{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T14:26:05Z","timestamp":1760711165289,"version":"3.41.0"},"reference-count":31,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2023,4,30]],"date-time":"2023-04-30T00:00:00Z","timestamp":1682812800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nd\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Queue"],"published-print":{"date-parts":[[2023,4,30]]},"abstract":"<jats:p>Much of the existing research about open source elects to study software repositories instead of ecosystems. An open source repository most often refers to the artifacts recorded in a version control system and occasionally includes interactions around the repository itself. An open source ecosystem refers to a collection of repositories, the community, their interactions, incentives, behavioral norms, and culture. The decentralized nature of open source makes holistic analysis of the ecosystem an arduous task, with communities and identities intersecting in organic and evolving ways.  Despite these complexities, the increased scrutiny on software security and supply chains makes it of the utmost importance to take an ecosystem-based approach when performing research about open source. This article provides guidelines and best practices for research using data collected from open source ecosystems, encouraging research teams to work with communities in respectful ways.<\/jats:p>","DOI":"10.1145\/3595879","type":"journal-article","created":{"date-parts":[[2023,5,4]],"date-time":"2023-05-04T22:07:03Z","timestamp":1683238023000},"page":"14-34","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Beyond the Repository"],"prefix":"10.1145","volume":"21","author":[{"given":"Amanda","family":"Casari","sequence":"first","affiliation":[{"name":"Google"}]},{"given":"Julia","family":"Ferraioli","sequence":"additional","affiliation":[]},{"given":"Juniper","family":"Lovato","sequence":"additional","affiliation":[{"name":"University of Vermont"}]}],"member":"320","published-online":{"date-parts":[[2023,5,4]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Aguera y Arcas B. Mitchell M. Todorov A. 2017. Physiognomy's new clothes. Medium; https:\/\/medium.com\/@blaisea\/physiognomys-new-clothes-f2d4b59fdd6a."},{"key":"e_1_2_1_2_1","volume-title":"Department of Health and Human Services","author":"Assistant Secretary","year":"2016","unstructured":"Assistant Secretary for Public Affairs. 2016. 3.14 open-source software. Department of Health and Human Services; https:\/\/www.hhs.gov\/open\/2016-plan\/open-source-software.html."},{"key":"e_1_2_1_3_1","doi-asserted-by":"crossref","unstructured":"Burnside M. J. Lewis D. M. Crocket H. Meier R. Williman J. Sanders O. J. Jefferies C. A. Faherty A. M. Paul R. Lever C. S. Wheeler B. J. Jones S. Frewen C. M. Gunn T. Lampey C. De Bock M. 2022. 286-OR The CREATE trial: randomized clinical trial comparing open-source automated insulin delivery with sensor augmented pump therapy in type 1 diabetes. Diabetes 71 (Supplement_1); https:\/\/diabetesjournals.org\/diabetes\/article\/71\/Supplement_1\/286-OR\/146634\/286-OR-The-CREATE-Trial-Randomized-Clinical-Trial.","DOI":"10.2337\/db22-286-OR"},{"issue":"1","key":"e_1_2_1_4_1","article-title":"The CARE principles for indigenous data governance","volume":"19","author":"Carroll S. R.","year":"2020","unstructured":"Carroll, S. R., Garba, I., Figueroa-Rodr\u00edguez, O. L., Holbrook, J., Lovett, R., Materechera, S., Parsons, M., Raseroka, K., Rodriguez-Lonebear, D., Rowe, R., et al. 2020. The CARE principles for indigenous data governance. Data Science Journal 19(1), 43; https:\/\/datascience.codata.org\/articles\/10.5334\/dsj-2020-043\/.","journal-title":"Data Science Journal"},{"key":"e_1_2_1_5_1","volume-title":"equity, and inclusion in open source","author":"Carter H.","year":"2021","unstructured":"Carter, H., Groopman, J. 2021. Diversity, equity, and inclusion in open source. Linux Foundation; https:\/\/8112310.fs1.hubspotusercontent-na1.net\/hubfs\/8112310\/LF%20Research\/2021%20DEI%20Survey%20-%20Report.pdf."},{"key":"e_1_2_1_6_1","volume-title":"How a university got itself banned from the Linux kernel. The Verge","author":"Chin M.","year":"2021","unstructured":"Chin, M. 2021. How a university got itself banned from the Linux kernel. The Verge; https:\/\/www.theverge.com\/2021\/4\/30\/22410164\/linux-kernel-university-of-minnesota-banned-open-source."},{"key":"e_1_2_1_7_1","volume-title":"PayPal, and Microsoft's systems. The Verge","author":"Clark M.","year":"2021","unstructured":"Clark, M. 2021. Security researcher finds a way to run code on Apple, PayPal, and Microsoft's systems. The Verge; https:\/\/www.theverge.com\/2021\/2\/10\/22276857\/security-researcher-repository-exploit-apple-microsoft-vulnerability."},{"volume-title":"Photographs of identifiable people. 2023","author":"Commons","key":"e_1_2_1_8_1","unstructured":"Commons: Photographs of identifiable people. 2023; Wikimedia Commons; https:\/\/commons.wikimedia.org\/wiki\/Commons:Photographs_of_identifiable_people."},{"volume-title":"Personally identifiable information. Glossary","author":"Computer Security Resource Center","key":"e_1_2_1_9_1","unstructured":"Computer Security Resource Center. Personally identifiable information. Glossary. National Institute of Standards and Technology; https:\/\/csrc.nist.gov\/glossary\/term\/personally_identifiable_information."},{"key":"e_1_2_1_10_1","series-title":"Strong Ideas series","volume-title":"Data Feminism","author":"D'Ignazio C.","unstructured":"D'Ignazio, C., Klein, L. F. 2020. Data Feminism. Strong Ideas series. Cambridge, MA: MIT Press."},{"key":"e_1_2_1_11_1","unstructured":"Django. Django's security policies; https:\/\/docs.djangoproject.com\/en\/4.1\/internals\/security\/."},{"key":"e_1_2_1_12_1","doi-asserted-by":"crossref","unstructured":"Dunne J. A. Maschner H. Betts M. W. Huntly N. Russell R. Williams R. J. Wood S. A. 2016. The roles and impacts of human hunter-gatherers in North Pacific marine food webs. Scientific Reports 6(21179); https:\/\/www.nature.com\/articles\/srep21179.","DOI":"10.1038\/srep21179"},{"volume-title":"Roads and bridges: the unseen labor behind our digital infrastructure","author":"Eghbal N.","key":"e_1_2_1_13_1","unstructured":"Eghbal, N. 2016. Roads and bridges: the unseen labor behind our digital infrastructure. Ford Foundation; https:\/\/www.fordfoundation.org\/work\/learning\/research-reports\/roads-and-bridges-the-unseen-labor-behind-our-digital-infrastructure\/."},{"key":"e_1_2_1_14_1","volume-title":"Datasheets for datasets. Communications of the ACM 64(12), 86?92","author":"Gebru T.","year":"2021","unstructured":"Gebru, T., Morgenstern, J., Vecchione, B., Vaughan, J. W., Wallach, H., Daum\u00e9 III, H., Crawford, K. 2021. Datasheets for datasets. Communications of the ACM 64(12), 86?92; https:\/\/cacm.acm.org\/magazines\/2021\/12\/256932-datasheets-for-datasets\/abstract."},{"key":"e_1_2_1_15_1","unstructured":"GitHub Security. 2022. GitHub bug bounty; https:\/\/bounty.github.com."},{"volume-title":"Ethics in the mining of software repositories. Empirical Software Engineering 27(1)","author":"Gold N. E.","key":"e_1_2_1_16_1","unstructured":"Gold, N. E., Krinke, J. 2021. Ethics in the mining of software repositories. Empirical Software Engineering 27(1); https:\/\/dl.acm.org\/doi\/10.1007\/s10664-021-10057-7."},{"key":"e_1_2_1_17_1","volume-title":"Dark Data: Why What You Don't Know Matters.","author":"Hand D. J.","year":"2020","unstructured":"Hand, D. J. 2020. Dark Data: Why What You Don't Know Matters. Princeton, NJ: Princeton University Press."},{"key":"e_1_2_1_18_1","doi-asserted-by":"crossref","unstructured":"Lerner J. Tirole J. 2000. The simple economics of open source. Harvard Business School working paper. SSRN Electronic Journal; https:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=224008.","DOI":"10.2139\/ssrn.224008"},{"key":"e_1_2_1_19_1","series-title":"September 2","volume-title":"The digital economy runs on open source. Here's how to protect it. Harvard Business Review","author":"Lifshitz-Assaf H.","year":"2021","unstructured":"Lifshitz-Assaf, H., Nagle, F. 2021. The digital economy runs on open source. Here's how to protect it. Harvard Business Review (September 2); https:\/\/hbr.org\/2021\/09\/the-digital-economy-runs-on-open-source-heres-how-to-protect-it."},{"volume-title":"Privacy in Context, 186?230.","author":"Nissenbaum H.","key":"e_1_2_1_20_1","unstructured":"Nissenbaum, H. 2009. Privacy rights in context. In Privacy in Context, 186?230. Redwood City, CA: Stanford University Press."},{"key":"e_1_2_1_21_1","unstructured":"Office of Research and Development USEPA. 2014. EPANET; https:\/\/www.epa.gov\/water-research\/epanet."},{"key":"e_1_2_1_22_1","unstructured":"Open Source Initiative. 2007. The open source definition; https:\/\/opensource.org\/osd."},{"key":"e_1_2_1_23_1","unstructured":"Open Source Initiative. 2023; https:\/\/opensource.org."},{"key":"e_1_2_1_24_1","volume-title":"The economic motivation of open-source software: stakeholder perspectives. Computer 40(4), 25?32","author":"Riehle D.","year":"2007","unstructured":"Riehle, D. 2007. The economic motivation of open-source software: stakeholder perspectives. Computer 40(4), 25?32; https:\/\/dl.acm.org\/doi\/10.1109\/MC.2007.147."},{"key":"e_1_2_1_25_1","volume-title":"Confluence Mobile position paper","author":"Ruby S.","year":"1995","unstructured":"Ruby, S. 2022. Confluence Mobile position paper. Apache Software Foundation; https:\/\/cwiki.apache.org\/confluence\/plugins\/servlet\/mobile?contentId= 199530455&s=09#content\/view\/199530455."},{"key":"e_1_2_1_26_1","volume-title":"A walk through Project Zero metrics. Google Project Zero blog","author":"Schoen R.","year":"2022","unstructured":"Schoen, R. 2022. A walk through Project Zero metrics. Google Project Zero blog; https:\/\/googleprojectzero.blogspot.com\/2022\/02\/a-walk-through-project-zero-metrics.html."},{"volume-title":"The penumbra of open source: projects outside of centralized platforms are longer maintained, more academic and more collaborative. EPJ Data Science 11(31)","author":"Trujillo M. Z.","key":"e_1_2_1_27_1","unstructured":"Trujillo, M. Z., H\u00e9bert-Dufresne, L., Bagrow, J. 2022. The penumbra of open source: projects outside of centralized platforms are longer maintained, more academic and more collaborative. EPJ Data Science 11(31); https:\/\/epjdatascience.springeropen.com\/articles\/10.1140\/epjds\/s13688-022-00345-7."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236062"},{"volume-title":"Data Privacy Management, Cryptocurrencies and Blockchain Technologies","author":"Wagner I.","key":"e_1_2_1_29_1","unstructured":"Wagner, I., Boiten, E. 2018. Privacy risk assessment: from art to science, by metrics. In Data Privacy Management, Cryptocurrencies and Blockchain Technologies. Springer International Publishing; https:\/\/www.springerprofessional.de\/en\/privacy-risk-assessment-from-art-to-science-by-metrics\/16103664."},{"key":"e_1_2_1_30_1","volume-title":"The FAIR Guiding Principles for scientific data management and stewardship. Scientific Data, 3(160018)","author":"Wilkinson M. D.","year":"2016","unstructured":"Wilkinson, M. D., Michel Dumontier, M., Aalbersberg, I. J., Appleton, G., Axton, M., Baak, A., Blomberg, N., Boiten, J.-W., da Silva Santos, L. B., Bourne, P. E., et al. 2016. The FAIR Guiding Principles for scientific data management and stewardship. Scientific Data, 3(160018); https:\/\/www.nature.com\/articles\/sdata201618."},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR52588.2021.00036"}],"container-title":["Queue"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3595879","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3595879","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:48:39Z","timestamp":1750286919000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3595879"}},"subtitle":["Best practices for open source ecosystems researchers"],"short-title":[],"issued":{"date-parts":[[2023,4,30]]},"references-count":31,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2023,4,30]]}},"alternative-id":["10.1145\/3595879"],"URL":"https:\/\/doi.org\/10.1145\/3595879","relation":{},"ISSN":["1542-7730","1542-7749"],"issn-type":[{"type":"print","value":"1542-7730"},{"type":"electronic","value":"1542-7749"}],"subject":[],"published":{"date-parts":[[2023,4,30]]},"assertion":[{"value":"2023-05-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}