Electronic Communications of the EASST
Process Scenarios in Open Source Software Certification
Abstract
Certification of Open Source Software (OSS) presents inherent trade-offs
due to the necessity of precisely identifying both a product and an independent certification
agent, and on the other of maintain the peculiar, valuable OSS characteristic
of being available to an unlimited multiplicity of actors for trial, use and change.
This is an intriguing challenge, usually solved by removing from the picture the
certifying agent and providing an intrinsic certification by means of rigorous, reapplicable
property demonstrations, adopting Formal Methods (FM) in expressing
and verifying the code. As such approach, yet quite valuable and good-promising,
has some restrictions (such as the limited set of provable product qualities), we propose
to tackle the problem by analysing the various processes executed by different
OSS stakeholders, including the process of an independent Certification Body. In
the paper some kinds of representative scenarios in which such processes interleave
are presented and discussed. The aim is to introduce a process-centered perspective
for OSS that can stimulate research to further understand and mitigate the mentioned
trade-offs.
due to the necessity of precisely identifying both a product and an independent certification
agent, and on the other of maintain the peculiar, valuable OSS characteristic
of being available to an unlimited multiplicity of actors for trial, use and change.
This is an intriguing challenge, usually solved by removing from the picture the
certifying agent and providing an intrinsic certification by means of rigorous, reapplicable
property demonstrations, adopting Formal Methods (FM) in expressing
and verifying the code. As such approach, yet quite valuable and good-promising,
has some restrictions (such as the limited set of provable product qualities), we propose
to tackle the problem by analysing the various processes executed by different
OSS stakeholders, including the process of an independent Certification Body. In
the paper some kinds of representative scenarios in which such processes interleave
are presented and discussed. The aim is to introduce a process-centered perspective
for OSS that can stimulate research to further understand and mitigate the mentioned
trade-offs.
Full Text:
PDFDOI: http://dx.doi.org/10.14279/tuj.eceasst.48.817
DOI (PDF): http://dx.doi.org/10.14279/tuj.eceasst.48.817.812
Hosted By Universitätsbibliothek TU Berlin.