API trustworthiness: an ontological approach for software library adoption

The globalization of the software industry has led to an emerging trend where software systems depend increasingly on the use of external open-source external libraries and application programming interfaces (APIs). While a significant body of research exists on identifying and recommending potentially reusable libraries to end users, very little is known on the potential direct and indirect impact of these external library recommendations on the quality and trustworthiness of a client's project. In our research, we introduce a novel Ontological Trustworthiness Assessment Model (OntTAM), which supports (1) the automated analysis and assessment of quality attributes related to the trustworthiness of libraries and APIs in open-source systems and (2) provides developers with additional insights into the potential impact of reused libraries and APIs on the quality and trustworthiness of their project. We illustrate the applicability of our approach, by assessing the trustworthiness of libraries in terms of their API breaking changes, security vulnerabilities, and license violations and their potential impact on client projects.