Does your mother know you're here? Understanding software artifact provenance.
"Provenance" is a term from archaeology and the arts that refers to a set of evidence supporting the claimed origin of an artifact, such as a piece of pottery or an oil painting. Recently, the term has been used in an electronic context -- "digital provenance" -- to indicate an artifact such as a software component or set of data, really is what it claims to be and should be permitted to be used within sensitive operating environments. In this talk, I suggest how we can stretch the definition further to encompass the idea of "software artifact provenance". That is, for a given software development artifact such as a user-visible feature, a source code function, or a third-party library, we might want to ask the question: Where did this come from? What is the evidence? And, if it has been developed externally, does its license permit reuse within the current context? In this talk I will sketch some of the ideas behind this work, and show how we might phrase some of these questions in terms of concrete criteria. In particular, we will concentrate on simple techniques for reducing a large search space of candidates down to a small handful that can be examined in detail using more expensive techniques.
Michael W. Godfrey is an associate professor in the David R. Cheriton
School of Computer Science at the University of Waterloo. During the
academic year 2011-12, he is on sabbatical at CWI in Amsterdam.