Abstract

Open source components are a promising way for creating and delivering software to the market fast. However, challenges arise when assessing the quality of open source software. While frameworks to assess these components exist, the open source market is neither governed nor regulated and the use of these frameworks is labor-intensive and complex. This research aims to solve this problem by selecting quality indicators for open source software on GitHub and realizing a tool for automatically supporting the evaluation of information about open source software from other available sources. These sources include StackExchange.com for external support and the National Vulnerability and Exposure database for security incident history. Feedback on the developed prototype supports our view that automatic checks of open source software claims is possible and useful.

Recommended Citation

Wijnhoven, F., Kluitenberg, F., & Daneva, M. (2019). Open Source Software Information Triangulation: A Design Science Study. In A. Siarheyeva, C. Barry, M. Lang, H. Linger, & C. Schneider (Eds.), Information Systems Development: Information Systems Beyond 2020 (ISD2019 Proceedings). Toulon, France: ISEN Yncréa Méditerranée.

Paper Type

Event

Share

COinS
 

Open Source Software Information Triangulation: A Design Science Study

Open source components are a promising way for creating and delivering software to the market fast. However, challenges arise when assessing the quality of open source software. While frameworks to assess these components exist, the open source market is neither governed nor regulated and the use of these frameworks is labor-intensive and complex. This research aims to solve this problem by selecting quality indicators for open source software on GitHub and realizing a tool for automatically supporting the evaluation of information about open source software from other available sources. These sources include StackExchange.com for external support and the National Vulnerability and Exposure database for security incident history. Feedback on the developed prototype supports our view that automatic checks of open source software claims is possible and useful.