DeepAI AI Chat
Log In Sign Up

Software Supply Chain Map: How Reuse Networks Expand

by   Hideaki Hata, et al.
Shinshu University
Nara Institute of Science and Technology

Clone-and-own is a typical code reuse approach because of its simplicity and efficiency. Cloned software components are maintained independently by a new owner. These clone-and-own operations can be occurred sequentially, that is, cloned components can be cloned again and owned by other new owners on the supply chain. In general, code reuse is not documented well, consequently, appropriate changes like security patches cannot be propagated to descendant software projects. However, the OpenChain Project defined identifying and tracking source code reuses as responsibilities of FLOSS software staffs. Hence supporting source code reuse awareness is in a real need. This paper studies software reuse relations in FLOSS ecosystem. Technically, clone-and-own reuses of source code can be identified by file-level clone set detection. Since change histories are associated with files, we can determine origins and destinations in reusing across multiple software by considering times. By building software supply chain maps, we find that clone-and-own is prevalent in FLOSS development, and set of files are reused widely and repeatedly. These observations open up future challenges of maintaining and tracking global software genealogies.


page 1

page 2

page 3

page 4


From One to Hundreds: Multi-Licensing in the JavaScript Ecosystem

Open source licenses create a legal framework that plays a crucial role ...

Sourcerer's Apprentice and the study of code snippet migration

On the worldwide web, not only are webpages connected but source code is...

Efficient Prior Publication Identification for Open Source Code

Free/Open Source Software (FOSS) enables large-scale reuse of preexistin...

Reproducible Builds: Increasing the Integrity of Software Supply Chains

Although it is possible to increase confidence in Free and Open Source S...

LibDB: An Effective and Efficient Framework for Detecting Third-Party Libraries in Binaries

Third-party libraries (TPLs) are reused frequently in software applicati...

CENTRIS: A Precise and Scalable Approach for Identifying Modified Open-Source Software Reuse

Open-source software (OSS) is widely reused as it provides convenience a...

MAJORCA: Multi-Architecture JOP and ROP Chain Assembler

Nowadays, exploits often rely on a code-reuse approach. Short pieces of ...