开源软件供应链安全问题研究

当前,开源已经成为软件开发的重要模式之一。由于开源开发模式具有代码来源多样、依赖关系复杂等特点,使得开源软件面临代码漏洞风险、供应链攻击风险、知识产权风险、可持续维护风险等供应链安全问题,且问题呈现出快速增长态势。本文基于对开源软件供应链中的安全风险分析,提出从开源软件安全漏洞检测、软件成分分析、许可证冲突检测、开源生态可持续治理四个方面进行安全治理的方法,指出构建安全软件供应链面临依赖关系复杂、结构脆弱等挑战,对软件成分分析、供应链构建等未来研究方向进行了展望。     

Measuring the health of open source software ecosystems: Beyond the scope of project health

BackgroundThe livelihood of an open source ecosystem is important to different ecosystem participants: software developers, end-users, investors, and participants want to know whether their ecosystem is healthy and performing well. Currently, there exists no working operationalization available that can be used to determine the health of open source ecosystems. Health is typically looked at from a project scope, not from an ecosystem scope.ObjectivesWith such an operationalization, stakeholders can make better decisions on whether to invest in an ecosystem: developers can select the healthiest ecosystem to join, keystone organizers can establish which governance techniques are effective, and end-users can select ecosystems that are robust, will live long, and prosper.MethodDesign research is used to create the health operationalization. The evaluation step is done using four ecosystem health projects from literature.ResultsThe Open Source Ecosystem Health Operationalization is provided, which establishes the health of a complete software ecosystem, using the data from collections of open source projects that belong to the ecosystem.ConclusionThe groundwork is done, by providing a summary of research challenges, for more research in ecosystem health. With the operationalization in hand, researchers no longer need to start from scratch when researching open source ecosystems’ health.     

Adding value to Linked Open Data using a multidimensional model approach based on the RDF Data Cube vocabulary

Most organisations using Open Data currently focus on data processing and analysis. However, although Open Data may be available online, these data are generally of poor quality, thus discouraging others from contributing to and reusing them. This paper describes an approach to publish statistical data from public repositories by using Semantic Web standards published by the W3C, such as RDF and SPARQL, in order to facilitate the analysis of multidimensional models. We have defined a framework based on the entire lifecycle of data publication including a novel step of Linked Open Data assessment and the use of external repositories as knowledge base for data enrichment. As a result, users are able to interact with the data generated according to the RDF Data Cube vocabulary, which makes it possible for general users to avoid the complexity of SPARQL when analysing data. The use case was applied to the Barcelona Open Data platform and revealed the benefits of the application of our approach, such as helping in the decision-making process.     

Open innovation and public administration: transformational typologies and business model impacts

Extant research demonstrates that e-Government initiatives often fall short of achieving innovative forms of government and governance due to a techno-centric focus that limits such initiatives to minor improvements in service delivery. While it is evident that innovation is central to modernising and transforming governmental organisations, and that the co-creation of services by public authorities and community groups is an essential component of realising the benefits of investment in information and communication technology, there is little research focusing on the nature of innovation in transforming governmental organisations and services. Addressing this gap in the literature, this paper explores how open innovation strategies can transform public administration by examining how a network of municipalities in Sweden transforms value creation and service delivery by collaborating with each other and with external parties to accelerate the creation and exploitation of innovation. Using a case study with embedded units of analysis, four emerging typologies of governmental transformation based on open innovation are identified. The paper illustrates how these open innovation typologies (i) transform the organisation of the municipalities and (ii) help them deliver high quality co-created services to citizens. By examining the strategic and operational aspects that facilitate such activities, the analysis reveals the impact of open innovation on the business models of public authorities. The paper concludes that open innovation practices represent a more radical manifestation of transformational government than previously envisaged; signalling not only fundamental change in the nature of value creation and service delivery by public authorities, but potentially in the nature of their organisation.     

Exploring the tension between transparency and datification effects of open government IS through the lens of Complex Adaptive Systems

Government agencies worldwide continue their commitment to providing open data in order to increase transparency of education, healthcare and other public services. Focusing on open government information systems (IS) that provide performance-related data, this paper explores the ongoing tension between government’s goal of transparency and the resulting largely opaque datification effects. Our research insights are derived from an empirical longitudinal study of a controversial open government IS called My School, currently providing performance data on almost 10,000 schools in Australia. We investigate the tension between transparency intended with schools’ open performance data and datification effects they create within the education system and a broader society, through the theoretical lens of Complex Adaptive Systems (CAS). Our study reveals how the tension emerges due to unpredictable use, propagation and reinterpretation of open data by more and more users. Consequently, the original meaning of data gets distorted, as these users continue to reconstruct and reinterpret ‘data’ in their own contexts and adapt their behavior in pursuit of their strategic goals. We also identify and theorize seven datification patterns underlying the tension and the ways they produce various social consequences. Based on these research contributions we discuss important strategic implications for government decision makers and identify new opportunities for future research on open government IS.     

临沂市国土资源政务信息公开网站集群管理设想

为切实做好国土资源政务信息网上公开工作,切实履行《中华人民共和国政府信息公开条例》,切实把门户网站建设成为国土资源政务公开的渠道、在线管理的平台和服务公众的桥梁,促进临沂市国土资源信息公开共享,提高临沂市国土资源政务信｜息公开总侉水平,特提出国士资源门户网站集群管理的设想。     

The emergence of digital ecosystem governance: An investigation of responses to disrupted resource control in the Swedish public transport sector

Digital ecosystem governance entails the management of complex, dynamic power relationships. As entrant platform providers seek to cultivate an ecosystem, they must carefully navigate these power relationships when dealing with governance tensions. Providers generally seek to leverage the ecosystem's generative potential by facilitating a variety of interactions and distributing design rights. Simultaneously, they need to ensure stability and order by imposing rules that resolve contentious matters and restrict ecosystem participants' degrees of freedom. This study explores how and why providers can induce ecosystem actors to engage in collaborative negotiation regarding such governance tensions through a case study of the introduction of an open data platform in the Swedish public transport sector. Our analysis offers three main contributions. First, it provides an empirical demonstration that entrepreneurial threats, as well as opportunities, can trigger platform launches and drive collaborative negotiation of digital ecosystem governance. Second, it extends conceptualizations of boundary resources beyond the current focus on transactional elements by demonstrating the role of interactive boundary resources in the negotiation of governance grounded in both social and systemic power relationships. Third, it shows how positive reinforcement can complement punitive measures to increase acceptance of design rules.     

面向开放大数据环境的动态数据保护系统

大数据成为国家基础性战略资源,数据的开放共享是我国大数据战略的核心.云原生技术和湖仓一体架构正在重构大数据基础设施,并推动数据共享和价值传播.大数据产业和技术的发展都需要更强的数据安全和数据共享能力.然而,开放环境下数据的安全问题已成为制约大数据技术发展与利用的瓶颈.无论开源大数据生态还是商业大数据系统,所引发的数据安全及隐私保护问题都日益凸显.开放大数据环境下的动态数据保护系统面临着数据可用性、处理高效性和系统可扩展性等方面的挑战.提出了面向开放大数据环境的动态数据保护系统BDMasker,通过一种基于查询依赖模型(querydependencymodel)的精准查询分析及查询改写技术,能够精准感知但不改变原始业务请求,实现动态脱敏全过程对业务零影响;通过面向多引擎的统一安全策略框架,实现了动态数据保护能力的纵向扩展和在多种计算引擎中的横向扩展;利用大数据执行引擎的分布式计算能力,提升系统的数据保护处理性能.实验结果表明, BDMasker提出的精准SQL分析及改写技术是有效的,系统具有良好的扩展能力和性能表现,在TPC-DS和YCSB基准测试中,整体性能波动在3%之内.     

Information intermediaries for emergency preparedness and response: A case study from public health

Information intermediaries play a critical role in information supply chains for emergency preparedness. Yet, their responsibilities have not been adequately examined in the literature. Using a state public health department as an exemplar, we explore the roles and challenges experienced by one intermediary organization as it faced the unique challenges of deploying a public health emergency preparedness system. We further discuss the influence of stakeholder participation and commitment, inter-organizational collaboration, issues related to organizational structure and resources, and the challenges specific to developing and institutionalizing an IT system for emergency preparedness. Based on the public health case, a set of propositions focused on trust, coordination, information sharing and incentive alignment are developed to illustrate the role of information intermediaries.     

Excel数据透视表在开放教育学籍数据统计中的应用

该文介绍了笔者在南京电大开放教育学籍数据统计工作中,借助于Excel数据透视表,配合开放教育教务管理系统的使用,可以快速便捷地对开放教育各类学籍数据进行统计和分析,极大地提高数据统计工作效率。     

BDMasker: Dynamic Data Protection System for Open Big Data Environment

Big data has become a national basic strategic resource, and the opening and sharing of data is the core of China''s big data strategy. Cloud native technology and lake-house architecture are reconstructing the big data infrastructure and promoting data sharing and value dissemination. The development of the big data industry and technology requires stronger data security and data sharing capabilities. However, data security in an open environment has become a bottleneck, which restricts the development and utilization of big data technology. The issues of data security and privacy protection have become increasingly prominent both in the open source big data ecosystem and the commercial big data system. Dynamic data protection system under the open big data environment is now facing challenges in regards such as data availability, processing efficiency, and system scalability. This paper proposes the dynamic data protection system BDMasker for the open big data environment. Through a precise query analysis and query rewriting technology based on the query dependency model, it can accurately perceive but does not change the original business request, which indicates that the whole process of dynamic masking has zero impact on the business. Furthermore, its multi-engine-oriented unified security strategy framework realizes the vertical expansion of dynamic data protection capabilities and the horizontal expansion among multiple computing engines. The distributed computing capability of the big data execution engine can be used to improve the data protection processing performance of the system. The experimental results show that the precise SQL analysis and rewriting technology proposed by BDMasker is effective. The system has good scalability and performance, and the overall performance fluctuates within 3% in the TPC-DS and YCSB benchmark tests.     

数据治理技术

随着信息技术的普及，人类产生的数据量正在以指数级的速度增长，如此海量的数据就要求利用新的方法来管理.数据治理是将一个机构（企业或政府部门）的数据作为战略资产来管理，需要从数据收集到处理应用的一套管理机制，以期提高数据质量，实现广泛的数据共享，最终实现数据价值最大化.目前，各行各业对大数据的研究比较火热，但对于大数据治理的研究还处于起步阶段，一个组织的正确决策离不开良好的数据治理.首先介绍数据治理和大数据治理的概念、发展以及应用的必要性；其次，对已有的数据治理技术——数据规范、数据清洗、数据交换和数据集成进行具体的分析，并介绍了数据治理成熟度和数据治理框架设计；在此基础上，提出了大数据HAO治理模型.该模型以支持人类智能（HI）、人工智能（AI）和组织智能（OI）的三者协同为目标，再以公安的数据治理为例介绍HAO治理的应用；最后是对数据治理的总结和展望.     

Open Source Data Collection in the Developing World

The ability to collect data is key to the success of many organizations operating in the developing world. Given the weaknesses of current tools and the surge in mobile phone growth, there's an opportunity for mobile and cloud technologies to enable timely and efficient data collection. This paper discusses Open Data Kit (ODK), a suite of tools that enable efficient and timely data collection on cell phones. ODK is designed to let users own, visualize, and share data without the difficulties of setting up and maintaining servers. The tools are easy to use, deploy, and scale. They also go beyond open source - they're based on open standards and supported by a larger community.     

面向操作系统可靠性保障的开源软件供应链

软件可靠性是软件工程领域中的研究热点之一,故障率分析是软件可靠性的典型研究方法.然而,软件构建模式已从单体模式演进到以开源软件为代表的规模化协作模式,操作系统作为代表性产物之一,所含开源软件之间通过组合关系和依赖关系,形成了一个包含上万节点的供应关系网络.典型方法缺乏对供应关系的考量,无法准确识别和评估因此而引入的软件可靠性问题.把供应链概念体系拓展到开源软件领域,提出一种基于知识的面向开源协作模式下软件供应可靠性的管理方法：面向开源软件生态进行本体设计,构建开源软件知识图谱,实现知识的提取、存储和管理,以知识为驱动,结合传统的供应链管理方法,提出一组面向开源软件供应链的可靠性管理方法,构成一套开源软件供应链管理系统.实验以Linux操作系统发行版的构建为例,展示了开源软件供应链对操作系统可靠性的支撑能力.结果表明,开源软件供应链将有助于理清和评估大型复杂系统软件的可靠性风险.     

开放式分布控制系统的研究

开放式控制系统已经发展了将近十年，但目前学术界和工业界对“开放”的争论还很多。无论从控制器的产品开发和政府机构支持的平台研究，概念和体系结构都不太相同。本文从网络技术、现场总线技术、开放性技术、监控技术、软PLC技术和OPC技术等几个方面对开放式控制系统作了简要的论述。     

Open Source Software Supply Chain for Reliability Assurance of Operating Systems

Software reliability is one of the research hotspots in the field of software engineering, and failure rate analysis is a typical research method for software reliability. However, the software construction mode has evolved from a single mode to a large-scale collaborative model represented by open source software. As one of the representative products, the operating system includes open source software connected through combinations and dependencies to form a supply network of tens of thousands of nodes. Typical methods lack consideration of supply relationships and cannot accurately identify and evaluate the software reliability issues introduced as a result. This paper extends the concept of supply chain to the field of open source software and proposes a knowledge-based management method for software supply reliability in a collaborative model. The ontological body is designed for the open source software ecosystem firstly, and then the nowledge graph of open source software is constructed to achieve the extraction, storage and management of knowledge; driven by knowledge, combined with traditional supply chain management methods, a set of reliability management methods for open source software supply chain is proposed, which constitutes a management system of open source software supply chain. With the construction of a Linux operating system distribution as an example, the experiment demonstrates how the open source software supply chain supports the reliability of the operating system. Results show that the open source software supply chain will help to clarify and evaluate the reliability risk of large complex system software.     

Data Matters: A Strategic Action Framework for Data Governance

While there has been a wealth of research exploring data governance, there are still some gaps in how firms deploy data governance and what strategic actions they take to do so, especially as the volume of data increases dramatically and the pace of data assetization accelerates. To achieve this end, through an in-depth case study of a Chinese gold mining company, namely Shandong Gold, we develop a framework to explain how firms configure data governance activities and conduct related strategic actions. Our study identifies four key data governance activities that are supported by two strategic actions. Overall, we contribute to research in data governance and strategic action fields and also provide an alternative implementation framework for practitioners.     

面向开源源码大数据的数据质量研究

基于开源源码大数据进行代码生成、缺陷预测等是当前智能化软件开发方法与技术的重要研究内容。然而现有的关注点主要聚焦于各种推荐、预测等智能算法的研究,较少对研究所使用数据的质量进行评估与分析。大部分智能化软件开发研究的数据来源于开源数据托管平台,受限于开发者自身水平,它们并不能保证都具有较高质量。根据"garbage in,garbage out",这会影响最终结果质量。源码数据的质量对相关的研究有重要影响,却没有得到足够的重视。针对上述问题,提出了一种面向开源源码大数据的方法块数据质量评估方法。首先研究如何定义和评估GitHub上抽取的源码的数据质量问题,然后对开源源码从不同维度进行质量评估。通过该源码数据质量评估方法可以帮助相关研究人员构建具有更高质量的数据集,进而提高智能化相关研究,比如代码生成、缺陷预测等的结果质量。     

Open for business-Securely!

Security is an issue that has become central to the future business strategies of all enterprises. With the introduction of the X/Open Baseline Security 96 product standard. The Open Group has taken a major step in defining standards to address security within open systems computing environments.Supported by vendors and end-users Baseline Security 96 resolves many of the problems brought about by the lack of standards among vendor products. As additional security products are introduced by The Open Group for distributed computing environments and the public network, organizations will be able to carry on truly global commerce more quickly, more easily and more cost-effectively.Building on its success in delivering collaboratively developed technology such as DCE and DCE Web to the marketplace, Thc Open Group continues to deliver real solutions that address current commercial requirements and environments.