@MISC\{IMM2015-07051, author = "C. G. Garcia", title = "Reputation management of an Open Source Software system based on the trustworthiness of its contributions", year = "2015", publisher = "Technical University of Denmark, Department of Applied Mathematics and Computer Science", address = "Richard Petersens Plads, Building 324, {DK-}2800 Kgs. Lyngby, Denmark, compute@compute.dtu.dk", note = "{DTU} supervisor: Christian D. Jensen, cdje@dtu.dk, {DTU} Compute", url = "http://www.compute.dtu.dk/english", abstract = "Externally developed components and frameworks are used at large in the software industry. Some of these are developed by Open Source Software (OSS) projects, due to numerous advantages such as costs savings. Developers can contribute to the projects they like most and this usually translates into higher quality components. The most important principle of Open Source, freedom, however, is associated with risk. While the quality of {OSS} projects is predominantly high, events such as the Heartbleed vulnerability in Open {SSL} emphasises the importance of quality assurance for externally developed components. These components and frameworks may themselves be based on the efforts of other software development projects, so there is a degree of uncertainty about the components required. Vulnerabilities in any of the dependencies may a effect the trustworthiness of the component, hence the importance of assessing the quality of these components to avoid security flaws. The purpose of this thesis is to investigate means to determine the quality, in particular with respect to security, of {OSS} projects. It deals with reputation management of an {OSS} system with the aim of providing advice on its quality. This is done by examining the externally developed components and frameworks developed by other {OSS} projects. The thesis consists of: 1. Study different approaches for trust management. 2. Investigate ways to identify the dependencies among components in the {OSS} system. 3. Define security metrics to measure the trustworthiness of the contributions. 4. Development and evaluation of a Proof-of-Concept prototype" }