Table of Contents

Olivia A. Gallucci

Offensive Security, Open Source, and Glitter

Literature Reviews on Open Source

A penguin in light blue water. Used on a post about Olivia Gallucci's Literature reviews.

Literature reviews

In this post, I share the literature reviews I wrote for the Humanitarian Free and Open Source Software Development (HFOSS) course at Rochester Institute of Technology (RIT). I took this course in 2021, and the information in this post comes from the old HFOSS’21 blog. As I added more posts to my blog, I decided to combine my literature reviews into one post to make it clear that they were all written for an undergraduate class.

What are literature reviews

A literature review is an analysis and summary of existing research or publications on a particular topic. The purpose of a literature review is to provide an overview of what is known about the topic and to identify gaps or inconsistencies in the existing research.

🌸👋🏻 Join 9,500+ followers! Let’s take this to your inbox. You’ll receive occasional emails about whatever’s on my mind—offensive security, open source, academics, boats, software freedom, you get the idea.

Types of literature reviews

There are several types of literature reviews, including:

  • Narrative Literature Review: This type of literature review involves a comprehensive and systematic review of the literature on a specific topic without using statistical methods to analyze the data.
  • Systematic Literature Review: A systematic review is a more structured approach to reviewing the literature. It involves a comprehensive and rigorous search of the literature on a particular topic, with a specific methodology to identify, assess and analyze the literature.
  • Meta-analysis: This type of literature review involves statistical analysis of the data from a collection of studies on a particular topic, with the goal of identifying patterns, relationships, and trends.
  • Scoping Review: A scoping review is a type of literature review that aims to map the key concepts, theories, and sources of evidence on a particular topic, without necessarily answering a specific research question.
  • Critical Review: A critical review is an in-depth analysis of the literature on a particular topic that includes an evaluation of the strengths and weaknesses of the studies reviewed. It aims to identify gaps in the existing research and to provide recommendations for future research.

This post consists of four scoping reviews. Here are the titles of my literature reviews:

The Organization for Ethical Source: Increasing the Adoptability of Ethical Licenses

Literature review summary

Ethical-Source Movement Opens New Open-Source Organization by Steven J. Vaughan-Nichols details the creation of the Organization for Ethical Source (OES). OES is a non-profit created by ethical source advocates. The goal of OES is to increase the adoption of Ethical Source licenses.

Why should you read this article?

Vaughan-Nichols provided ample context to the creation of ethical source licenses. Ethical source licensing has a long history, and it mostly consists of failures; OES’ goal is to change that. For example, some ethical licenses (i.e., Hippocratic License 2.1) use the MIT open-source license as a backbone; then, add human rights clauses in the United Nations Universal Declaration of Human Rights and Global Compact. The human rights clauses are what makes the license ethical. Vaughan-Nichols explanation of standard licensing, and ethical source licensing, helps the reader understand the differences between them.

Another benefit of the article is that Vaughan-Nichols explores the perspectives of OES’ legal and funding bodies. OES’ partners like the Corporate Accountability Lab, a pro bono legal team, and the Omidyar Network, a philanthropic investment firm, are quoted. This helps the reader understand the development and structure of OES as an organization.

The article also provides why some licenses in open source are incompatible with ethical licenses. The primary reason open source and ethical licenses are incompatible is because some open source licenses include Freedom Zero. Freedom Zero allows software to run for any purpose.

Freedom zero, the right to run the program for any purpose, comes first in the four freedoms because if users do not have that right with respect to computer programs they run, they ultimately do not have any rights in those programs at all. Efforts to give permission only for good uses, or to prohibit bad ones in the eyes of the licensor, violate the requirement to protect freedom zero. Thus they cannot be free software licenses, and cannot be “open source” licenses unless that category now includes licenses that don’t protect all the fundamental software freedoms.

Eben Moglen, Columbia law professor, 2019

Freedom Zero allows software to be used for the creation of a bomb or for the work of a local charity. Ethical licenses want to restrict the usage of their software (i.e. the software should not help with the creation of a bomb, but can be used to help a local charity). Vaughan-Nichols decision to include the conflict between open and ethical source helps the reader understand that they do not perfectly overlap; this is critical for the reader to understand because many ethical source advocates promote open source software.

Questions and critiques

The article left me wondering about the effectiveness of Fortune 500 company ethics. Vaughan-Nichols notes that ethics are appearing in “numerous big tech companies” that produce artificial intelligence software like Google and Microsoft. Google and Microsoft have drowned in ethics-related controversies; Google’s secret search engine built for the Chinese government to Microsoft’s contract with ICE are microscopic compared to their overall collection of ethical violations. Given Google and Microsoft’s lack of credibility, it was not effective for Vaughan-Nichols to cite them as companies including ethics in their software production. Vaughan-Nichols should expand upon his reasoning for including immoral companies as promoters of ethical software production; at present, it is difficult for the reader to follow his train of thought.

Another issue is that the article does not explain how OES plans on increasing the adoptablity of ethical source licenses. Specifically, Vaughan-Nichols overlooks why ethical-source licensing has previously failed, and how OES will improve the adoptablity of ethical source licenses. This would give the reader insight as to why ethical source licensing has failed, and what OES plans on doing to improve the adoption of ethical source licenses. In short, Vaughan-Nichols disregards the topic of his article: what is OES doing to promote ethical source licenses?

Lastly, Vaughan-Nichols’ article should have included more information about the potential success and failures of OES. Vaughan-Nichols should provide his input, or the input of an OES advocate and OES detractor, to where they think the fate of OES and ethical source licenses will be.

Questions

  • OES promotes ethical licenses because of companies like Google and Microsoft’s immoral software usage. Why does Vaughan-Nichols compare the ethical practices of OES to the immoral practices of Google and Microsoft?
  • What do experts say about OES’ future?
  • What is Vaughan-Nichols opinion of OES, and what are his predictions about the future success or failure of OES?

Conclusion

This article provides a meaningful update to what is going on in the ethical source community. The article provides a neutral standpoint on an ideologically driven issue, but does not provide expert opinions. Providing multiple opinions on the future of OES and ethical source licensing gives readers insight as to why some people support initiatives like OES, and why others reject ethical source licenses entirely.

Overall, I give this article 6/10 starts. (Bad=0-3; Good=4-6; Great=7-10).

How Small Businesses and Organizations can Manage Open Source Components

Literature review summary

7 Best Practices for Managing Open Source Components by Limor Wainstein is an overview of how to use community-driven open source software in a business environment. The article included actionable steps, which help companies organize their existing projects, so that they can be safely managed. These steps are policy, update promptly, empathize quality, use a binary repo manager, participate in the community, control build with tools, and fork when possible.

Why should you read this article?

Wainstein explains how to implement each step, and provides caveats and hazards to consider at each step. The article is similar to something on WikiHow or in the Dummies book series; Wainstein takes a complex issue, and simplifies it to make the issue solvable for lay people.

Additionally, Wainstein leaves the steps open-ended, but provides enough information to make the caveats and hazards easily searchable. This way, readers can apply her solutions to their specific needs, and find the resources they need to succeed. Lastly, Wainstein’s article is concise and organized. Wainstein has a fabulous, cookie-cutter essay outline, which makes it easy for the reader to follow. Wainstein introduces the topic, supports her thesis, and concludes the article. Although essay formatting is taught in most schools, it is rarely perfected; Wainstein’s article is close to perfection.

Critiques

The article’s link contains “5-best-practices-for-managing-open-source-components,” but the article lists seven reasons; this is a bit sloppy, but Altexsoft may not update URLs after the initial article has been published. Another issue with the article is the conclusion. Wainstein’s introduction and body are thorough, and provide the reader with lots of details. The conclusion, however, is very short and does a poor job summarizing the information provided in the introduction (mainly, her hypothesis) and body of the article.

Questions

  • Is it normal for websites to keep the same URL if the article is updated?
  • How often are guest writers featured on company blogs?
  • Why does Altexsoft choose an independent writer when they could use their own writers to implement Altexsoft’s products and solutions into the article?

New Open Source Projects Combating Racism

Literature review summary

IBM, Call for Code, and the Linux Foundation announce new open source projects to combat racism by Tristan Greene discusses seven, innovative open source projects trying to combat racism. The seven projects are Fair Change, TakeTwo, Five Fifths Voter, Legit-Info, Incident Accuracy Reporting System, and Open Sentencing. Each project promotes racial equity through online mediums; examples include, fixing racially-biased facial recognition and artificial intelligence programs, promoting information accuracy, voting strategies, easy-to-read documentation of local laws and regulations, and collaborative-witness police reports.

Why should you read this article?

Greene’s article is hyper-focused. It is similar to a secretary’s meeting notes because Greene only states the programs’ objectives and intentions; he does not give his analysis on the programs’ effectiveness or legitimacy. Articles like this are unusual because of the internet’s politically charged culture.

The article is structured in this format: introduction, project descriptions, and where to find more information. The project descriptions include their history and what they hope to accomplish. Most importantly, the project descriptions are thorough and simply worded.

Greene’s article does not leave much room for critiques or questions. He cites his sources, and he does not give his own take on the projects. This is important because many articles that push a specific view do not include a fair explanation of detractors’ views. However, articles like Greene’s are politically neutral. Overall, this allows readers to gauge their interest in the projects without feeling politically charged.

Critiques

The only issue with this article is that it excludes how to get involved. For example, what demographic are the projects looking for (i.e. people of color, writing skills, bilingual, volunteers or paid workers, etc…)? Including this information would help the reader define their role in the projects if they wanted to join. At the end of the article, Greene includes a link to learn more, but it would be more effective to disbursed links throughout the article.

Questions

  • Who can contribute? Are these projects looking for people with a specific skill set or background? Are these projects looking for volunteers, new employees, or are they only open to employees at IBM, Call for Code, and the Linux Foundation?
  • What skills are necessary for each project?
  • How can readers contribute to these projects?

Literature review summary

The The New York Times published The Defenders of Free Software by Ashlee Vance in 2010. It is about an enthusiastic, free and open source software (FOSS) volunteer watchman named Armijn Hemel. Vance chronicles Hemel’s experience sending cease-and-desist letters to large companies–like Dell, Google, TiVo and Sony–who use FOSS, but do not follow the conditions of FOSS licenses. He explains that licensing enforcement is a recurring problem because large companies “often opt to piggyback on the work of others rather than going through the ordeal of building all of the software for their products from scratch.” Vance examines potential solutions to this problem; mainly, that some FOSS and open source groups, like the Linux Foundation, are creating programs to make it easier for companies to keep track of the licenses they are using, so they can avoid lawsuits.

Why should you read this article?

Vance explains the lifestyle, intentions, and outcomes of Hemel’s work, which helps the reader understand why Hemel (and other FOSS volunteers) promote licensing enforcement. The article is personal, but also explains the broader implications of FOSS activism in the legal sphere. In addition, Vance mentions activist groups like the Software Freedom Law Center and gpl-violations.org. Name-dropping these organizations allows the reader to learn more about those groups.

Critiques

Although Vance explains what legal FOSS volunteers undertake, he excludes how FOSS activists can contribute to the legal sphere. Additionally, he excludes information about what contributor qualifications projects desire. The article leaves out details about the effectiveness of the current volunteers, and does not predict if the solutions provided by the Linux Foundation will be effective in educating big companies on how to follow licenses. This point is important because most FOSS licenses are short and easy to follow. Lastly, some of the information Vance includes does not make sense for readers who do not understand business or law. For example, Vance states that “lawsuits are typically settled out of court,” but does not explain why a company would want to settle in or out of court.

Questions

  • How can FOSS activists contribute to the FOSS legal sphere?
  • What qualifications and experience does Hemel have? What about other volunteers in FOSS law?
  • Why are FOSS lawsuits normally settled out of court?

Open Source Open for Business

Literature review summary

Open Source Open for Business–written by Bill Brigge, Stefan Kircher, and Michael Bechtel–is about how large companies interact with open source software (OSS). Specifically, this article is about the current benefits and future potential of companies using OSS in business. The piece focuses on the advantages OSS offers and some of the untapped advantages OSS can provide companies. Deloitte Touche Tohmatsu Limited (Deloitte for short) sponsored the article, and The Wall Street Journal published the article.

I read this article because I am co-oping at Deloitte’s 30 Rockefeller Head Quarters this summer. I thought reading this would be a great way to learn about open source at Deloitte.

Why should you read this article?

This article offers insight as to where large companies are spending money. For example, Deloitte and Datawheel created a joint research effort called Open Source Compass, and the article includes statistics from the research they conducted.

Another benefit of this article is that it examines ideas rarely discussed in open source communities (OSC). Specifically, the authors note how contributing to OSCs can increase productivity, growth, knowledge, and security. However, this is weird because many older companies–particularly those involved with finance and legal work–focus on profits and secrecy. Since profits drive the economy, it is interesting that a large company like Deloitte would endorse and contribute to OSCs. In addition, the authors describe how OSS is beneficial for auditing because all the code is publicly available.

Lastly, Deloitte acknowledges that participating in OSCs provides junior developers with opportunities to “read code written by more experienced codes and highly creative pioneers.” Although universities and OSCs acknowledge this benefit, it is rare to see large companies recommending OSS for junior developers to gain experience. Again, this is surprising because older private companies tend to favor proprietary software.

Critiques on Open Source Open for Business

The authors mention companies contributing to OSS, but exclude examples of companies contributing. The authors state that “for technology capabilities at the core of strategic differentiation, a healthy reluctance to depend on–let alone share expertise with–anyone outside the organization’s direct control is in order.” Although that notion makes sense, it conveys that a company’s “core of strategic differentiation” consists of all internally developed software. In other words, all internally developed code gives companies a competitive edge, and therefore, should not be shared.

Questions

  • Why do the authors claim that it is beneficial for companies to contribute to OSS without providing any examples?
  • Does Deloitte contribute to the OSS they use? If so, how?

Open source literature reviews

The literature reviews I wrote during the 2021 Humanitarian Free and Open Source Software Development (HFOSS) course at Rochester Institute of Technology provided basic insights into various aspects of open-source software development, as well as its applications in humanitarian contexts. Through my reviews, I learned about the challenges and opportunities associated with the development and use of humanitarian FOSS projects. Additionally, I learned about the importance of collaboration, community building, and user engagement in successful open-source development. Overall, I believe that the knowledge and skills I gained during this course were useful in my endeavors as a software developer. Additionally, I hope future HFOSS students can use my reviews as sample responses for the literature review assignments.

I hope you enjoyed this post on my open source literature reviews. If you want to learn more about open source or HFOSS, consider reading Contributing to Open Source at RIT.

, , , , ,

Portrait of Olivia Gallucci in garden, used in LNP article.

Written by Olivia Gallucci

Olivia is an honors student at the Rochester Institute of Technology. She writes about security, open source software, and professional development.

Discover more from Olivia A. Gallucci

Subscribe now to keep reading and get access to the full archive.

Continue reading