Open source (OSS) refers to any system or application in which the source code is made publicly accessible. As of 2020, there were 430,000 OSS projects and 3.7 million registered developers (Ased et al., 2020) while in 2017, the popular version control platform GitHub hosted more than 62 million communities (Link & Jeske, 2017). OSS was realized to be a strategic resource in software innovation. However, its adoption is confronted with challenges such as the perceived security risk (Silic & Back, 2017). OSS security breaches have become recurrent. For instance, on December 9th, 2021, a significant security vulnerability in the popular Apache Log4j2 project, called “log4shell”, was announced. On March 30th, 2022, a critical vulnerability in the famous Java Spring Framework, called “spring4shell”, was published. Both security vulnerabilities pose an exploitation risk to remotely executing malicious code. Log4shell was reported to impact about a third of all web servers in the world. Spring4shell caused more than 37,000 exploit attempts in the first few days after the announcement. The seriousness and high severity of these security vulnerability incidents have motivated this study. Specifically, we aim to explore the implications of security vulnerability incidents on the community’s feelings towards OSS and their adoption. Existing theories explained factors that fulfill individuals’ satisfaction to adopt OSS. However, to the extent of our knowledge, there is no prior work that examined people’s opinions on the aspects of these factors under the circumstance of a security vulnerability hype. This study addresses this gap by exploring the sentiment and opinions related to these factors under such an unfortunate situation. The exploration uses the publicly available discourse (posts) about OSS on social media (SM). The collected data from SM is analyzed to extract people’s sentiments and emotions. Further, the data is categorized based on the aspects of influencing adoption factors (guided by Self-Determination Theory) and extant literature. Preliminary results suggested that security vulnerability contributes to increasing the anger emotion and the negative sentiment. Concerning adoption factors, the vulnerability is found to cause an increase in discussions relevant to the amotivation aspects. The findings provide insights to OSS maintainers regarding the implications of security vulnerabilities, the associated perceived risk, and the potential impact on adoption. Future research can further investigate and quantify the potential impacts of these identified factors on the adoption of open-source software. References Ased, P. E. B., Ommunity, O. N. C., Setia, P., & Bayus, B. L. (2020). The Takeoff of Open Source Software: A Signaling Perspective Based on Community Activities. MIS Quarterly, 44(3), 1439–1458. https://doi.org/10.25300/MISQ/2020/12576 Link, G. J. P., & Jeske, D. (2017). Understanding organization and open source community relations through the attraction-selection-attrition model. Proceedings of the 13th International Symposium on Open Collaboration, OpenSym 2017. https://doi.org/10.1145/3125433.3125472 Silic, M., & Back, A. (2017). Open Source Software Adoption: Lessons from Linux in Munich. IT Professional, 19(1), 42–47. https://doi.org/10.1109/MITP.2017.7
Mohamed, Haytham M. and El-Gayar, Omar, "Security Vulnerability Impact on Open Source: A Social Media Exploration" (2022). AMCIS 2022 TREOs. 53.