Open Source Software is being used in various products and the number of OSS components in one product can now be in the thousands. As a result, it has become too complex for a human to properly assess the mix of information such as licence and vulnerability of the OSS components. So It has become necessary to reduce the complexity of OSS by automatically collecting and constructing vulnerability and license information.
This research will focus on creating an automated method of collating relevant information including version controls, bill of materials, license checks, security information etc and presenting it to humans in an easy to understand way and to estimate the effectiveness of it. We expect the successful candidate to propose new methods to reduce management costs and the number of errors. We expect the outcome of the research to be applied to real products.
Knowledge and Skills Required
Linux system administration skill, Programming experience (e.g. Java, C, Python), Software version control skill with git et.al, and OSS compliance and vulnerability basic concept.