It is a common software engineering practice to develop software by using different components.[1] Using software components segments the complexity of larger elements into smaller pieces of code and increases flexibility by enabling easier reuse of components to address new requirements.[2] The practice has widely expanded since the late 1990s with the popularization of open-source software (OSS) to help speed up the software development process and reduce time to market.[3]
However, using open-source software introduces many risks for the software applications being developed. These risks can be organized into 5 categories:[4]
OSS Version Control: risks of changes introduced by new versions
Security: risks of vulnerabilities in components - Common Vulnerabilities & Exposures (or CVEs)
License: risks of Intellectual property (IP) legal requirements
Development: risks of compatibility between existing codebase and open-source software
Support: risk of poor documentation and Obsolete software components
Shortly after the foundation of the Open Source Initiative in February 1998,[5] the risks associated with OSS were raised[6] and organizations tried to manage this using spreadsheets and documents to track all the open source components used by their developers.[7]
For organizations using open-source components extensively, there was a need to help automate the analysis and management of open source risk. This resulted in a new category of software products called Software Composition Analysis (SCA) which helps organizations manage open source risk.
SCA strives to detect all the 3rd party components in use within a software application to help reduce risks associated with security vulnerabilities, IP licensing requirements, and obsolescence of components being used.
^
Duc Linh, Nguyen; Duy Hung, Phan; Dipe, Vu Thu (2019). "Risk Management in Projects Based on Open-Source Software". Proceedings of the 2019 8th International Conference on Software and Computer Applications. pp. 178–183. doi:10.1145/3316615.3316648. ISBN 9781450365734. S2CID 153314145.
^"History of the OSI". Opensource.org. 19 September 2006.
^
Payne, Christian (2002). "On the security of open source software" (PDF). Information Systems Journal. 12: 61–78. doi:10.1046/j.1365-2575.2002.00118.x. S2CID 8123076.
^
Kaur, Sumandeep (April 2020). "Security Issues in Open-Source Software" (PDF). International Journal of Computer Science & Communication: 47–51.
and 25 Related for: Software composition analysis information
automate the analysis and management of open source risk. This resulted in a new category of software products called SoftwareCompositionAnalysis (SCA) which...
possible with the use of SoftwareCompositionAnalysis (SCA) solutions. Reproducible builds Software Package Data Exchange Software toolchain Supply chain...
in software monetization, softwarecompositionanalysis, and installation (computer programs) software. Revenera, formerly called Flexera Software, has...
Philippe (2020). "Free and Open Source Software License Compliance: Tools for SoftwareCompositionAnalysis". Computer. 53 (10): 105–109. doi:10.1109/MC...
runtime. Dependency scanners (also called SoftwareCompositionAnalysis) try to detect the usage of software components with known vulnerabilities. These...
organization which works in monetization, softwarecompositionanalysis, and installation (computer programs) software. In February 2020, Flexera was ranked...
Common Weakness Enumeration Common Vulnerabilities and Exposures Softwarecompositionanalysis at 17:55, Jack Clark in San Francisco 14 Mar 2013. "Downed US...
code analysis – the analysis of computer software that is performed without actually executing programs built from that Structured systems analysis and...
open source and other third party software. Gartner Group refers to the category as SoftwareCompositionAnalysis. Palamida Enterprise Edition 6.0, which...
Spatial analysissoftware is software written to enable and facilitate spatial analysis. Currently, there are several packages, both free software and proprietary...
Mass spectrometry software is used for data acquisition, analysis, or representation in mass spectrometry. In protein mass spectrometry, tandem mass spectrometry...
software systems and their implementation, composition, behaviour, and evolution. It serves as means to monitor, steer, observe and optimize software...
the composition of software documentation. Though very distinct, user analysis is related to task analysis. When developing new technology or software, identifying...
A software design description (a.k.a. software design document or SDD; just design document; also Software Design Specification) is a representation of...
Discourse analysis (DA), or discourse studies, is an approach to the analysis of written, spoken, or sign language, including any significant semiotic...
theory skills such as harmonic analysis and thematic analysis, along with their knowledge of idioms and compositional practices etc. A motion picture...
can approach composition by extracting sentiment (positive or negative) from the text using machine learning methods like sentiment analysis and represents...
discrete structure, such as an assembly or software module, within a system considered at a particular level of analysis Lumped element model, a model of spatially...
Computer-aided algorithmic composition (CAAC, pronounced "sea-ack") is the implementation and use of algorithmic composition techniques in software. This label is...
unknown sample. Data Interpretation: The software analyzes the integrated data to draw conclusions about the composition, concentration, and purity of the sample...