使用开源项目的风险评估：现有方法分析

IF 0.6 Q4 AUTOMATION & CONTROL SYSTEMS

AUTOMATIC CONTROL AND COMPUTER SCIENCES Pub Date : 2024-02-29 DOI:10.3103/S0146411623080059

M. A. Eremeev, I. I. Zakharchuk

{"title":"使用开源项目的风险评估：现有方法分析","authors":"M. A. Eremeev, I. I. Zakharchuk","doi":"10.3103/S0146411623080059","DOIUrl":null,"url":null,"abstract":"<p>This article analyzes the existing approaches to assess and account for the components used in software, including open source software. The existing frameworks for assessing software development processes, including information security, are analyzed. The typical risks of using open source components and free licenses are considered. The possibility of assessing development processes to identify threats to information security in open source projects and the need to automate this process in order to ensure the efficiency of dependence management in projects that use open components as dependencies are noted.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"57 8","pages":"938 - 946"},"PeriodicalIF":0.6000,"publicationDate":"2024-02-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Risk Assessment of Using Open Source Projects: Analysis of the Existing Approaches\",\"authors\":\"M. A. Eremeev, I. I. Zakharchuk\",\"doi\":\"10.3103/S0146411623080059\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>This article analyzes the existing approaches to assess and account for the components used in software, including open source software. The existing frameworks for assessing software development processes, including information security, are analyzed. The typical risks of using open source components and free licenses are considered. The possibility of assessing development processes to identify threats to information security in open source projects and the need to automate this process in order to ensure the efficiency of dependence management in projects that use open components as dependencies are noted.</p>\",\"PeriodicalId\":46238,\"journal\":{\"name\":\"AUTOMATIC CONTROL AND COMPUTER SCIENCES\",\"volume\":\"57 8\",\"pages\":\"938 - 946\"},\"PeriodicalIF\":0.6000,\"publicationDate\":\"2024-02-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"AUTOMATIC CONTROL AND COMPUTER SCIENCES\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://link.springer.com/article/10.3103/S0146411623080059\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"AUTOMATION & CONTROL SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","FirstCategoryId":"1085","ListUrlMain":"https://link.springer.com/article/10.3103/S0146411623080059","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

摘要本文分析了评估和说明软件（包括开源软件）所用组件的现有方法。文章分析了评估软件开发流程（包括信息安全）的现有框架。考虑了使用开源组件和免费许可证的典型风险。指出了评估开发流程以确定开放源码项目中信息安全威胁的可能性，以及将这一流程自动化以确保使用开放组件作为依赖关系的项目中依赖关系管理效率的必要性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

Risk Assessment of Using Open Source Projects: Analysis of the Existing Approaches

查看原文本刊更多论文

Risk Assessment of Using Open Source Projects: Analysis of the Existing Approaches

This article analyzes the existing approaches to assess and account for the components used in software, including open source software. The existing frameworks for assessing software development processes, including information security, are analyzed. The typical risks of using open source components and free licenses are considered. The possibility of assessing development processes to identify threats to information security in open source projects and the need to automate this process in order to ensure the efficiency of dependence management in projects that use open components as dependencies are noted.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

AUTOMATIC CONTROL AND COMPUTER SCIENCES AUTOMATION & CONTROL SYSTEMS-

CiteScore

1.70

自引率

22.20%

发文量

期刊介绍： Automatic Control and Computer Sciences is a peer reviewed journal that publishes articles on• Control systems, cyber-physical system, real-time systems, robotics, smart sensors, embedded intelligence • Network information technologies, information security, statistical methods of data processing, distributed artificial intelligence, complex systems modeling, knowledge representation, processing and management • Signal and image processing, machine learning, machine perception, computer vision