Electronic Communications of the EASST Volume 33 (2010) Proceedings of the Fourth International Workshop on Foundations and Techniques for Open Source Software Certification (OpenCert 2010) Preface 4 pages Guest Editors: Luis S. Barbosa, Antonio Cerone, Siraj A. Shaikh Managing Editors: Tiziana Margaria, Julia Padberg, Gabriele Taentzer ECEASST Home Page: http://www.easst.org/eceasst/ ISSN 1863-2122 http://www.easst.org/eceasst/ ECEASST Preface Over the past decade, the Open Source Software (OSS) phenomenon has had a global im- pact on the way software systems and software-based services are developed, distributed and deployed. Widely acknowledged benefits of OSS include reliability, low development and main- tenance costs, as well as rapid code turnover. Linux distributions, Apache and MySQL stand, among many other examples, as a testimony to its success and resilience. In the meantime companies understood that integrating OSS into commercial products, through liberal OSS licenses, reduce development costs while offering high-quality, extensively tested components. Furthermore, Governments became aware of the growing dependence of their ad- ministrations on proprietary formats and software, and start regarding OSS as a warranty of technological independence. However, state-of-the-art OSS, by the very nature of its open, unconventional, distributed development model, make software quality assessment, let alone full certification, particularly hard to achieve, raising important challenges both from a technical, methodological or manage- rial perspective. This makes the use of OSS, and, in particular, its integration within complex industrial-strength applications, with stringent security requirements, a risk. And, simultane- ously an opportunity and a challenge for rigorous, mathematically based, methods in software analysis and engineering. In such a context, the aim of the OPENCERT series of workshops is to bring together re- searchers from academia and industry who are broadly interested in the quality assessment of open source software projects, ultimately leading to the establishment of coherent certification processes, at different levels. The 1st International Workshop on Foundations and Techniques for Open Source Software Certification (OPENCERT 2007) was held on 31 March 2007 in Braga, Portugal, as a satellite event of ETAPS 2007 (the 10th European Joint Conferences on Theory and Practice of Software). In the following year, on 10 September, OPENCERT 2008 was held in Milan, Italy, jointly with the International Workshop on Foundations and Techniques bringing together Free/Libre Open Source Software and Formal Methods (FLOSS-FM 2008), as a satellite event of OSS 2008. The proceedings of the workshop were published as Technical Report No. 398 of the United Nations University International Institute of Software Technology (UNU-IIST). In 2009, OPENCERT was again co-located with ETAPS and held on 28 March 2009 in York, United Kingdom. Post- proceedings appeared as volume 20 of the Electronic Communications of the EASST. This volume contains the post-proceedings of the 4th International Workshop on Foundations and Techniques for Open Source Software Certification (OPENCERT 2010) held from 17 to18 September 2010, in Pisa, Italy, as a satellite event of the 8th IEEE International Conference on Software Engineering and Formal Methods (SEFM’10). The volume includes a total of eleven regular papers spanning from security certification, source code analysis and tools to discussion of empirical studies and educational concerns. Two invited contributions are also included: one by Panagiotis Katsaros and Ioannis Stamelos, from Aristotle University of Thessaloniki, Greece, on Component certification as a prerequisite for widespread OSS reuse, and another by Mario Fusani and Eda Marchetti, from CNR-ISTI, Italy, on Damages and Benefits of Certification: A perspective from an Independent Assessment Body. The organizers are most grateful for both invited lectures. 1 / 4 Volume 33 (2010) Preface This gratitude extends to all members of the Program Committee for their hard work on re- viewing and selecting submissions, and, of course, to all authors without whom OPENCERT 2010 would not have been possible. A final word of thanks is due to SEFM 2010 Organizing Committee, with a particular mention to Maurice ter Beek, who served as Satellite Events chair, and all staff at Pisa, for providing such a smooth and pleasant workshop venue. Pisa, September, 2010. Luis S. Barbosa, Minho University, Portugal Antonio Cerone, United Nations University, Macau SAR China Siraj Ahmed Shaikh, Coventry University, United Kingdom Proc. OpenCert 2010 2 / 4 ECEASST Committees Steering Committee • Bernhard Aichernig, Technische Universität Graz, Austria • Antonio Cerone, UNU-IIST, United Nations University, Macau SAR China • Martin Michlmayr, University of Cambridge, UK • David von Oheimb, Siemens Corporate Technology, Germany • José Nuno Oliveira, DI-CCTC, Universidade do Minho, Portugal Program Committee • Bernhard Aichernig, Technische Universität Graz, Austria • Admir Abdurahmanovic, PrimeKey, Sweden • Luis Soares Barbosa, DI-CCTC, Universidade do Minho, Portugal (Co-chair) • Andrea Capiluppi, University of East London, UK • Antonio Cerone, UNU-IIST, United Nations University, Macau SAR China (Co-chair) • Gabriel Ciobanu, Faculty of Computer Science, A.I. Cuza University, Romania • Ernesto Damiani, Universit di Milano, Italy • Jim Davies, University of Oxford, UK • Roberto Di Cosmo, Universit Paris Diderot / INRIA, France • Fabrizio Fabbrini, ISTI-CNR, Italy • Maria João Frade, DI-CCTC, Universidade do Minho, Portugal • Jesus Arias Fisteus, Universidad Carlos III de Madrid, Spain • Dan Ghica, University of Birmingham, UK • Tomasz Janowski, UNU-IIST, United Nations University, Macau SAR China • Paddy Krishnan, Bond University, Australia • Paolo Milazzo, Dipartimento di Informatica, Universit di Pisa, Italy • José Miranda, MULTICERT, Portugal • John Noll, LERO, Ireland 3 / 4 Volume 33 (2010) Preface • Alexander K. Petrenko, ISP, Russian Academy of Science, Russian Federation • Simon Pickin, Universidad Carlos III de Madrid, Spain • Siraj Shaikh, Coventry University, UK (Co-chair) • Sulayman K. Sowe, UNU-MERIT, United Nations University, The Netherlands • Ralf Treinen, PPS, Universit Paris Diderot, France • Joost Visser, Software Improvement Group, The Netherlands • David von Oheimb, Siemens Corporate Technology, Germany • Tanja Vos, Universidad Politcnica de Valencia, Spain • Anthony Wasserman, Carnegie Mellon Silicon Valley, US Proc. OpenCert 2010 4 / 4