On the security of open source software

@article{Payne2002OnTS,
  title={On the security of open source software},
  author={Christian N. Payne},
  journal={Information Systems Journal},
  year={2002},
  volume={12}
}
Abstract With the rising popularity of so‐called ‘open source’ software there has been increasing interest in both its various benefits and disadvantages. In particular, despite its prominent use in providing many aspects of the Internet's basic infrastructure, many still question the suitability of such software for the commerce‐oriented Internet of the future. This paper evaluates the suitability of open source software with respect to one of the key attributes that tomorrow's Internet will… 
Open source vs. closed source software: towards measuring security
TLDR
The state-of-the-art of the security debate is discussed, and new metrics are proposed, which allows to answer the question to what extent the review process of open source and closed source development has helped to fix vulnerabilities.
Increasing Software Security through Open Source or Closed Source Development? Empirics Suggest that We have Asked the Wrong Question
  • G. Schryen, E. Rich
  • Computer Science
    2010 43rd Hawaii International Conference on System Sciences
  • 2010
TLDR
The results suggest that it is not the particular software development style that determines the severity of vulnerabilities and vendors' patching behavior, but rather the specific application type and the policy of the particular development community, respectively.
Security vulnerabilities in open source projects: An India perspective
Educational and governmental organizations are heavy users of Free and Open Source Software (FOSS) due to the numerous economic advantages it offers. But because of the lack of formal notification of
To prevent them from entering, provide the keys
TLDR
This paper states the arguments given by both Closed Source Software (CSS) editors and free software holders and proposes a strategy of security based on the heterogeneity of the computers owned by a company.
Modelling the Economics of Free and Open Source Software Security
TLDR
A quantitative approach based on system dynamics to validate stated claims about F/OSS security and its economic aspects is proposed and an illustrative example supports belief in the validity of the system dynamics approach as a testing vehicle to explain observed phenomena and support or disprove argued hypotheses.
Industry-Wide Analysis of Open Source Security
TLDR
The goal of this research is to analyzes the popularity of various OSS projects among various industries but also provides insights into the security vulnerabilities and their impact on various industries that consume those O SS projects.
A Comprehensive and Comparative Analysis of the Patching Behavior of Open Source and Closed Source Software Vendors
  • G. Schryen
  • Computer Science
    2009 Fifth International Conference on IT Security Incident Management and IT Forensics
  • 2009
TLDR
The results of the analysis suggest that it is not the particular software development style that determines patching behavior, but rather the policy of the particular Software Vendor, including operating systems, database systems, web browsers, email clients, and office systems.
Security of Open Source and Closed Source Software: An Empirical Comparison of Published Vulnerabilities
TLDR
Analysis and comparing published vulnerabilities of eight open source software and nine closed source software packages provides an extensive empirical analysis of vulnerabilities in terms of mean time between vulnerability disclosures, the development of disclosure over time, and the severity of vulnerabilities.
Commercial software companies and open source community reaction to disclosed vulnerabilities: Case of Windows Server 2008 and Linux patching
  • M. Zineddine, C. Alaoui, N. Saidou
  • Computer Science
    2017 International Conference on Wireless Technologies, Embedded and Intelligent Systems (WITS)
  • 2017
TLDR
Light is shed on the perception about the security divide between open source and closed software under study that is, although the commercial companies respond faster, however, not according to the severity of vulnerabilities disclosed.
The Application of DEA to Measure the Efficiency of Open Source Security Tool Production
TLDR
The result of this research is a model that can be used by project developers to evaluate the relative efficiency of their projects, and determines the number of inefficient projects benchmarking each efficient project.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 31 REFERENCES
The Role of the Development Process in Operating System Security
TLDR
The results not only show that a consideration of security at all phases of development leads to significantly more secure products, but also indicates the specific roles that each development phase plays in this process.
Security through design as a paradigm for systems development
TLDR
Examination of the influence that the development approach, as viewed from a "waterfall" model perspective, has upon the effective security of the final system showed that systems which considered security at every phase of the development process demonstrated markedly better degrees of security.
INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD
Abstract : For many years, the security research community has focused on the confidentiality as security, an a solid analytical foundation for addressing confidentiality issues has evolved. Now it
Security in computing
TLDR
This book describes the security pitfalls inherent in many important computing tasks today and points out where existing controls are inadequate and serious consideration must be given to the risk present in the computing situation.
Practical UNIX and Internet Security
TLDR
This book discusses computer security basics, network and Internet security, auditing, Logging, and Forensics, and the role of Unix in the modern deployment environment.
Kerberos: an authentication service for computer networks
TLDR
The authors concentrate on authentication for real-time, interactive services that are offered on computer networks, which includes remote login, file system reads and writes, and information retrieval for applications like Mosaic.
SSH: secure login connections over the internet
SSH provides secure login, file transfer, X11, and TCP/IP connections over an untrusted network. It uses cryptographic authentication, automatic session encryption, and integrity protection for
Open Sources: Voices from the Open Source Revolution
From the Publisher: Now in Open Sources, for the first time leaders of Open Source come together to discuss the new vision of the software industry they have created, through essays that explain how
Reflections on trusting trust
To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.
The myth of open source security
  • 2000
...
1
2
3
4
...