Stability assessment methodology for open source projects considering uncertainty
Title
不確実性を考慮したオープンソースプロジェクトに対する安定性評価手法
Stability assessment methodology for open source projects considering uncertainty
Degree
博士(工学)
Dissertation Number
創科博甲第121号
(2023-09-26)
Degree Grantors
Yamaguchi University
[kakenhi]15501
grid.268397.1
Abstract
Open source software (OSS) are adopted as embedded systems, server usage, and so on because of quick delivery, cost reduction, and standardization of systems. Therefore, OSS is often used not only for the personal use but also for the commercial use. Many OSS have been developed under the peculiar development style known as the bazaar method. According to this method, many faults are detected and fixed by developers around the world, and the fixed result will be reflected in the next release. Also, many OSS are developed and managed by using the fault big data recorded on the bug tracking systems. Then, many OSS are developed and maintained by several developers with many OSS users.
According to the results of the 2022 Open Source Security and Risk Analysis (OSSRA), OSS is an essential part of proprietary software, e.g., the source code containing OSS is 97%, all source code using OSS is 78%. On the other hand, OSS has issues from various perspectives. Therefore, OSS users need to decide on whether they should use OSS with consideration of each issue. In addition, the managers of open source projects need to manage their projects appropriately because OSS has a large impact on software around the world.
This thesis focuses on the following three issues among many ones. We examine a method for OSS users and open source project managers to evaluate the stability of open source projects.
1. Selection evaluation and licensing: Methods for OSS users to make selections from the many OSS available situation,
2. Vulnerability support: Predicted fault fix priority for the reported OSS,
3. Maintenance and quality assurance: Prediction of appropriate OSS version upgrade timing, considering the development effort required after OSS upgrade by OSS users.
In “1. Selection evaluation and licensing,” we attempt to derive the OSS-oriented EVM by applying the earned value management (EVM) to several open source projects. The EVM is one of the project management methodologies for measuring the project performance and progress. In order to derive the OSS-oriented EVM, we apply the stochastic models based on software reliability growth model (SRGM) considering the uncertainty for the development environment in open source projects. We also improve the method of deriving effort in open source projects. In case of applying the existing method of deriving effort in open source projects, it is not possible to derive some indices in the OSS-oriented EVM. Thus, we resolve this issue. The derived OSSoriented EVM helps OSS users and open source project managers to evaluate the stability of their current projects. It is an important to use the decision-making tool regarding their decisions and projects of OSS. From a different perspective, we also evaluate the stability of the project in terms of the speed of fault fixing by predicting the time transition of fixing the OSS faults reported in the future.
2. In “Vulnerability support”, in terms of open source project managers, we create metrics to detect faults with a high fix priority and predicted a long time for fixing. In addition, we try to improve the detection accuracy of the proposed metrics by learning not only the specific version but also the bug report data of the past version by using the random forest considering the characteristic similarities of bugs fix among different versions. This allows the project managers to identify the faults that should be prioritized for fixing when a large number of faults are reported, and facilitates project operations.
In “3. Maintenance and quality assurance”, as an optimum maintenance problem, we predict the appropriate OSS version-up timing considering the maintenance effort required by OSS
users after upgrading the OSS. It is dangerous in terms of the vulnerability to continue using the specified version of OSS ignoring the End of Life. Therefore, we should upgrade the version periodically. However, the maintenance cost increase with the version upgrade frequently. Then, we find the optimum maintenance time by minimizing the total expected software maintenance effort in terms of OSS users. In particular, we attempt to reflect the progress of open source projects by using the OSS-oriented EVM in deriving the optimal maintenance time.
In conclusion, we found that there is the applicability as the stability evaluation of open source projects from three perspectives. Particularly, the OSS-oriented EVM discussed in “1. Selection evaluation and licensing” can contribute to the visualization of maintenance effort in open source projects. The proposed method will potentially contribute to the development of OSS in the future.
According to the results of the 2022 Open Source Security and Risk Analysis (OSSRA), OSS is an essential part of proprietary software, e.g., the source code containing OSS is 97%, all source code using OSS is 78%. On the other hand, OSS has issues from various perspectives. Therefore, OSS users need to decide on whether they should use OSS with consideration of each issue. In addition, the managers of open source projects need to manage their projects appropriately because OSS has a large impact on software around the world.
This thesis focuses on the following three issues among many ones. We examine a method for OSS users and open source project managers to evaluate the stability of open source projects.
1. Selection evaluation and licensing: Methods for OSS users to make selections from the many OSS available situation,
2. Vulnerability support: Predicted fault fix priority for the reported OSS,
3. Maintenance and quality assurance: Prediction of appropriate OSS version upgrade timing, considering the development effort required after OSS upgrade by OSS users.
In “1. Selection evaluation and licensing,” we attempt to derive the OSS-oriented EVM by applying the earned value management (EVM) to several open source projects. The EVM is one of the project management methodologies for measuring the project performance and progress. In order to derive the OSS-oriented EVM, we apply the stochastic models based on software reliability growth model (SRGM) considering the uncertainty for the development environment in open source projects. We also improve the method of deriving effort in open source projects. In case of applying the existing method of deriving effort in open source projects, it is not possible to derive some indices in the OSS-oriented EVM. Thus, we resolve this issue. The derived OSSoriented EVM helps OSS users and open source project managers to evaluate the stability of their current projects. It is an important to use the decision-making tool regarding their decisions and projects of OSS. From a different perspective, we also evaluate the stability of the project in terms of the speed of fault fixing by predicting the time transition of fixing the OSS faults reported in the future.
2. In “Vulnerability support”, in terms of open source project managers, we create metrics to detect faults with a high fix priority and predicted a long time for fixing. In addition, we try to improve the detection accuracy of the proposed metrics by learning not only the specific version but also the bug report data of the past version by using the random forest considering the characteristic similarities of bugs fix among different versions. This allows the project managers to identify the faults that should be prioritized for fixing when a large number of faults are reported, and facilitates project operations.
In “3. Maintenance and quality assurance”, as an optimum maintenance problem, we predict the appropriate OSS version-up timing considering the maintenance effort required by OSS
users after upgrading the OSS. It is dangerous in terms of the vulnerability to continue using the specified version of OSS ignoring the End of Life. Therefore, we should upgrade the version periodically. However, the maintenance cost increase with the version upgrade frequently. Then, we find the optimum maintenance time by minimizing the total expected software maintenance effort in terms of OSS users. In particular, we attempt to reflect the progress of open source projects by using the OSS-oriented EVM in deriving the optimal maintenance time.
In conclusion, we found that there is the applicability as the stability evaluation of open source projects from three perspectives. Particularly, the OSS-oriented EVM discussed in “1. Selection evaluation and licensing” can contribute to the visualization of maintenance effort in open source projects. The proposed method will potentially contribute to the development of OSS in the future.
Creators
Sone Hironobu
Languages
eng
Resource Type
doctoral thesis
File Version
Version of Record
Access Rights
open access