SRC010 — https://arxiv.org/html/2409.07669v2¶
Contents¶
Metadata¶
| Field | Value |
|---|---|
| URL | https://arxiv.org/html/2409.07669v2 |
| Authors | Academic researchers (affiliations in paper) |
| Date | February 2025 |
Content Summary¶
Mixed-methods study surveying and interviewing OSS maintainers of projects listed in the GitHub Advisory Database. Found 37 aspects of vulnerability management challenges; supply chain mistrust and lack of automation were the most challenging. Barriers to platform security feature adoption include lack of awareness and the perception that features are not necessary. Some maintainers still allow public vulnerability reporting or ignore reports despite being previously vulnerable.
Reliability: High¶
Peer-reviewed academic study with structured survey and semi-structured interviews.
Relevance: High¶
Directly addresses Q002 about barriers to security tooling adoption in OSS projects.
Bias Assessment¶
| Domain | Rating | Rationale |
|---|---|---|
| Missing Data | Some concerns | Sample limited to maintainers in GitHub Advisory Database, which skews toward projects that have had vulnerabilities. |
| Measurement | Low risk | Mixed methods approach with both quantitative and qualitative data. |
| Selective Reporting | Low risk | Reports all 37 identified aspects including unexpected findings. |
| Randomization | N/A | Not an RCT. |
| Protocol Deviation | N/A | Not an RCT. |
| Conflict Of Interest | Low risk | Academic research without disclosed conflicts. |