Software security in open source development: A systematic literature review

Wen, Shao-Fang

doi:10.23919/fruct.2017.8250205

Cited by 19 publications

(8 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Despite this, our systematic literature review work [7] revealed that no research has been conducted focusing on the aspects of security knowledge management in OSS development. Studies in the areas of software construction and verification (Secure Architecture, Code Review, and Security Testing) are followed by researchers with more interests than governance, where education and training are the major activities.…”

Section: Security Knowledge Management In the Software Developmentmentioning

confidence: 98%

See 1 more Smart Citation

Security Knowledge Management in Open Source Software Communities

Wen

Kianpour

Katt

2019

Innovative Security Solutions for Information Technology and Communications

Self Cite

View full text Add to dashboard Cite

Open source software (OSS) communities are groups of individuals, technical or non-technical, interacting with collaborating peers in online communities of practices to develop OSS, solve particular software problems and exchange ideas. People join OSS communities with a different level of programming skills and experience and might lack formal, college-level software security training. There remains a lot of confusion in participants' mind as to what is secured code and what the project wants. Another problem is that the huge amount of available software security information nowadays has resulted in a form of information overload to software engineers, who usually finish studying it with no clue about how to apply those principles properly to their own applications. This leads to a knowledge gap between knowledge available and knowledge required to build secure applications in the context of software projects. Given the increased importance and complexity of OSS in today's world, lacking proper security knowledge to handle vulnerabilities in OSS development will result in breaches that are more serious in the future. The goal of this research work is to fill the knowledge gap by providing an artifact that would facilitate the effective security-knowledge transferring and learning in the context of OSS development. In this work-in-progress paper, we present our ongoing research work following design science research methodology on the domain problem identification and the development of the artifact.

show abstract

Section: Security Knowledge Management In the Software Developmentmentioning

confidence: 98%

“…As OSS becomes an increasingly important part of our lives, researchers and security communities have spent numerous efforts on providing mechanisms of building security in OSS development [7]. However, the number of new vulnerabilities keeps increasing in today's OSS applications.…”

Section: Introductionmentioning

confidence: 99%

Security Knowledge Management in Open Source Software Communities

Wen

Kianpour

Katt

2019

Innovative Security Solutions for Information Technology and Communications

Self Cite

View full text Add to dashboard Cite

show abstract

“…Due to the rapidly growing impact of OSS on society and the economy, the security aspect has attracted researchers' attention to investigate this distinctive phenomenon. As a result, numerous security practices for secure OSS development have been provided [8]. However, OSS vulnerabilities are being found at an increasing pace, nearly doubling from 2017 [9].…”

Section: Introductionmentioning

confidence: 99%

“…From a literature review of OSS security research using a socio-technical analysis [10], Wen [8] found that only 16% of papers talked about the social sectors of OSS security (cultural, structural, legal, managerial, and operational), and he concluded that existing software security practices have limitations in supporting secure OSS development. Because OSS in the socio-technical context is broader than the technical definition [11] effectiveness and efficiency of the implementation of the tool [8,10]. This can be viewed as a necessary condition within a security management framework, as the two aspects are equally important [12].…”

Section: Introductionmentioning

confidence: 99%

An empirical study of security culture in open source software communities

Wen

Kianpour

Kowalski

2019

Proceedings of the 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining

Self Cite

View full text Add to dashboard Cite

Open source software (OSS) is a core part of virtually all software applications today. Due to the rapidly growing impact of OSS on society and the economy, the security aspect has attracted researchers' attention to investigate this distinctive phenomenon. Traditionally, research on OSS security has often focus on technical aspects of software development. We argue that these aspects are important, however, technical security practice considering different social aspects of OSS development will assure the effectiveness and efficiency of the implementation of the tool. In this empirical study, we explore the current security culture in the OSS development phenomenon using a survey instrument. By performing a security cultural analysis with six dimensions: attitude, behavior, competency, subjective norms, governance and communication, this paper provides an in-depth insight into its influence on participants' security behaviors and decision-making. Measurements of security culture and the corresponding issues that need to be addressed in OSS communities were defined and discussed.

show abstract

“…OSS security has been the focus of the security community and practitioners over recent decades. Many studies have been conducted by both researchers and practitioners on the mechanisms of building security in OSS development [8]. However, the number of new vulnerabilities keeps increasing in today's OSS systems.…”

Section: Introductionmentioning

confidence: 99%

An Empirical Study on Security Knowledge Sharing and Learning in Open Source Software Communities

Wen¹

2018

Computers

Self Cite

View full text Add to dashboard Cite

Open source software (OSS) security has been the focus of the security community and practitioners over the past decades. However, the number of new vulnerabilities keeps increasing in today’s OSS systems. With today’s increasingly important and complex OSS, lacking software security knowledge to handle security vulnerabilities in OSS development will result in more breaches that are serious in the future. Learning software security is a difficult and challenging task since the domain is quite context specific and the real project situation is necessary to apply the security concepts within the specific system. Many OSS proponents believe that the OSS community offers significant learning opportunities from its best practices. However, studies that specifically explore security knowledge sharing and learning in OSS communities are scarce. This research is intended to fill this gap by empirically investigating factors that affect knowledge sharing and learning about software security and the relationship among them. A conceptual model is proposed that helps to conceptualize the linkage between socio-technical practices and software security learning processes in OSS communities. A questionnaire and statistical analytical techniques were employed to test hypothesized relationships in the model to gain a better understanding of this research topic.

show abstract

Software security in open source development: A systematic literature review

Cited by 19 publications

References 44 publications

Security Knowledge Management in Open Source Software Communities

Security Knowledge Management in Open Source Software Communities

An empirical study of security culture in open source software communities

An Empirical Study on Security Knowledge Sharing and Learning in Open Source Software Communities

Contact Info

Product

Resources

About