson

DOI: https://doi.org/10.48550/arXiv.2209.10717

2022-09-22

Cryptography and Security

Abstract:While vulnerability research often focuses on technical findings and post-public release industrial response, we provide an analysis of the rest of the story: the coordinated disclosure process from discovery through public release. The industry-wide 'Trojan Source' vulnerability which affected most compilers, interpreters, code editors, and code repositories provided an interesting natural experiment, enabling us to compare responses by firms versus nonprofits and by firms that managed their own response versus firms that outsourced it. We document the interaction with bug bounty programs, government disclosure assistance, academic peer review, and press coverage, among other topics. We compare the response to an attack on source code with the response to a comparable attack on NLP systems employing machine-learning techniques. We conclude with recommendations to improve the global coordinated disclosure system.

Javad Ghofrani,Paria Heravi,Kambiz A. Babaei,Mohammad Soorati

DOI: https://doi.org/10.48550/arXiv.2208.01137

2022-08-02

Abstract:Open source projects play a significant role in software production. Most of the software projects reuse and build upon the existing open source projects and libraries. While reusing is a time and cost-saving strategy, some of the key factors are often neglected that create vulnerability in the software system. We look beyond the static code analysis and dependency chain tracing to prevent vulnerabilities at the human factors level. The literature lacks a comprehensive study of the human factors perspective on the issue of trust in reusing open source projects. We performed an interview-based initial study with software developers to get an understanding of the trust issue and limitations among the practitioners. We outline some of the key trust issues in this paper and lay out the first steps toward the trustworthy reuse of software.

Software Engineering

Madiha Zahrah Choksi,Ilan Mandel,David Goedicke,Yan Shvartzshnaider

DOI: https://doi.org/10.48550/arXiv.2306.05598

2023-06-09

Abstract:Centralization in code hosting and package management in the 2010s created fundamental shifts in the social arrangements of open source ecosystems. In a regime of centralized open source, platform effects can both empower and detract from communities depending on underlying technical implementations and governance mechanisms. In this paper we examine Dependabot, Crater and Copilot as three nascent tools whose existence is predicated on centralized software at scale. Open source ecosystems are maintained by positive feedback loops between community members and their outputs. This mechanism is guided by community standards that foreground notions of accountability and transparency. On one hand, software at scale supports positive feedback loops of exchange among ecosystem stakeholders: community members (developers), users, and projects. On the other, software at scale becomes a commodity to be leveraged and expropriated. We perform a comparative analysis of attributes across the three tools and evaluate their goals, values, and norms. We investigate these feedback loops and their sociotechnical effects on open source communities. We demonstrate how the values embedded in each case study may diverge from the foundational ethos of open communities as they are motivated by, and respond to the platform effects, corporate capture, and centralization of open source infrastructure. Our analysis finds that these tools embed values that are reflective of different modes of development - some are transparent and accountable, and others are not. In doing so, certain tools may have feedback mechanisms that extend communities. Others threaten and damage communities ability to reproduce themselves.

Computers and Society

Dror G. Feitelson

2023-06-02

Abstract:A tenet of open source software development is to accept contributions from users-developers (typically after appropriate vetting). But should this also include interventions done as part of research on open source development? Following an incident in which buggy code was submitted to the Linux kernel to see whether it would be caught, we conduct a survey among open source developers and empirical software engineering researchers to see what behaviors they think are acceptable. This covers two main issues: the use of publicly accessible information, and conducting active experimentation. The survey had 224 respondents. The results indicate that open-source developers are largely open to research, provided it is done transparently. In other words, many would agree to experiments on open-source projects if the subjects were notified and provided informed consent, and in special cases also if only the project leaders agree. While researchers generally hold similar opinions, they sometimes fail to appreciate certain nuances that are important to developers. Examples include observing license restrictions on publishing open-source code and safeguarding the code. Conversely, researchers seem to be more concerned than developers about privacy issues. Based on these results, it is recommended that open source repositories and projects address use for research in their access guidelines, and that researchers take care to ask permission also when not formally required to do so. We note too that the open source community wants to be heard, so professional societies and IRBs should consult with them when formulating ethics codes.

Software Engineering

Mario Silic,Andrea Back

DOI: https://doi.org/10.1142/s0219622015500364

2016-01-01

Abstract:“Nobody ever got fired for buying IBM,” was a widely used cliché in the 1970s in the corporate IT (information technology) world. Since then, the traditional process of purchasing software has dramatically changed, challenged by the advent of open source software (OSS). Since its inception in the 1980s, OSS has matured, grown, and become one of the important driving forces of the enterprise ecosystem. However, it has also brought important IT security risks that are impacting the OSS IT adoption decision-making process. The recent Heartbleed bug demonstrated the grandeur of the issue. While much of the noise relates to the amplification of perceived risks by the popular mass media coverage, the effect is that many enterprises, mainly for risk reasons, have still chosen not to adopt OSS. We investigated “how do information security related characteristics of OSS affect the risk perception and adoption decision of OSS” by conducting an online survey of 188 IT decision-makers. The proposed Open Source Risk Adoption Model offers novel insights on the importance of the perceived risk antecedents. Our research brings new theoretical contributions, such as understanding the perceived IT security risk (PISR) relationship with adoption intention (AI) in the OSS context, for researchers and important insights for IT information professionals. We have found that IT security risk has a significant role in OSS adoption intention. Our results offer possible future research directions and extend existing theoretical understanding of OSS adoption.

computer science, information systems, artificial intelligence, interdisciplinary applications,operations research & management science

Bo Xu,Donald R. Jones

DOI: https://doi.org/10.1145/1851175.1851180

2010-01-01

ACM SIGMIS Database the DATABASE for Advances in Information Systems

Abstract:Open source software comprises a revolutionary new model of software development and distribution. Widespread Internet access in the early 1990s led to a dramatic acceleration of open source activity; but the success of a community open source project depends on the developers' voluntary participation. This paper investigates the social-relational factors, including developers' identification and obligation, shared goals, cognitive and affective trust, and their effects on open source software developer's participation. Data were collected from voluntary developers in open source projects. The research findings show that the social-relational factors are very important to promote developer's participation in an open source project. This research contributes empirically to the body of open source software research, and has practical implications for open source software development.

Reed Milewicz,Jeffrey Carver,Samuel Grayson,Travis Atkison

DOI: https://doi.org/10.1109/mcse.2022.3221877

2023-01-06

Abstract:Open-source research software plays a central role in accelerating advances in science and engineering. Its increasing significance, however, incentivizes malicious actors to attack that software and compromise the systems on which it runs, undermining the free and open exchange of trustworthy research codes. In the world of conventional software development, there has been a shift towards integrating security as early as possible in the development process to guard against malicious activity. Given the potential risks at hand, developers of research software must consider how to do the same across the research software lifecycle. This editorial argues for the need to unite diverse forms of expertise in scientific computing and software security to address these challenges and outlines a roadmap for future work in this space.

computer science, interdisciplinary applications

J. West,W. Vanhaverbeke,H. Chesbrough

Abstract:1. Open Innovation: A New Paradigm for Understanding Industrial Innovation SECTION I: FIRMS IMPLEMENTING OPEN INNOVATION 2. New Puzzles and New Findings 3. Whither Core Competency for the Large Corporation in an Open Innovation World? 4. Open, Radical Innovation: Toward an Integrated Model in Large Established Firms 5. Patterns of Open Innovation in Open Source Software SECTION II: INSTITUTIONS GOVERNING OPEN INNOVATION 6. Does Appropriability Enable or Retard Open Innovation? 7. The Use of University Research in Firm Innovation 8. Open Standards and Intellectual Property Rights 9. The Use of Intellectual Property in Software: Implications for Open Innovation SECTION III: NETWORKS SHAPING OPEN INNOVATION 10. The Inter-organizational Context of Open Innovation 11. Knowledge Networks and the Geographic Locus of Innovation 12. Open Innovation in Systemic Innovation Contexts 13. Open Innovation in Value Networks SECTION IV: CONCLUSIONS 14. Open Innovation: A Research Agenda

Computer Science,Economics,Business,Law