开源平台下软件管理技术的研究

基于开源软件平台基本特点的分析,对目前具有代表性的apt/dpkg、yum/RPM、BSD ports和portage等软件管理技术进行分析,对比和总结了现有技术特征和一般结构,探索了开源平台下软件管理技术可能的发展方向.     

开源软件FreeBSD内核进化研究

摘要：归纳开源软件项目的数据源及数据收集方法,给出FreeBSD内核的软件进化分析方法和相关分析结果。重点分析了FreeBSD系统和主要子系统的复杂性进化趋势及推动进化的主要原因,提出了快速测算大型开源软件复杂性的方法。     

Improving software security with static automated code analysis in an industry setting

Software security can be improved by identifying and correcting vulnerabilities. In order to reduce the cost of rework, vulnerabilities should be detected as early and efficiently as possible. Static automated code analysis is an approach for early detection. So far, only few empirical studies have been conducted in an industrial context to evaluate static automated code analysis. A case study was conducted to evaluate static code analysis in industry focusing on defect detection capability, deployment, and usage of static automated code analysis with a focus on software security. We identified that the tool was capable of detecting memory related vulnerabilities, but few vulnerabilities of other types. The deployment of the tool played an important role in its success as an early vulnerability detector, but also the developers perception of the tools merit. Classifying the warnings from the tool was harder for the developers than to correct them. The correction of false positives in some cases created new vulnerabilities in previously safe code. With regard to defect detection ability, we conclude that static code analysis is able to identify vulnerabilities in different categories. In terms of deployment, we conclude that the tool should be integrated with bug reporting systems, and developers need to share the responsibility for classifying and reporting warnings. With regard to tool usage by developers, we propose to use multiple persons (at least two) in classifying a warning. The same goes for making the decision of how to act based on the warning. Copyright © 2012 John Wiley & Sons, Ltd.     

Code quality analysis in open source software development

Abstract Proponents of open source style software development claim that better software is produced using this model compared with the traditional closed model. However, there is little empirical evidence in support of these claims. In this paper, we present the results of a pilot case study aiming: (a) to understand the implications of structural quality; and (b) to figure out the benefits of structural quality analysis of the code delivered by open source style development. To this end, we have measured quality characteristics of 100 applications written for Linux, using a software measurement tool, and compared the results with the industrial standard that is proposed by the tool. Another target of this case study was to investigate the issue of modularity in open source as this characteristic is being considered crucial by the proponents of open source for this type of software development. We have empirically assessed the relationship between the size of the application components and the delivered quality measured through user satisfaction. We have determined that, up to a certain extent, the average component size of an application is negatively related to the user satisfaction for this application.     

化学信息学开源软件的集成与复用

软件集成与复用是提高开发效率和质量的重要途径,而开发标准是实现集成与复用的重要因素。通过分析InChI、Jmol和BALL等实例,提出了化学信息学开源软件开发的数据通信标准、界面标准和模块标准问题。在此基础上,以作者进行的分子相似性与差异性研究为例,展示了对开源科学计算软件SciLab的主成分分析(PCA)模块进行改进、集成和复用的情况,说明对开源软件应采取扬弃态度,保障集成、复用的成效。     

开源软件自动化评估证据框架

互联网上已形成了规模巨大、种类丰富的开源软件资源。如何准确、快速地判断一个开源项目的各种可信属性是否满足需求是当前软件工程领域研究的热点。深入分析已有开源软件评估模型,总结互联网上软件质量相关的各种信息,提出了面向开源软件的可信评估证据框架,并基于该框架构建了一种开源软件可信证据查询平台。利用该平台能够极大地提高评估效率,用户可以准确、快速、全面地了解相关软件项目的各种信息。最后,以一个知名开源软件证实了该证据框架及证据查询平台的可行性。     

大型自由和开源软件进化研究

大型自由和开源软件的各种版本源代码和相关开发信息是软件工程研究者研究开源软件项目的重要数据源.归纳开源软件项目的数据源及数据收集方法,给出Linux、FreeBSD操作系统内核的软件进化的分析方法和相关分析结果.重点分析了系统和主要子系统的复杂性进化趋势及推动进化主要原因,提出了快速测算大型开源软件复杂性的方法.得出系统目前以超线性方式进化,而进化的主要推动力是适应系统硬件资源的进化.     

教育信息化领域中开源软件的应用策略研究

开源软件因其源代码开放、免费、易于定制等特性,非常适合教育信息化领域的需求。文章阐述了开源软件的概念及特征,分析了开源软件在国内外教育领域中的研究与应用现状,最后提出了开源软件在我国教育信息化领域中的应用策略。     

化学信息学与开源软件

化学信息学研究需要性能强大而又能随时修订的、开放性的软件工具。通过回顾自由软件到开源软件的发展历史,展示开源式程序开发的丰富成就,包括操作系统如Linux、社区如SourceForge和我国的共创软件联盟等,澄清与copyright针锋相对的copyleft式版权概念,介绍并比较多种软件许可证,对开源软件的发展机制进行简要分析,认为开源软件是满足化学信息学要求的最佳选择。     

Comparing practices for reuse in integration‐oriented software product lines and large open source software projects

This article compares the organization and practices for software reuse in integration‐oriented software product lines (SPLs) and open source software projects. The main observation is that both approaches are successful regarding large variability and reuse, but differ widely in their practices and organization. To capture practices in large open source projects, we describe an open compositional model, which reflects their more decentralized organization of software development. We capture key practices and organizational forms for this and validate these by comparing four case studies of this model. Two of these studies are based on published SPL case studies, for the other two we analyze the practices in two large and successful open source projects based on their published developer documentation. Our analysis highlights key differences between the practices in the two open source organizations and the more integrational practices used in the other two cases. Finally, we discuss which practices are successful in which environment and how the current practices can move towards more open, widely scoped and distributed software development. Copyright © 2010 John Wiley & Sons, Ltd.     

Comparative case studies of open source software peer review practices

ContextThe power of open source software peer review lies in the involvement of virtual communities, especially users who typically do not have a formal role in the development process. As communities grow to a certain extent, how to organize and support the peer review process becomes increasingly challenging. A universal solution is likely to fail for communities with varying characteristics.ObjectiveThis paper investigates differences of peer review practices across different open source software communities, especially the ones engage distinct types of users, in order to offer contextualized guidance for developing open source software projects.MethodComparative case studies were conducted in two well-established large open source communities, Mozilla and Python, which engage extremely different types of users. Bug reports from their bug tracking systems were examined primarily, complemented by secondary sources such as meeting notes, blog posts, messages from mailing lists, and online documentations.ResultsThe two communities differ in the key activities of peer review processes, including different characteristics with respect to bug reporting, design decision making, to patch development and review. Their variances also involve the designs of supporting technology. The results highlight the emerging role of triagers, who bridge the core and peripheral contributors and facilitate the peer review process. The two communities demonstrate alternative designs of open source software peer review and their tradeoffs were discussed.ConclusionIt is concluded that contextualized designs of social and technological solutions to open source software peer review practices are important. The two cases can serve as learning resources for open source software projects, or other types of large software projects in general, to cope with challenges of leveraging enormous contributions and coordinating core developers. It is also important to improve support for triagers, who have not received much research effort yet.     

Effort, co-operation and co-ordination in an open source software project: GNOME

Abstract This paper presents results from research into open source projects from a software engineering perspective. The research methodology employed relies on public data retrieved from the CVS repository of the GNOME project and relevant discussion groups. This methodology is described, and results concerning the special characteristics of open source software development are given. These data are used for a first approach to estimating the total effort to be expended.     

开源软件生产的网络化创新系统研究

从系统工程、经济学和生态学的角度分析了开源软件社区的内在创新机理。首先,基于系统学理论定义了开源软件生产系统的概念;然后通过分析开源软件与私有软件生产系统的差异,归纳了开源生产行为的经济学特征;最后基于耗散结构理论和复杂科学理论提出了创新熵来度量开源社区的创新效能,并进一步揭示了开源社区网络创新的内在演化机理。     

基于深度聚类的开源软件漏洞检测方法

针对开源软件漏洞,提出一种基于深度聚类算法的软件源代码漏洞检测方法。该方法利用代码图模型构造开源软件代码属性图,遍历得到关键代码节点并提取出应用程序编程接口（API）序列,将其嵌入向量空间,以关键代码为中心进行聚类,根据聚类结果计算每个函数的异常值,生成检测报告并匹配漏洞库,从而检测出源代码中的漏洞。实验结果表明,该方法能够定位开源软件中漏洞所在的关键代码段并检测出相应漏洞。     

User acceptance model of open source software

The development and implementation of open source software (OSS) is one of the most current topics within the academic, business and political environments. Traditionally, research in OSS has focused on identifying individual personal motives for participating in the development of an OSS project, analyzing specific OSS solutions, or the OSS movement, itself. Nevertheless, user acceptance towards this type of technology has received very little attention. For this reason, the main purpose of the current study is to identify the variables and factors that have a direct effect on individual attitude towards OSS adoption. Therefore, we have developed a technological acceptance model on behalf of the users towards a solution based on OSS. For this development, we have considered the technology acceptance model. Findings show that OSS is a viable solution for information management for organizations.     

软件源码上的数据挖掘应用综述

数据挖掘技术可以从大量的数据中发现某些有价值的知识.而将软件源码作为一种特殊的数据,在其上应用数据挖掘技术进行源码层次上的信息挖掘,已成为一个新颖而重要的课题.将对软件源码上的数据挖掘技术从各领域的应用、数据挖掘方法以及当前发展水平等主要方面展开介绍,并详细剖析当前此领域的制约因素,提出未来此领域的发展方向.     

JSMAA: open source software for SMAA computations

Most software for multi-criteria decision analysis (MCDA) implement a small set of compatible methods as a closed monolithic program. With such software tools, the decision models have to be input by hand. In some applications, however, the model can be generated using external information sources, and thus it would be beneficial if the MCDA software could integrate in the comprehensive information infrastructure. This article motivates for the need of model generation in the methodological context of stochastic multicriteria acceptability analysis (SMAA), and describes the JSMAA software that implements SMAA-2, SMAA-O and SMAA-TRI methods. JSMAA is an open source and divided in separate graphical user interface and library components, enabling its use in systems with a model generation subsystem.     

利用开源软件构建OLAP系统

在开源软件的基础上，实现应用系统的开发，已被证明是一种可靠和有效的方式。提出了一个基于开放源码软件构建联机分析处理系统的技术框架。在实际开发过程中，在遵循相关的许可证制度的前提下，通过对多个相关开源软件的源代码进行详细剖析，结合实际需求进行修改，最终成为一个完整的产品化系统，并成功地投入实际应用。     

An improved Pareto distribution for modelling the fault data of open source software

In the modern society, software plays a very important role in many application systems. Consequently, the main goal of project managers and software engineers is to deliver reliable software within very limited resource, time and budget during the software development life cycle. Presently, it is widely recognized that open source software (OSS) has developed as a new (and novel) form of both personal and aggregation production. In the past, some research has shown that the traditional Pareto distribution (PD) and the Weibull distribution models can be used to describe the distribution of software faults of OSS. However, there could be a negative value for the cumulative probability of the traditional PD model in some cases. In this paper, based on our past studies, a modified Pareto‐based distribution model, called the single‐change‐point 2‐parameter generalized PD (SCP‐2GPD) model is proposed. The method of choosing an appropriate change‐point is presented and illustrated. Some mathematical properties of the proposed model are also discussed. Experiments are conducted using several real OSS data, and evaluation results show that our proposed SCP‐2GPD model depicts the real‐life situation of the software development life cycle more faithfully and accurately. Copyright © 2013 John Wiley & Sons, Ltd.     

计算机软件安全检测存在的问题及应对措施

近年来,计算机科学的发展速度越来越快,人们在日常生活中越发离不开计算机。而随着计算机技术的发展,计算机软件开发不断提速,随之产生了大量的问题。其中,鉴于计算机软件安全的重要性,安全检测工作不容忽视。现有的计算机软件安全检测方法存在不少的问题。如果能够对计算机软件进行合理的检测,势必会降低故障率,这对计算机软件安全来说有非常重要的意义。