Certification of Open Source Software (OSS) presents inherent trade-offs due to the necessity of precisely identifying both a product and an independent certification agent, and on the other of maintain the peculiar, valuable OSS characteristic of being available to an unlimited multiplicity of actors for trial, use and change. This is an intriguing challenge, usually solved by removing from the picture the certifying agent and providing an intrinsic certification by means of rigorous, reapplicable property demonstrations, adopting Formal Methods (FM) in expressing and verifying the code. As such approach, yet quite valuable and good-promising, has some restrictions (such as the limited set of provable product qualities), we propose to tackle the problem by analysing the various processes executed by different OSS stakeholders, including the process of an independent Certification Body. In the paper some kinds of representative scenarios in which such processes interleave are presented and discussed. The aim is to introduce a process-centered perspective for OSS that can stimulate research to further understand and mitigate the mentioned trade-offs.
Process scenarios in Open Source Software certification
Fabbrini Fabrizio;Fusani Mario;Marchetti Eda
2012
Abstract
Certification of Open Source Software (OSS) presents inherent trade-offs due to the necessity of precisely identifying both a product and an independent certification agent, and on the other of maintain the peculiar, valuable OSS characteristic of being available to an unlimited multiplicity of actors for trial, use and change. This is an intriguing challenge, usually solved by removing from the picture the certifying agent and providing an intrinsic certification by means of rigorous, reapplicable property demonstrations, adopting Formal Methods (FM) in expressing and verifying the code. As such approach, yet quite valuable and good-promising, has some restrictions (such as the limited set of provable product qualities), we propose to tackle the problem by analysing the various processes executed by different OSS stakeholders, including the process of an independent Certification Body. In the paper some kinds of representative scenarios in which such processes interleave are presented and discussed. The aim is to introduce a process-centered perspective for OSS that can stimulate research to further understand and mitigate the mentioned trade-offs.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
