Caveat emptor, or let the buyer beware, is commonly attributed to open source software (OSS)-the onus is on the OSS consumer to ensure that it is fit for use in the consumer's context. OSS has been compared to an open market bazaar where consumers are free to browse all the source code and take a copy. In this paper, we observe challenges for the OSS consumer to obtain information about the process(es), project(s) used to produce a product and the protection(s) employed by those projects. We discuss the need for more transparency by OSS projects, where possible and introduce a framework for reasoning about those OSS projects and their products for use by the OSS consumer.

翻译：“买者自负”（Caveat emptor）常被用于描述开源软件——即应由开源软件消费者自行确保软件在其使用场景中的适用性。开源软件被比作自由市场集市，消费者可以自由浏览全部源代码并获取副本。本文探讨了开源软件消费者在获取以下信息时面临的挑战：产品的生产过程与项目背景、以及这些项目所采用的安全保护措施。我们论证了在可能的情况下提升开源项目透明度的必要性，并提出了一个用于评估开源项目及其产品的分析框架，以辅助消费者进行决策。