Methodological support for Swedish industry to meet vulnerability risks in the use of open source software
Reference number | |
Coordinator | RISE Research Institutes of Sweden AB |
Funding from Vinnova | SEK 3 890 000 |
Project duration | July 2021 - August 2023 |
Status | Completed |
Venture | Advanced digitalization - Enabling technologies |
Call | Cybersecurity for advanced industrial digitalisation |
Important results from the project
Through the HASMOSS project, we aimed to enable Swedish industry, but also society at large, to analyze and manage the risk of vulnerabilities being introduced in OSS. More specifically, we looked at the health of the OSS projects, i.e., their ability to stay viable long-term and maintain the OSS to a high standard without interruptions. As a main outcome, we designed a methodological support enabling the design and implementation of such analysis, and a survey of actions that may be taken to improve the health accordingly.
Expected long term effects
The developed methodological support is reported iteratively across four scientific papers, published or under review. The support highlights 73 different health aspects from literature and interview studies. It has been further adapted and proposed for implementation at Scania, serving as inspiration for how other Swedish companies can adopt and tailor the method support to their unique needs and context. Additionally, insights and recommendations have been created on how the health of critical projects can be improved.
Approach and implementation
The work has primarily been led by researchers at RISE through empirical investigations with the goal of creating method support for Swedish industry. The method support, based on the underlying studies, has a strong scientific foundation while also achieving a high practical level through close collaboration with experts. Furthermore, it has been directly applied within Scania, which can serve as a model for similar companies, and a process has been established for the development of equivalent applications.