Evaluation indicators for open-source software: a review

Abstract In recent years, the widespread applications of open-source software (OSS) have brought great convenience for developers. However, it is always facing unavoidable security risks, such as code defects and vulnerabilities. To find out OSS risks in time, we carry an empirical study to identify indicators evaluating OSS. achieve a comprehensive understanding assessment, collect 56 papers from prestigious academic venues (such IEEE Xplore, ACM Digital Library, DBLP, Google Scholar) past 21 years. During process investigation, first main concerns selecting distill five types commonly used assess We then conduct comparative analysis discuss how these are each surveyed their differences. Moreover, further undertake correlation between uncover 13 confirmed conclusions four cases with controversy occurring studies. Finally, several possible conclusions, which insightful research on supply chain.