Which Are the Key Infrastructure Open Source Projects?
The study will analyze dependencies among open source projects (e.g. specified in Maven or npm builds, or through FreeBSD ports dependencies) in order to construct a graph. This will the be analyzed, using e.g. the PageRank algorithm, to determine which are the most important and critical projects. Furthermore, the projects will be assessed in terms of risk they pose to the community, based on characteristics such as the number of committers, licensing, security handling, product and process quality, issue management, and the freshness of commits.
- Nicolas Harrand, Amine Benelallam, César Soto-Valero, Olivier Barais, Benoit Baudry Analyzing 2.3 Million Maven Dependencies to Reveal an Essential Core in APIs
- Markus Zimmermann and Cristian-Alexandru Staicu Small World with High Risks: A Study of Security Threats in the npm Ecosystem USENIX Security ‘19.
Contacts about the project
- Diomidis Spinellis (TU Delft)