This research will provide a strong scientific basis for assessing, monitoring, and signaling the condition of critical open source software infrastructure with the aim of enhancing its sustainability. As a society, we rely increasingly on open source digital infrastructure for Internet connectivity and for products and services in every sector of the economy. It is crucial that we develop effective ways of monitoring the state of this infrastructure and find viable ways to ensure its continued support if we are to avoid disasters caused by security bugs or data-loss glitches, and to provide a predictable, stable foundation for the development of software products. It was long thought that jointly held resources were doomed to serious underinvestment because of the individually rational yet collectively destructive "tragedy of the commons" behavior, where resources are overused, under provisioned, and depleted. Running counter to the many disasters, predicted by theory and played out in the world, there are also existing communities that successfully sustain jointly held resources. This research will identify infrastructure and provide signals that will enable volunteers and companies to take effective action, also showing potential funders where they are most needed.
The conceptual starting point is the framework of common pool resources (CPR) - economic principles governing how resources that are jointly held can be managed effectively in order to avoid depletion. This framework will be used as a lens to understand how open source maintenance effort can be used sustainably. This integrated program of research will: (1) conduct and use a census of virtually all open source repositories to identify networks and infrastructure widely relied upon; (2) develop measures and predictive models indicating when and where the effort needed to maintain the infrastructure is in short supply; (3) conduct mixed-method studies of open source ecosystems focused on practices, norms, rules, and actions influencing infrastructure sustainability; (4) design, develop, and deploy at limited scale a monitoring capability to signal infrastructure status to participants; (5) deploy a modeling service that will allow supporters and users to predict the ripple effects of using or supporting projects; and (6) assess the impact of the monitoring and signaling deployment on sustainability practices. The project will make five key research contributions: (1) extend the CPR framework into the digital realm, where it is challenged by scale, by the differentiation of the resource (skilled effort), and by the embedding of the resource in network dependencies; (2) develop algorithms for identifying infrastructure and its connections to the ecosystem depending on it; (3) provide a foundation for better decision-making by exposing fragility and critical lack of resources; and (4) bring to light the variety of norms, rules, and practices for managing infrastructure effort and how they are impacted by signals of infrastructure status.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
