Methodological support for Swedish industry to meet vulnerability risks in the use of open source software

Purpose and goal

Through the HASMOSS project, we aimed to enable Swedish industry, but also society at large, to analyze and manage the risk of vulnerabilities being introduced in OSS. More specifically, we looked at the health of the OSS projects, i.e., their ability to stay viable long-term and maintain the OSS to a high standard without interruptions. As a main outcome, we designed a methodological support enabling the design and implementation of such analysis, and a survey of actions that may be taken to improve the health accordingly.

Expected results and effects

The developed methodological support is reported iteratively across four scientific papers, published or under review. The support highlights 73 different health aspects from literature and interview studies. It has been further adapted and proposed for implementation at Scania, serving as inspiration for how other Swedish companies can adopt and tailor the method support to their unique needs and context. Additionally, insights and recommendations have been created on how the health of critical projects can be improved.

Planned approach and implementation

The work has primarily been led by researchers at RISE through empirical investigations with the goal of creating method support for Swedish industry. The method support, based on the underlying studies, has a strong scientific foundation while also achieving a high practical level through close collaboration with experts. Furthermore, it has been directly applied within Scania, which can serve as a model for similar companies, and a process has been established for the development of equivalent applications.

External links

Projektets hemsida Publikationer kopplade till Johan Linåker, ansvarig forskare inom projektet