Underproduction: An Approach for Measuring Risk in Open Source Software
This addresses a critical risk for users and maintainers of widely adopted open source software, though it is incremental in applying existing statistical methods to a new conceptual framework.
The paper tackles the problem of 'underproduction' risk in open source software, where volunteer labor misaligns with demand, by developing a framework and statistical method applied to 21,902 Debian packages and 461,656 bugs, revealing widespread underproduction in widely-installed components.
The widespread adoption of Free/Libre and Open Source Software (FLOSS) means that the ongoing maintenance of many widely used software components relies on the collaborative effort of volunteers who set their own priorities and choose their own tasks. We argue that this has created a new form of risk that we call 'underproduction' which occurs when the supply of software engineering labor becomes out of alignment with the demand of people who rely on the software produced. We present a conceptual framework for identifying relative underproduction in software as well as a statistical method for applying our framework to a comprehensive dataset from the Debian GNU/Linux distribution that includes 21,902 source packages and the full history of 461,656 bugs. We draw on this application to present two experiments: (1) a demonstration of how our technique can be used to identify at-risk software packages in a large FLOSS repository and (2) a validation of these results using an alternate indicator of package risk. Our analysis demonstrates both the utility of our approach and reveals the existence of widespread underproduction in a range of widely-installed software components in Debian.