B2SMatcher: fine-Grained version identification of open-Source software in binary files

AbstractCodes of Open Source Software (OSS) are widely reused during software development nowadays. However, reusing some specific versions of OSS introduces 1-day vulnerabilities of which details are publicly available, which may be exploited and lead to serious security issues. Existing state-of-the-art OSS reuse detection work can not identify the specific versions of reused OSS well. The features they selected are not distinguishable enough for version detection and the matching scores are only based on similarity.This paper presents B2SMatcher, a fine-grained version identification tool for OSS in commercial off-the-shelf (COTS) software. We first discuss five kinds of version-sensitive code features that are trackable in both binary and source code. We categorize these features into program-level features and function-level features and propose a two-stage version identification approach based on the two levels of code features. B2SMatcher also identifies different types of OSS version reuse based on matching scores and matched feature instances. In order to extract source code features as accurately as possible, B2SMatcher innovatively uses machine learning methods to obtain the source files involved in the compilation and uses function abstraction and normalization methods to eliminate the comparison costs on redundant functions across versions. We have evaluated B2SMatcher using 6351 candidate OSS versions and 585 binaries. The result shows that B2SMatcher achieves a high precision up to 89.2% and outperforms state-of-the-art tools. Finally, we show how B2SMatcher can be used to evaluate real-world software and find some security risks in practice.

Download Full-text

Open Plot Project: an open-source toolkit for 3-D structural data analysis

Solid Earth ◽

10.5194/se-2-53-2011 ◽

2011 ◽

Vol 2 (1) ◽

pp. 53-63 ◽

Cited By ~ 18

Author(s):

S. Tavani ◽

P. Arbues ◽

M. Snidero ◽

N. Carrera ◽

J. A. Muñoz

Keyword(s):

Spatial Distribution ◽

Data Analysis ◽

Open Source ◽

Open Source Software ◽

Source Code ◽

Structural Data ◽

Geological Modelling ◽

Analysis Tools ◽

Transect Analysis ◽

Selection Of

Abstract. In this work we present the Open Plot Project, an open-source software for structural data analysis, including a 3-D environment. The software includes many classical functionalities of structural data analysis tools, like stereoplot, contouring, tensorial regression, scatterplots, histograms and transect analysis. In addition, efficient filtering tools are present allowing the selection of data according to their attributes, including spatial distribution and orientation. This first alpha release represents a stand-alone toolkit for structural data analysis. The presence of a 3-D environment with digitalising tools allows the integration of structural data with information extracted from georeferenced images to produce structurally validated dip domains. This, coupled with many import/export facilities, allows easy incorporation of structural analyses in workflows for 3-D geological modelling. Accordingly, Open Plot Project also candidates as a structural add-on for 3-D geological modelling software. The software (for both Windows and Linux O.S.), the User Manual, a set of example movies (complementary to the User Manual), and the source code are provided as Supplement. We intend the publication of the source code to set the foundation for free, public software that, hopefully, the structural geologists' community will use, modify, and implement. The creation of additional public controls/tools is strongly encouraged.

Download Full-text

MINING EFFORT DATA FROM THE OSS REPOSITORY OF DEVELOPER’S BUG FIX ACTIVITY

Journal of IT in Asia ◽

10.33736/jita.38.2010 ◽

2016 ◽

Vol 3 (1) ◽

pp. 107-128

Author(s):

Syed Nadeem Ahsan ◽

Muhammad Tanvir Afzal ◽

Safdar Zaman ◽

Christian Gütel ◽

Franz Wotawa

Keyword(s):

Open Source ◽

Open Source Software ◽

State Of The Art ◽

Tracking System ◽

Previous History ◽

Effort Estimation ◽

Estimation Model ◽

Activity Data ◽

Actual Time ◽

History Of

During the evolution of any software, efforts are made to fix bugs or to add new features in software. In software engineering, previous history of effort data is required to build an effort estimation model, which estimates the cost and complexity of any software. Therefore, the role of effort data is indispensable to build state-of-the-art effort estimation models. Most of the Open Source Software does not maintain any effort related information. Consequently there is no state-of-the-art effort estimation model for Open Source Software, whereas most of the existing effort models are for commercial software. In this paper we present an approach to build an effort estimation model for Open Source Software. For this purpose we suggest to mine effort data from the history of the developer’s bug fix activities. Our approach determines the actual time spend to fix a bug, and considers it as an estimated effort. Initially, we use the developer’s bug-fix-activity data to construct the developer’s activity log-book. The log-book is used to store the actual time elapsed to fix a bug. Subsequently, the log-book information is used to mine the bug fix effort data. Furthermore, the developer’s bug fix activity data is used to define three different measures for the developer’s contribution or expertise level. Finally, we used the bug-fix-activity data to visualize the developer’s collaborations and the involved source files. In order to perform an experiment we selected the Mozilla open source project and downloaded 93,607 bug reports from the Mozilla project bug tracking system i.e., Bugzilla. We also downloaded the available CVS-log data from the Mozilla project repository. In this study we reveal that in case of Mozilla only 4.9% developers have been involved in fixing 71.5% of the reported bugs.

Download Full-text

Review of Open Source Software (OSS)

Digital Democracy ◽

10.4018/978-1-4666-1740-7.ch002 ◽

2012 ◽

pp. 26-40

Author(s):

Bhasker Mukerji ◽

Ramaraj Palanisamy

Keyword(s):

Developing Countries ◽

Public Sector ◽

Open Source ◽

Open Source Software ◽

Low Cost ◽

Source Code ◽

Developed Countries ◽

Economic Resources ◽

Large Pool ◽

Public Sector Organizations

The popularity of Open Source Software (OSS) in developing countries is quiet evident from its widespread adoption across government departments and public sector organizations. The use of OSS saves economic resources of cash starved countries, provides an opportunity to promote e-government, and to utilize their resources in other sectors. Many developing countries have a large pool of skilled developers who can modify the source code of the OSS at a very low cost. Many governments in developing and developed countries have switched to OSS which probably encourages others to follow the trend. It was not possible to follow the adoption trend in all the developing countries but the usage of OSS in countries like India, Brazil, and Venezuela provides us an insight. The successful adoption of OSS requires thorough analysis of its advantages as well as the issues associated with it. This chapter will provide an overview of OSS, characteristics of OSS developers, and their motivation to volunteer by contributing in OSS projects, followed by the advantages and issues associated with OSS.

Download Full-text

Key Concepts and Definitions of Open Source Communities

Encyclopedia of Networked and Virtual Organizations ◽

10.4018/978-1-59904-885-7.ch099 ◽

2010 ◽

pp. 753-760

Author(s):

Ruben van Wendel de Joode ◽

Sebastian Spaeth

Keyword(s):

Software Development ◽

Open Source ◽

Open Source Software ◽

Online Communities ◽

Source Code ◽

Professional Organizations ◽

Large Numbers ◽

Key Concepts ◽

Open Source Communities ◽

Do So

Most open source software is developed in online communities. These communities are typically referred to as “open source software communities” or “OSS communities.” In OSS communities, the source code, which is the human-readable part of software, is treated as something that is open and that should be downloadable and modifiable to anyone who wishes to do so. The availability of the source code has enabled a practice of decentralized software development in which large numbers of people contribute time and effort. Communities like Linux and Apache, for instance, have been able to connect thousands of individual programmers and professional organizations (although most project communities remain relatively small). These people and organizations are not confined to certain geographical places; on the contrary, they come from literally all continents and they interact and collaborate virtually.

Download Full-text

Open Source Software in the Arab World

International Journal of Open Source Software and Processes ◽

10.4018/ijossp.2016010103 ◽

2016 ◽

Vol 7 (1) ◽

pp. 49-64

Author(s):

Manar Abu Talib

Keyword(s):

Open Source ◽

Open Source Software ◽

Significant Contribution ◽

State Of The Art ◽

Arab World ◽

Arab Countries ◽

Literature Survey ◽

Survey Study ◽

Road Map ◽

The World

A literature survey study was conducted to explore the state-of-the-art of Open Source Software and the opportunities and challenges faced by this segment of the software industry in seven Arab countries — Tunisia, Egypt, Jordan, KSA, Qatar, Oman and UAE. A framework and road map for OSS is presented derived from interviews conducted in the UAE with at least four experts from each of the following categories: governments and ministries, IT companies, universities and IT enthusiasts. This is the first study of its kind in this part of the world and is expected to make a significant contribution to the direction for Open Source Software in the region and beyond.

Download Full-text

Open Source Web Portals

International Journal of Open Source Software and Processes ◽

10.4018/ijossp.2012100102 ◽

2012 ◽

Vol 4 (4) ◽

pp. 16-32

Author(s):

Vanessa P. Braganholo ◽

Bernardo Miranda ◽

Marta Mattoso

Keyword(s):

Open Source ◽

Open Source Software ◽

Source Code ◽

Web Portals ◽

Web Portal ◽

Easy Task ◽

User Community

Open source software is required to be widely available to the user community. To help developers fulfill this requirement, Web portals provide a way to make open source projects public so that the user community has access to their source code, can contribute to their development, and can interact with the developer team. However, choosing a Web portal is not an easy task. There are several options available, each of them offering a set of tools and features to its users. The goal of this article is to analyze a set of existing Web portals (SourceForge.net, Apache, Tigris, ObjectWeb, and Savannah) in the hopes that this will help users to choose a hosting site for their projects.

Download Full-text

Open Source in Government

Encyclopedia of Digital Government ◽

10.4018/978-1-59140-789-8.ch195 ◽

2011 ◽

pp. 1287-1290 ◽

Cited By ~ 3

Author(s):

D. Berry

Keyword(s):

Open Source ◽

Open Source Software ◽

General Public ◽

Source Code ◽

Computer Software ◽

Free Software ◽

Software Projects ◽

Software Companies ◽

Develop Software ◽

Software Distribution

Open source software (OSS) is computer software that has its underlying source code made available under a licence. This can allow developers and users to adapt and improve it (Raymond, 2001). Computer software can be broadly split into two development models: • Proprietary, or closed software, owned by a company or individual. Copies of the binary are made public; the source code is not usually made public. • Open-source software (OSS), where the source code is released with the binary. Users and developers can be licenced to use and modify the code, and to distribute any improvements they make. Both OSS and proprietary approaches allow companies to make a profit. Companies developing proprietary software make money by developing software and then selling licences to use the software. For example, Microsoft receives a payment for every copy of Windows sold with a personal computer. OSS companies make their money by providing services, such as advising clients on the GPL licence. The licencee can either charge a fee for this service or work free of charge. In practice, software companies often develop both types of software. OSS is developed by an ongoing, iterative process where people share the ideas expressed in the source code. The aim is that a large community of developers and users can contribute to the development of the code, check it for errors and bugs, and make the improved version available to others. Project management software is used to allow developers to keep track of the various versions. There are two main types of open-source licences (although there are many variants and subtypes developed by other companies): • Berkeley Software Distribution (BSD) Licence: This permits a licencee to “close” a version (by withholding the most recent modifications to the source code) and sell it as a proprietary product; • GNU General Public Licence (GNU, GPL, or GPL): Under this licence, licencees may not “close” versions. The licencee may modify, copy, and redistribute any derivative version, under the same GPL licence. The licencee can either charge a fee for this service or work free of charge. Free software first evolved during the 1970s but in the 1990s forked into two movements, namely free software and open source (Berry, 2004). Richard Stallman, an American software developer who believes that sharing source code and ideas is fundamental to freedom of speech, developed a free version of the widely used Unix operating system. The resulting GNU program was released under a specially created General Public Licence (GNU, GPL). This was designed to ensure that the source code would remain openly available to all. It was not intended to prevent commercial usage or distribution (Stallman, 2002). This approach was christened free software. In this context, free meant that anyone could modify the software. However, the term “free” was often misunderstood to mean no cost. Hence, during the 1990s, Eric Raymond and others proposed that open-source software was coined as a less contentious and more business-friendly term. This has become widely accepted within the software and business communities; however there are still arguments about the most appropriate term to use (Moody, 2002). The OSMs are usually organised into a network of individuals who work collaboratively on the Internet, developing major software projects that sometimes rival commercial software but are always committed to the production of quality alternatives to those produced by commercial companies (Raymond, 2001; Williams, 2002). Groups and individuals develop software to meet their own and others’ needs in a highly decentralised way, likened to a Bazaar (Raymond, 2001). These groups often make substantive value claims to support their projects and foster an ethic of community, collaboration, deliberation, and intellectual freedom. In addition, it is argued by Lessig (1999) that the FLOSS community can offer an inspiration in their commitment to transparency in their products and their ability to open up governmental regulation and control through free/libre and open source code.

Download Full-text

Open Source Software in the Arab World

Securing the Internet of Things ◽

10.4018/978-1-5225-9866-4.ch077 ◽

2020 ◽

pp. 1646-1663

Author(s):

Manar Abu Talib

Keyword(s):

Open Source ◽

Open Source Software ◽

State Of The Art ◽

Software Industry ◽

Arab World ◽

Arab Countries ◽

Literature Survey ◽

Survey Study ◽

Road Map ◽

The World

Download Full-text

Open Source Paradigm: A Synopsis of The Cathedral and the Bazaar for Health and Social Care

Journal of Innovation in Health Informatics ◽

10.14236/jhi.v23i2.866 ◽

2016 ◽

Vol 23 (2) ◽

pp. 488

Author(s):

Tim Benson

Keyword(s):

Open Source ◽

Open Source Software ◽

Social Care ◽

Source Code ◽

Comprehensive Description ◽

The Third ◽

It Impacts ◽

Health And Social Care ◽

Software Engineers ◽

Closed Source

Background: Open source software (OSS) is becoming more fashionable in health and social care, although the ideas are not new. However progress has been slower than many had expected.Objective: The purpose is to summarise the Free/Libre Open Source Software (FLOSS) paradigm in terms of what it is, how it impacts users and software engineers and how it can work as a business model in health and social care sectors.Method: Much of this paper is a synopsis of Eric Raymond’s seminal book The Cathedral and the Bazaar, which was the first comprehensive description of the open source ecosystem, set out in three long essays. Direct quotes from the book are used liberally, without reference to specific passages. The first part contrasts open and closed source approaches to software development and support. The second part describes the culture and practices of the open source movement. The third part considers business models.Conclusion: A key benefit of open source is that users can access and collaborate on improving the software if they wish. Closed source code may be regarded as a strategic business risk that that may be unacceptable if there is an open source alternative. The sharing culture of the open source movement fits well with that of health and social care.

Download Full-text

Understanding the Causes of Architecture Changes Using OSS Mailing Lists

International Journal of Software Engineering and Knowledge Engineering ◽

10.1142/s0218194015400367 ◽

2015 ◽

Vol 25 (09n10) ◽

pp. 1633-1651 ◽

Cited By ~ 2

Author(s):

Wei Ding ◽

Peng Liang ◽

Antony Tang ◽

Hans van Vliet

Keyword(s):

Grounded Theory ◽

Empirical Study ◽

Open Source ◽

Open Source Software ◽

Source Code ◽

Internal Quality ◽

Functional Requirement ◽

Quality Requirement ◽

External Quality ◽

Mailing Lists

The causes of architecture changes can tell about why architecture changes, and this knowledge can be captured to prevent architecture knowledge vaporization and architecture degeneration. But the causes are not always known, especially in open source software (OSS) development. This makes it very hard to understand the underlying reasons for the architecture changes and design appropriate modifications. Architecture information is communicated in development mailing lists of OSS projects. To explore the possibility of identifying and understanding the causes of architecture changes, we conducted an empirical study to analyze architecture information (i.e. architectural threads) communicated in the development mailing lists of two popular OSS projects: Hibernate and ArgoUML, verified architecture changes with source code, and identified the causes of architecture changes from the communicated architecture information. The main findings of this study are: (1) architecture information communicated in OSS mailing lists does lead to architecture changes in code; (2) the major cause for architecture changes in both Hibernate and ArgoUML is preventative changes, and the causes of architecture changes are further classified to functional requirement, external quality requirement, and internal quality requirement using the coding techniques of grounded theory; (3) more than 45% of architecture changes in both projects happened before the first stable version was released.

Download Full-text