Considerations and challenges for the adoption of open source components in software-intensive businesses

Butler, Simon; Gamalielsson, Jonas; Lundell, Björn; Brax, Christoffer; Mattsson, Anders; Gustavsson, Tomas; Feist, Jonas; Kvarnström, Bengt; Lönroth, Erik

doi:10.1016/j.jss.2021.111152

Cited by 10 publications

(5 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An analysis of alternative solutions using the AHP-TOPSIS method showed that the three villages are more suitable for using open-source cloud-based OpenSID than proprietary cloud-based OpenSID. Open source reduces risk to village governments and makes IT more affordable to village governments by reducing costs, providing transparency, preventing government at village level from vendor lock-in, being available free of charge from source code and open source software, and providing flexibility in the choice of supporting [19], integration costs, benefits derived from use, and potential risks [20].…”

Section: Selection Of Form Of Adoption Of Cloud-based Opensidmentioning

confidence: 99%

Factors Influencing the Adoption of Cloud-based Village Information System: A Technology-Organization-Environment Framework and AHP–TOPSIS Integrated Model

Theresiawati,

Tjahjanto,

Widiastiwi

et al. 2023

IJEEI

View full text Add to dashboard Cite

Cloud-based service is a key area for growth in Indonesia, but there are still very few villages that have adopted a village information system based on cloud computing. This study investigates the factors influencing OpenSID adoption in cloud computing. The research was informed by the Technological Organizational Environmental (TOE) and combined two multi-criteria decision analysis methods, namely, AHP and TOPSIS to analyze the acceptance of cloud computing-based village information systems, the driving factors for adoption, and the selection of forms of OpenSID. The research focuses on the analysis of four dimensions namely organization, trust, innovation, and vendor. The sub-dimensions of each dimension include the organization (the technological readiness of actors, top management support, and firm size), Trust (security and privacy factors), innovation (compatibility, complexity, trialability, and relative advantage factors), and Vendor (vendor reputation, perceived price, and external support factors). Primary data was collected using a questionnaire and semistructured interviews with respondents from the village government apparatus in Indramayu. The results of the study showed an open-source cloud-based village information system is the most suitable alternative solution for government at the village level in Indramayu, West Java Province. The results highlighted that the enablers that are critical for cloud adoption include Technology readiness, trust, technological innovation, and vendor. The barriers that are hindering cloud adoption are infrastructure readiness, understanding the use of cloud computing technology, low technical skills and knowledge, data integration issues, and data security. This research is a reference for developing a village information system based on cloud computing

show abstract

Section: Selection Of Form Of Adoption Of Cloud-based Opensidmentioning

confidence: 99%

Factors Influencing the Adoption of Cloud-based Village Information System: A Technology-Organization-Environment Framework and AHP–TOPSIS Integrated Model

Theresiawati,

Tjahjanto,

Widiastiwi

et al. 2023

IJEEI

View full text Add to dashboard Cite

show abstract

“…These metrics are developed under a set of overarching themes such as value, risk, or evolution. Within each theme, metrics are then provided under several focus areas, each with a specific goal that the metrics aim to provide answers to, e.g., to "[l]earn about the types and frequency of activities involved in developing code" under the focus area Code Development Activity within the Evolution theme 5 . No instructions are provided on which metrics to choose.…”

Section: Related Workmentioning

confidence: 99%

“…Heartbleed 1 and Log4Shell 2 ). Organizations, therefore, need to consider the health of the OSS projects that they use to manage the risk coupled with the usage, or dependence of thereof [5,27].…”

Section: Introductionmentioning

confidence: 99%

How to characterize the health of an Open Source Software project? A snowball literature review of an emerging practice

Linåker¹,

Papatheocharous²,

Olsson³

2022

Preprint

View full text Add to dashboard Cite

Motivation: Society's dependence on Open Source Software (OSS) and the communities that maintain the OSS is ever-growing. So are the potential risks of, e.g., vulnerabilities being introduced in projects not actively maintained. By assessing an OSS project's capability to stay viable and maintained over time without interruption or weakening, i.e., the OSS health, users can consider the risk implied by using the OSS as is, and if necessary, decide whether to help improve the health or choose another option. However, such assessment is complex as OSS health covers a wide range of sub-topics, and existing support is limited. Aim: We aim to create an overview of characteristics that affect the health of an OSS project and enable the assessment thereof. Method: We conduct a snowball literature review based on a start set of 9 papers, and identify 146 relevant papers over two iterations of forward and backward snowballing. Health characteristics are elicited and coded using structured and axial coding into a framework structure. Results: The final framework consists of 104 health characteristics divided among 15 themes. Characteristics address the socio-technical spectrum of the community of actors maintaining the OSS project, the software and other deliverables being maintained, and the orchestration facilitating the maintenance. Characteristics are further divided based on the level of abstraction they address, i.e., the OSS project-level specifically, or the project's overarching ecosystem of related OSS projects. Conclusion: The framework provides an overview of the wide span of health characteristics that may need to be considered when evaluating OSS health and can serve as a foundation both for research and practice.

show abstract

“…SPDX is an industrial standard for describing software packages and their dependencies. It is designed to work with all vendors, programming languages, and frameworks [4]. Within the scope of the study, 10 different opensource projects with widespread developer and user support were analyzed in this context.…”

Section: Introductionmentioning

confidence: 99%

Vulnerability analysis based on SBOMs: A model proposal for automated vulnerability scanning for CI/CD pipelines

Kağızmandere,

Arslan

2024

International Journal of Information Security Science

View full text Add to dashboard Cite

The software bill of materials (SBOM) emerged in 2018 as an important component in software security and software supply chain management. SBOM is an inventory presented as a list of the components that make up software. In recent years, whether software products contain vulnerabilities is a phenomenon that should be checked regularly by the users of that product. This paper deals with the systematic identification and vulnerability analysis of software components based on the concept of software bill of materials. The fact that a software product itself does not contain vulnerabilities does not mean that the software product is secure. Even if software projects do not contain any vulnerabilities when examined alone, there may be vulnerabilities in their components. Vulnerabilities in the dependencies or components of the product may be sufficient for cyber attackers to exploit that product. Minimizing the damage caused by vulnerabilities in software components is the basis of cyber security efforts. In this study, the necessity of automatically generating software bill of materials in software development/deployment environments (CI/CD) and performing vulnerability analysis on this bill of materials is demonstrated and a suitable model is proposed.

show abstract

Considerations and challenges for the adoption of open source components in software-intensive businesses

Cited by 10 publications

References 29 publications

Factors Influencing the Adoption of Cloud-based Village Information System: A Technology-Organization-Environment Framework and AHP–TOPSIS Integrated Model

Factors Influencing the Adoption of Cloud-based Village Information System: A Technology-Organization-Environment Framework and AHP–TOPSIS Integrated Model

How to characterize the health of an Open Source Software project? A snowball literature review of an emerging practice

Vulnerability analysis based on SBOMs: A model proposal for automated vulnerability scanning for CI/CD pipelines

Contact Info

Product

Resources

About