Reputation management of an Open Source Software system based on the trustworthiness of its contributions

Reputation management of an Open Source Software system based on the trustworthiness of its contributions
Cristina Garcia Garcia
Abstract	Externally developed components and frameworks are used at large in the software industry. Some of these are developed by Open Source Software (OSS) projects, due to numerous advantages such as costs savings. Developers can contribute to the projects they like most and this usually translates into higher quality components. The most important principle of Open Source, freedom, however, is associated with risk. While the quality of OSS projects is predominantly high, events such as the Heartbleed vulnerability in Open SSL emphasises the importance of quality assurance for externally developed components. These components and frameworks may themselves be based on the efforts of other software development projects, so there is a degree of uncertainty about the components required. Vulnerabilities in any of the dependencies may aeffect the trustworthiness of the component, hence the importance of assessing the quality of these components to avoid security flaws. The purpose of this thesis is to investigate means to determine the quality, in particular with respect to security, of OSS projects. It deals with reputation management of an OSS system with the aim of providing advice on its quality. This is done by examining the externally developed components and frameworks developed by other OSS projects. The thesis consists of: 1. Study different approaches for trust management. 2. Investigate ways to identify the dependencies among components in the OSS system. 3. Define security metrics to measure the trustworthiness of the contributions. 4. Development and evaluation of a Proof-of-Concept prototype
Type	Bachelor thesis [Academic thesis]
Year	2015
Publisher	Technical University of Denmark, Department of Applied Mathematics and Computer Science
Address	Richard Petersens Plads, Building 324, DK-2800 Kgs. Lyngby, Denmark, compute@compute.dtu.dk
Series	DTU Compute B.Sc.-2015
Note	DTU supervisor: Christian D. Jensen, cdje@dtu.dk, DTU Compute
Electronic version(s)	[pdf]
Publication link	http://www.compute.dtu.dk/english
BibTeX data	[bibtex]
IMM Group(s)	Computer Science & Engineering