面向操作系统可靠性保障的开源软件供应链

软件可靠性是软件工程领域中的研究热点之一,故障率分析是软件可靠性的典型研究方法.然而,软件构建模式已从单体模式演进到以开源软件为代表的规模化协作模式,操作系统作为代表性产物之一,所含开源软件之间通过组合关系和依赖关系,形成了一个包含上万节点的供应关系网络.典型方法缺乏对供应关系的考量,无法准确识别和评估因此而引入的软件可靠性问题.把供应链概念体系拓展到开源软件领域,提出一种基于知识的面向开源协作模式下软件供应可靠性的管理方法：面向开源软件生态进行本体设计,构建开源软件知识图谱,实现知识的提取、存储和管理,以知识为驱动,结合传统的供应链管理方法,提出一组面向开源软件供应链的可靠性管理方法,构成一套开源软件供应链管理系统.实验以Linux操作系统发行版的构建为例,展示了开源软件供应链对操作系统可靠性的支撑能力.结果表明,开源软件供应链将有助于理清和评估大型复杂系统软件的可靠性风险.     

一种面向开源软件特征的开源软件选择方法研究

文章提出一种面向开源软件特征的开源软件选择方法,首先从开源软件的基本特性、评估策略和内在特征三个方面建立其特征,并将特征纳入到开源软件的分类中。其次再根据不同用户的需求的特征与开源软件的分类建立选择机制,使用户需求选择特征与开源软件特征进行对应,从而建立起开源软件选择方法。然后通过该方法来选择面向开源软件开发工具为例进行验证表明,该策略有效且可用性强。     

开源对软件人才培养带来的挑战

开源是世界信息技术及产业发展的重要方向,然而,面对开源进一步繁荣发展的需求,开源人才的供应无论在质或量上均存在较大不足。文章分析开源发展及开源人才的现状,剖析开源人才的能力特点及其培养需求,对开源软件人才的培养实践进行总结,并提出对未来教育实践的展望。     

面向语音识别应用的开源软件演化技术

为更好地解决开源社区中原资源的应用过度依赖具体的计算环境与背景，无法充分满足个性化需求这一问题，文章根据语音识别应用，借助开源软件演化技术对如何提高开源语音识别模型采集的准确率以及解决开源语音模型的自适应性等问题展开研究，并提出了驱动演化算法。实验结果表明，将开源软件演化技术应用在语音识别过程中具有可行性。     

开源软件漏洞感知技术综述

随着现代软件规模不断扩大,软件漏洞给计算机系统和软件的安全运行、可靠性造成了极大的威胁,进而给人们的生产生活造成巨大的损失.近年来,随着开源软件的广泛使用,其安全问题受到广泛关注.漏洞感知技术可以有效地帮助开源软件用户在漏洞纰漏之前提前感知到漏洞的存在,从而进行有效防御.与传统软件的漏洞检测不同,开源漏洞的透明性和协同性给开源软件的漏洞感知带来巨大的挑战.因此,有许多学者和从业人员提出多种技术,从代码和开源社区中感知开源软件中潜在的漏洞和风险,以尽早发现开源软件中的漏洞从而降低漏洞所带来的损失.为了促进开源软件漏洞感知技术的发展,对已有研究成果进行系统的梳理、总结和点评.选取45篇开源漏洞感知技术的高水平论文,将其分为3大类:基于代码的漏洞感知技术、基于开源社区讨论的漏洞感知技术和基于软件补丁的漏洞感知技术,并对其进行系统地梳理、归纳和总结.值得注意的是,根据近几年最新研究的总结,首次提出基于开源软件漏洞生命周期的感知技术分类,对已有的漏洞感知技术分类进行补充和完善.最后,探索该领域的挑战,并对未来研究的方向进行展望.     

开源知名网站

www.sourceforge.net 要说开源软件,就不能不提大名鼎鼎的SourceForge。这是一个由Open sourceTechnology Group(“OSTG”)建立的开源软件社区,提供了大量适用于各类操作系统、采用不同编程语言开发的各式各样的软件。除了查找各式各样的开源软     

Summarization on Software Reliability for Open Source Software

随着网络技术的迅猛发展,开源软件正以前所未有的优势得以快速发展.现在的开源软件已经成为软件发展的主要流行趋势.而开源软件的可靠性则成为开源软件发展的重要目标.在研究开源软件可靠性模型的基础上,对开源软件可靠性模型参数估计、可靠性和评测标准进行了论述,然后对开源软件期望努力和版本更新时间也进行了相应的研究.     

开源软件供应链安全问题研究

当前,开源已经成为软件开发的重要模式之一。由于开源开发模式具有代码来源多样、依赖关系复杂等特点,使得开源软件面临代码漏洞风险、供应链攻击风险、知识产权风险、可持续维护风险等供应链安全问题,且问题呈现出快速增长态势。本文基于对开源软件供应链中的安全风险分析,提出从开源软件安全漏洞检测、软件成分分析、许可证冲突检测、开源生态可持续治理四个方面进行安全治理的方法,指出构建安全软件供应链面临依赖关系复杂、结构脆弱等挑战,对软件成分分析、供应链构建等未来研究方向进行了展望。     

开源许可证的选择:挑战和影响因素

开发者通常会为其开源代码选择不同的开源许可证来约束其使用条件,以期能有效地保护知识产权和维持软件的长远发展.然而,现有的开源许可证种类繁杂,开发者难以了解不同开源许可证间的差异,并且难以通过现有的开源许可证选择工具做出合适的选择——其使用要求开发者了解开源许可证相关条款并明确自己的业务需求.学术界虽然对开源许可证已有研...     

首届openSUSE亚洲峰会10月举行

首届openSUSE亚洲峰会将于2014年10月18-19日在北京举行。峰会是openSUSE项目的技术大会,以亚洲各国开源技术爱好者、软件开发者的交流为主要内容。主办方称,本次峰会将针对云计算、大数据等热点话题开展一系列开源项目实践及技术分享活动。     

基于Android系统的车载娱乐系统软件架构

车载电子业目前面临众多机遇与挑战，开发一套所有汽车可以安装的通用平台不仅可以降低整个产业链成本，而且可以使应用软件增加，满足不同用户喜好。本文提出一种可行的软件架构，将谷歌Android系统良好的兼容性和安全性的特点应用在车载电子系统中。     

开源软件测试实践教学方案设计

基于开源的软件测试实践教学方案是软件测试实践教学的一种大胆尝试,具有示范性和推广性,北京工业大学软件学院在这方面开展了多年的实践活动。文章介绍了开源软件测试实践教学的方案、对应的大纲和具体实施情况。     

Change profile analysis of open-source software systems to understand their evolutionary behavior

Source code management systems (such as git) record changes to code repositories of Open-Source Software (OSS) projects. The metadata about a change includes a change message to record the intention of the change. Classification of changes, based on change messages, into different change types has been explored in the past to understand the evolution of software systems from the perspective of change size and change density only. However, software evolution analysis based on change classification with a focus on change evolution patterns is still an open research problem. This study examines change messages of 106 OSS projects, as recorded in the git repository, to explore their evolutionary patterns with respect to the types of changes performed over time. An automated keyword-based classifier technique is applied to the change messages to categorize the changes into various types (corrective, adaptive, perfective, preventive, and enhancement). Cluster analysis helps to uncover distinct change patterns that each change type follows. We identify three categories of 106 projects for each change type: high activity, moderate activity, and low activity. Evolutionary behavior is different for projects of different categories. The projects with high and moderate activity receive maximum changes during 76–81 months of the project lifetime. The project attributes such as the number of committers, number of files changed, and total number of commits seem to contribute the most to the change activity of the projects. The statistical findings show that the change activity of a project is related to the number of contributors, amount of work done, and total commits of the projects irrespective of the change type. Further, we explored languages and domains of projects to correlate change types with domains and languages of the projects. The statistical analysis indicates that there is no significant and strong relation of change types with domains and languages of the 106 projects.     

基于Live CD的移动教学平台设计与实现

教学平台是Linux教学的重要一环。针对目前高校Linux教学平台的诸多弊端,提出了基于Live CD技术的移动教学平台设计思想,并重点分析了基于Live CD技术实现可移动平台整体设计方案与关键技术点。     

基于开源 Pycsw 的灾害元数据管理系统设计与原型实现

面临自然灾害频发及其造成损失日益加剧的威胁,灾害信息共享已成为减轻灾害风险国际合作的重要技术手段,是提高综合防灾减灾救灾能力的重要保障。有效地汇聚和管理灾害元数据对促进灾害数据的共享具有重要意义。本文基于开源pycsw软件,根据自主设计的灾害元数据标准,分别建立灾害核心元数据与都柏林核心元数据和ISO 19115核心元数据的映射。分析设计灾害元数据管理系统,实现了对灾害元数据的在线添加、编辑、查看、删除与检索功能。本研究产生的原型系统已在防灾减灾知识服务系统 (http://drr.ikcest.org/) 中初步应用。     

The Measurement of the Software Ecosystem’s Productivity with GitHub

Software productivity has always been one of the most critical metrics for measuring software development. However, with the open-source community (e.g., GitHub), new software development models are emerging. The traditional productivity metrics do not provide a comprehensive measure of the new software development models. Therefore, it is necessary to build a productivity measurement model of open source software ecosystem suitable for the open-source community’s production activities. Based on the natural ecosystem, this paper proposes concepts related to the productivity of open source software ecosystems, analyses influencing factors of open source software ecosystem productivity, and constructs a measurement model using these factors. Model validation experiments show that the model is compatible with a large portion of open source software ecosystems in GitHub. This study can provide references for participants of the open-source software ecosystem to choose proper types of ecosystems. The study also provides a basis for ecosystem health assessment for researchers interested in ecosystem quality.     

HiLog：OpenHarmony的高性能日志系统

日志是计算机系统中记录事件状态信息的的重要载体, 日志系统负责计算机系统的日志生成、收集和输出. OpenHarmony是新兴的、面向全设备、全场景的开源操作系统. 在所述工作之前, 包括日志系统在内OpenHarmony有许多关键子系统尚未构建, 而OpenHarmony的开源特性使第三方开发者可以为其贡献核心代码. 为了解决OpenHarmony日志系统缺乏的问题, 主要开展如下工作: ① 分析当今主流日志系统的技术架构和优缺点; ② 基于OpenHarmony操作系统的异构设备互联特性设计HiLog日志系统模型规范; ③ 设计并实现第1个面向OpenHarmony的日志系统HiLog, 并贡献到OpenHarmony主线; ④ 对HiLog日志系统的关键指标进行测试和对比试验. 实验数据表明, 在基础性能方面, HiLog和Log的日志写入阶段吞吐量分别为1 500 KB/s和700 KB/s, 相比Android日志系统吞吐量提升114%; 在日志持久化方面, HiLog可以3.5%的压缩率进行持久化, 并且丢包率小于6‰, 远低于Log. 此外, HiLog还具备数据安全、流量控制等新型实用能力.     

开源软件供应链安全研究综述

随着近年来开源软件的蓬勃发展,现代化软件的开发和供应模式极大地促进了开源软件自身的快速迭代和演进,也提高了社会效益.新兴的开源协作的软件开发模式,使得软件开发供应流程由较为单一的线条转变为复杂的网络形态.在盘根错节的开源软件供应关系中,总体安全风险趋势显著上升,日益受到学术界和产业界的重视.针对开源软件供应链,厘清了其关键环节,基于近10年的攻击事件,归纳了开源软件供应链的威胁模型和安全趋势,并通过对现有安全研究成果的调研分析,从风险识别和加固防御这两个方面总结了开源软件供应链安全的研究现状,最后对开源软件供应链安全所面临的挑战和未来研究方向进行了展望和总结.     

Quality Impacts of Clandestine Common Coupling

The increase in maintenance of software and the increased amounts of reuse are having major positive impacts on the quality of software, but are also introducing some rather subtle negative impacts on the quality. Instead of talking about existing problems (faults), developers now discuss potential problems, that is, aspects of the program that do not affect the quality initially, but could have deleterious consequences when the software goes through some maintenance or reuse. One type of potential problem is that of common coupling, which unlike other types of coupling can be clandestine. That is, the number of instances of common coupling between a module M and the other modules can be changed without any explicit change to M. This paper presents results from a study of clandestine common coupling in 391 versions of Linux. Specifically, the common coupling between each of 5332 kernel modules and the rest of the product as a whole was measured. In more than half of the new versions, a change in common coupling was observed, even though none of the modules themselves was changed. In most cases where this clandestine common coupling was observed, the number of instances of common coupling increased. These results provide yet another reason for discouraging the use of common coupling in software products.     

HSPM: A Better Model to Effectively Preventing Open-Source Projects from Dying

With the rapid development of Open-Source (OS), more and more software projects are maintained and developed in the form of OS. These Open-Source projects depend on and influence each other, gradually forming a huge OS project network, namely an Open-Source Software ECOsystem (OSSECO). Unfortunately, not all OS projects in the open-source ecosystem can be healthy and stable in the long term, and more projects will go from active to inactive and gradually die. In a tightly connected ecosystem, the death of one project can potentially cause the collapse of the entire ecosystem network. How can we effectively prevent such situations from happening? In this paper, we first identify the basic project characteristics that affect the survival of OS projects at both project and ecosystem levels through the proportional hazards model. Then, we utilize graph convolutional networks based on the ecosystem network to extract the ecosystem environment characteristics of OS projects. Finally, we fuse basic project characteristics and environmental project characteristics and construct a Hybrid Structured Prediction Model (HSPM) to predict the OS project survival state. The experimental results show that HSPM significantly improved compared to the traditional prediction model. Our work can substantially assist OS project managers in maintaining their projects’ health. It can also provide an essential reference for developers when choosing the right open-source project for their production activities.