BIGDATA: Collaborative Research: IA: OSCAR - Open Source Supply Chains and Avoidance of Risk: An Evidence Based Approach to Improve FLOSS Supply Chains
University Of Tennessee Knoxville, Knoxville TN
Investigators
Abstract
Open source software is an engine for innovation and a critical infrastructure for the nation and yet it is implemented by communities formed from a loose collection of individuals. With each software project relying on thousands of other software projects, this complex and dynamic supply chain introduces new risks and unpredictability, since, unlike in traditional software projects, no contractual relationships with the community exist and individuals could simply lose interest or move on to other activities. The big data-based approach to software supply chains will stimulate academic and practical work. The tools and practices to quantify and mitigate risks in the rapidly changing global environment with no centralized control or authority will lead to dramatic reductions in risk manifested in, for example, the spread of vulnerabilities thus making the nation both safer and more innovative. The theoretical frameworks and approaches developed will likely influence research and practice in other supply chain contexts. The objective of this research is to advance the state of knowledge of software supply chains by collecting and integrating massive public operational data representing development activity and source code from all open source projects and using it to develop novel theories, methods, and tools. The construction and analysis of the entire open source supply chain provides static and dynamic properties of the network, risk propagation, and system-level risks. Novel statistical and game-theoretic models are used to assess and mitigate these risks, while methods to contextualize, augment, and correct operational data provide ways to cope with data?s size, complexity, and observational nature.
View original record on NSF Award Search →