摘要
In recent years,the widespread applications of open-source software(OSS)have brought great convenience for software developers.However,it is always facing unavoidable security risks,such as open-source code defects and security vulnerabilities.To find out the OSS risks in time,we carry out an empirical study to identify the indicators for evaluating the OSS.To achieve a comprehensive understanding of the OSS assessment,we collect 56 papers from prestigious academic venues(such as IEEE Xplore,ACM Digital Library,DBLP,and Google Scholar)in the past 21 years.During the process of the investigation,we first identify the main concerns for selecting OSS and distill five types of commonly used indicators to assess OSS.We then conduct a comparative analysis to discuss how these indicators are used in each surveyed study and their differences.Moreover,we further undertake a correlation analysis between these indicators and uncover 13 confirmed conclusions and four cases with controversy occurring in these studies.Finally,we discuss several possible applications of these conclusions,which are insightful for the research on OSS and software supply chain.
