Four faculty members from the Haslam College of Business and the Tickle College of Engineering have received a National Science Foundation (NSF) grant totaling $1.7 million. The grant funds a joint proposal for research done with Carnegie Mellon University.
Bogdan Bichescu, Randy Bradley, Audris Mockus and Russell Zaretzki will all contribute to a project attempting to map the use of open source code throughout modern software. Open source code can be identified, used and modified by anyone, as opposed to commercial software, which users cannot see or modify and must wait for creators to update.
“Open source software builds upon itself,” says Randy Bradley, an assistant professor of information systems and supply chain management. “There are multiple modules that combine to create powerful enterprise software and even much simpler programs such as your web browsers. The end product is usually a compilation of modules incorporated, adapted or borrowed from other programs, which can result in a ‘black box’ solution.”
These solutions are referred to as ‘black box’ because developers are often unaware which open source elements are buried in the architecture of their software. Tracking the origins of the open code and what software it has now become part of can be extremely complex.
“Tracking the evolution of open source code is possible because both historical and ongoing developments are typically recorded in software repositories that allow any software developer to view, copy and modify the code,” said Russell Zaretzki, the Joe Johnson Faculty Research Fellow and associate professor of business analytics and statistics.
UT plans to employ tracing methods used to study visibility and transparency in traditional supply chains. They believe it may be possible to identify and mitigate risks resulting from open source components even with little to no visibility of where those components originated.
“Supply chain models deal with similar issues to trace recalls,” says Bogdan Bichescu, an associate professor of business analytics and statistics. “A better understanding of the interweaving fabric of open source software development could have implications that ultimately lead to programs that are less vulnerable to disruptions.”
Bichescu, Bradley, Mockus and Zaretzki note that the patterns uncovered when mapping open source software supply chains might also help improve the visibility and reduce the risk of specific disruptions in traditional product- and service-based supply chains.
The project relies on publicly available data as well as snapshots of open source projects taken by Mockus over multiple years. The team will utilize data analytics expertise to find patterns among the developers, file structures and the changes to the code over time.
Business researchers rarely receive NSF grants. However, UT’s team was able to put together a successful proposal by combining their diverse expertise in the areas of supply chain management, business analytics and open source software ecosystems. The team received the grant in the fall of 2016 and anticipate the project will last at least four years.