SRC011 — https://arxiv.org/html/2409.07669v2¶
Contents¶
Metadata¶
| Field | Value |
|---|---|
| URL | https://arxiv.org/html/2409.07669v2 |
| Authors | Academic researchers |
| Date | 2025-02-03 |
Content Summary¶
Mixed-methods study of OSS maintainers on vulnerability management. Of 37 identified aspects, supply chain mistrust and lack of automation are most challenging. Barriers to platform security features include lack of awareness and perception they are not necessary. Some maintainers still allow public vulnerability reporting or ignore reports despite being previously vulnerable.
Reliability: High¶
Peer-reviewed academic study combining listing survey and semi-structured interviews with OSS maintainers.
Relevance: High¶
Directly addresses Q002's question about barriers to security tooling adoption from the maintainer perspective.
Bias Assessment¶
| Domain | Rating | Rationale |
|---|---|---|
| Missing Data | Some concerns | Sample limited to maintainers of projects in GitHub Advisory Database, potentially biasing toward security-aware maintainers. |
| Measurement | Low risk | Mixed-methods approach (survey + interviews) with transparent coding methodology. |
| Selective Reporting | Low risk | Reports surprising findings including maintainers ignoring vulnerability reports. |
| Randomization | N/A | Not an RCT. |
| Protocol Deviation | N/A | Not an RCT. |
| Conflict Of Interest | Low risk | Academic research without apparent commercial ties. |