Certification of Open Source Software – A Scoping Review

  • Eirini Kalliamvakou
  • Jens Weber
  • Alessia KnaussEmail author
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 472)


Open source software (OSS) systems are being used for increasingly critical functions in modern societies, e.g., in health care, finance, government, defense, and other safety and security sensitive sectors. There is an increasing interest in software certification as a means to assure quality and dependability of such systems. However, the development processes and organizational structures of OSS projects can be substantially different from traditional closed-source projects. The distributed, “bazaar-style” approach to software development in OSS systems is often perceived incompatible with certification. This paper presents the results of a scoping review on certification in OSS systems in order to identify and categorize key issues and provide a comprehensive overview of the current evidence on this topic.


Digital Library Open Source Software Open Source Software Project Certification Issue Open Source Software Development 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bunyakiati, P., Finkelstein, A.: The compliance testing of software tools with respect to the UML standards specification - the ArgoUML case study. In Workshop on Automation of Software Test 2009, 138–143 (2009)Google Scholar
  2. 2.
    Austin, A., Smith, B., Williams, L.: Towards improved security criteria for certification of electronic health record systems. Workshop on Software Engineering in Health Care, pp. 68–73. ACM, New York, NY, USA (2010)Google Scholar
  3. 3.
    Bergquist, M., Ljungberg, J.: The power of gifts: organizing social relationships in open source communities. Inf. Syst. J. 11(4), 305–320 (2001)CrossRefzbMATHGoogle Scholar
  4. 4.
    Bertrand, C., Fuhrman, C.P.: Towards defining software development processes in DO-178B with openup. In: Canadian Conference on Electrical and Computer Engineering, pp. 851–854 (2008)Google Scholar
  5. 5.
    Cerone, A., Settas, D.: Using antipatterns to improve the quality of FLOSS development. Electron. Commun. EASST 48, 16 (2011)Google Scholar
  6. 6.
    Comar, C., Gasperoni, F., Ruiz, J.F.: Open-Do: an open-source initiative for the development of safety-critical software. In: 4th IET International Conference on Systems Safety, pp. 1–5 (2009)Google Scholar
  7. 7.
    Cotroneo, D., Di Leo, D., Silva, N., Barbosa, R.: The precertification kit for operating systems in safety domains. In: Workshop on Software Certification (WoSoCER), pp. 19–24 (2011)Google Scholar
  8. 8.
    Fabbrini, F., Fusani, M., Marchetti, E.: Process scenarios in open source software certification. Electron. Commun. EASST 48, 15 (2011)Google Scholar
  9. 9.
    Feuser, J., Peleska, J.: Security in open model software with hardware virtualization: the railway control system perspective. Electron. Commun. EASST 33, 14 (2010)Google Scholar
  10. 10.
    Fusani, M., Marchetti, E.: Damages and benefits of certification: a perspective from an independent assessment body. Electron. Commun. EASST 33, 3 (2010)Google Scholar
  11. 11.
    Kakarontzas, G., Katsaros, P., Stamelos, I.: Component certification as a prerequisite for widespread OSS reuse. Electron. Commun. EASST 33, 20 (2010)Google Scholar
  12. 12.
    Helms, E., Williams, L.: Evaluating access control of open source electronic health record systems. In: Proceedings. of the 3rd Workshop on Software Engineering in Health Care, pp. 63–70. ACM. New York, NY, USA (2011)Google Scholar
  13. 13.
    von Hippel, E., von Krogh, G.: open source software and the “private-collective” innovation model: issues for organization science. Organ. Sci. 14(2), 209–223 (2003)CrossRefGoogle Scholar
  14. 14.
    Khoroshilov, A.: Open source certification and educational process. Electron. Commun. EASST 20, 8 (2009)Google Scholar
  15. 15.
    King, J.T., Smith, B., Williams, L.: Modifying without a trace: general audit guidelines are inadequate for open-source electronic health record audit mechanisms. In: International Health Informatics Symposium, pp. 305–314. ACM (2012)Google Scholar
  16. 16.
    Kitchenham, B.A., Pfleeger, S.L., Pickard, L.M., Jones, P.W., Hoaglin, D.C., El Emam, K., Rosen Berg, J.: Preliminary guidelines for empirical research in software engineering. IEEE Trans. Softw. Eng. 28(8), 721–734 (2002)CrossRefGoogle Scholar
  17. 17.
    Kitchenham, B., et al.: Systematic literature reviews in software engineering - a systematic literature review. Inf. Softw. Techn. 51(1), 7–15 (2009)CrossRefGoogle Scholar
  18. 18.
    Maibaum, T., Wassyng, A.: A product-focused approach to software certification. Computer 41(2), 91–93 (2008)CrossRefGoogle Scholar
  19. 19.
    Morasca, S., Taibi, D., Tosi, D.: Towards certifying the testing process of open-source software: new challenges or old methodologies? In: Workshop on Emerging Trends in Free/Libre/Open Source Software Research and Development, pp. 25–30. IEEE (2009)Google Scholar
  20. 20.
    Raymond, E.S.: Cathedral and the Bazaar. SnowBall Publishing, La Vergne, TN (1999)Google Scholar
  21. 21.
    Rumrill, P.D., Fitzgerald, S.M., Merchant, W.R.: Using scoping literature reviews as a means of understanding and interpreting existing literature. Work (Reading, Mass.) 35(3), 399–404 (2010)Google Scholar
  22. 22.
    Samoladas, I., Gousios, G., Spinellis, D., Stamelos, I.: The SQO-OSS quality model: measurement based open source software evaluation. In: Russo, B., Damiani, E., Hissam, S., Lundell, B., Succi, G. (eds.) Open Source Development, Communities and Quality. IFIP AICT, vol. 275, pp. 237–248. Springer US, New York (2008)CrossRefGoogle Scholar
  23. 23.
    Sethi, R., Azzi, D., Khusainov, R.: Interoperability and standardisation in community telecare: a review. In: IET Seminar on Assisted Living, pp. 1–6 (2011)Google Scholar
  24. 24.
    Smith, B., et al.: Challenges for protecting the privacy of health information: required certification can leave common vulnerabilities undetected. In: Security & Privacy in Medical & Homecare Systems, pp. 1–12 (2010)Google Scholar
  25. 25.
    Van der Leest, S.H.: ARINC 653 hypervisor. In: IEEE/AIAA 29th Digital Avionics Systems Conference (DASC), pp. 5.E.2–1–5.E.2–20 (2010)Google Scholar
  26. 26.
    Wassyng, A., Maibaum, T., Lawford, M.: On software certification: we need product-focused approaches. In: Choppy, C., Sokolsky, O. (eds.) Monterey Workshop 2008. LNCS, vol. 6028, pp. 250–274. Springer, Heidelberg (2010)Google Scholar
  27. 27.
    West, J., O’Mahony, S.: The role of participation architecture in growing sponsored open source communities. Ind. Innov. 15(2), 145–168 (2008)CrossRefGoogle Scholar
  28. 28.
    Zhao, L., Elbaum, S.: Quality assurance under the open source development model. J. Syst. Softw. 66(1), 65–75 (2003)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2016

Authors and Affiliations

  • Eirini Kalliamvakou
    • 1
  • Jens Weber
    • 1
  • Alessia Knauss
    • 2
    Email author
  1. 1.Department of Computer ScienceUniversity of VictoriaVictoriaCanada
  2. 2.Department of Computer Science and EngineeringChalmers University of TechnologyGothenburgSweden

Personalised recommendations