Survey on Governance Technology of Open-source Software Library Ecosystem: Twenty Years of Progress

被引:0
|
作者
Wang Y. [1 ,3 ,5 ]
Wu Y.-X. [1 ]
Gao T. [1 ]
Chen Z.-Y. [1 ]
Xu C. [2 ,3 ]
Yu H. [1 ,4 ]
Cheung S.-C. [5 ]
机构
[1] Software College, Northeastern University, Shenyang
[2] Department of Computer Science and Technology, Nanjing University, Nanjing
[3] State Key Laboratory for Novel Software Technology (Nanjing University, Nanjing
[4] Key Laboratory of Data Analytics and Optimization for Smart Industry, Ministry of Education, Frontier Science Center for Industrial Intelligence and System Optimization, Northeastern University, Shenyang
[5] Department of Computer Science and Engineering, Hong Kong University of Science and Technology
来源
Ruan Jian Xue Bao/Journal of Software | 2024年 / 35卷 / 02期
关键词
open-source governance; open-source software supply chain; software library ecosystem;
D O I
10.13328/j.cnki.jos.006983
中图分类号
学科分类号
摘要
Under the new era of “human-machine-thing” ternary integration and ubiquitous computing, the software deployment and operation environment of “open and changeable”, “diverse needs”, and “complex scenarios” have put forward more requirements and higher expectations for the governance of open-source software library ecosystems. To further promote the construction of trusted software supply chain ecosystems and create an independent and controllable technical system based on the ubiquitous computing model, this study focuses on open-source software library ecosystems. It collects 348 authoritative papers in this field in the past two decades (2001–2023); and sorts out the research work of open-source software library management ecological governance technology. The study discusses the modeling and analysis, evolution and maintenance, quality assurance, and management of open-source software supply chain ecosystems, and summarizes the research status, problems, challenges and trends. © 2024 Chinese Academy of Sciences. All rights reserved.
引用
收藏
页码:629 / 674
页数:45
相关论文
共 171 条
  • [41] Wittern E, Suter P, Rajagopalan S., A look at the dynamics of the JavaScript package ecosystem, Proc. of the 13th IEEE/ACM Working Conf. on Mining Software Repositories, pp. 351-361, (2016)
  • [42] Zheng XL, Zeng D, Li HQ, Wang FY., Analyzing open-source software systems as complex networks, Physica A: Statistical Mechanics and Its Applications, 387, 24, pp. 6190-6200, (2008)
  • [43] Zimmermann M, Staicu CA, Tenny C, Pradel M., Small world with high risks: A study of security threats in the npm ecosystem, (2019)
  • [44] Nielsen BB, Torp MT, Moller A., Modular call graph construction for security scanning of Node.js applications, Proc. of the 30th ACM SIGSOFT Int’l Symp. on Software Testing and Analysis, pp. 29-41, (2021)
  • [45] Bavota G, Canfora G, Di Penta M, Oliveto R, Panichella S., How the Apache community upgrades dependencies: An evolutionary study, Empirical Software Engineering, 20, 5, pp. 1275-1317, (2015)
  • [46] Mora Cantallops M, Sicilia MA, Garcia-Barriocanal E, Sanchez-Alonso S., Evolution and prospects of the comprehensive R archive network (CRAN) package ecosystem, Journal of Software: Evolution and Process, 32, 11, (2020)
  • [47] Hornik K., Are there too many R packages?, Austrian Journal of Statistics, 41, 1, (2016)
  • [48] Caneill M, German DM, Zacchiroli S., The Debsources Dataset: Two decades of free and open source software, Empirical Software Engineering, 22, 3, pp. 1405-1437, (2017)
  • [49] Massacci F, Pashchenko I., Technical leverage in a software ecosystem: Development opportunities and security risks, Proc. of the 43rd IEEE/ACM Int’l Conf. on Software Engineering (ICSE), pp. 1386-1397, (2021)
  • [50] Caneill M, Zacchiroli S., Debsources: Live and historical views on macro-level software evolution, Proc. of the 8th ACM/IEEE Int’l Symp. on Empirical Software Engineering and Measurement, (2014)
12345678910