SRC008 — https://arxiv.org/html/2409.07669v2¶
Contents¶
Metadata¶
| Field | Value |
|---|---|
| URL | https://arxiv.org/html/2409.07669v2 |
| Authors | Academic researchers (multiple authors, institutional affiliations in paper) |
| Date | 2024 (arXiv v2: February 2025) |
Content Summary¶
Mixed-methods study surveying and interviewing OSS maintainers listed in the GitHub Advisory Database. Identifies 37 aspects of vulnerability management, with supply chain mistrust and lack of automation as the most challenging. Key barriers to adopting platform security features include lack of awareness, poor usability, perception that features are unnecessary, and complexity.
Reliability: High¶
Academic peer-reviewed research with mixed-methods design (survey + interviews) and stated methodology.
Relevance: High¶
Directly addresses Q002 about barriers to security tool adoption from maintainer perspective.
Bias Assessment¶
| Domain | Rating | Rationale |
|---|---|---|
| Missing Data | Some concerns | Sample limited to maintainers with projects in GitHub Advisory Database — may not represent all OSS. |
| Measurement | Low risk | Mixed-methods approach with both quantitative survey and qualitative interviews. |
| Selective Reporting | Low risk | Reports both positive and negative aspects of maintainer practices. |
| Randomization | N/A | Not an RCT. |
| Protocol Deviation | N/A | Not an RCT. |
| Conflict Of Interest | Low risk | Academic researchers with no disclosed commercial interest. |