Forschung
[Forschung] [Publikationen] [Vorträge]
Publikationen
[sortiert nach Typ] [sortiert nach Jahr] [sortiert nach Thema]
pdfreaders.org

On the Effort for Security Maintenance of Open Source Components

Stanislav Dashevskyi, Achim D. Brucker und Fabio Massacci

Cover for dashevskyi.ea:foss-efforts:2018.The work presented in this paper is motivated by the need to estimate the security effort of maintaining Free and Open Source Software (FOSS) components within the software supply chain of a large international software vendor. We investigated publicly available factors (from number of active users to commits, from code size to usage of popular programming languages, etc.) to identify which ones impact three potential effort models: centralized (the company checks each component and propagates changes to the product groups), distributed (each product group is in charge of evaluating and fixing its consumed FOSS components), and hybrid (seldom used components are checked individually by each development team, the rest is centralized). We use Grounded Theory to extract the factors from a six months study at the vendor. We report the results on a sample of 166 FOSS components used by the vendor.

Schlüsselwörter: Free and Open Source software, software vulnerabilities, security maintenance
Kategorien: ,
Dokumente: (Artikel als PDF Datei)

QR Code for dashevskyi.ea:foss-efforts:2018.Bitte zitieren sie diesen Artikel wie folgt:
Stanislav Dashevskyi, Achim D. Brucker und Fabio Massacci. On the Effort for Security Maintenance of Open Source Components. In Workshop on the Economics of Information Security (WEIS). , 2018.
Schlüsselwörter: Free and Open Source software, software vulnerabilities, security maintenance
(Artikel als PDF Datei) (BibTeX) (Endnote) (RIS) (Word) (Share article on LinkedIn. Share article on CiteULike.)

BibTeX
@InProceedings{ dashevskyi.ea:foss-efforts:2018,
abstract = {The work presented in this paper is motivated by the need to estimate the security effort of maintaining Free and Open Source Software (FOSS) components within the software supply chain of a large international software vendor. We investigated publicly available factors (from number of active users to commits, from code size to usage of popular programming languages, etc.) to identify which ones impact three potential effort models: centralized (the company checks each component and propagates changes to the product groups), distributed (each product group is in charge of evaluating and fixing its consumed FOSS components), and hybrid (seldom used components are checked individually by each development team, the rest is centralized). We use Grounded Theory to extract the factors from a six months study at the vendor. We report the results on a sample of 166 FOSS components used by the vendor.},
author = {Stanislav Dashevskyi and Achim D. Brucker and Fabio Massacci},
booktitle = {Workshop on the Economics of Information Security (WEIS)},
keywords = {Free and Open Source software, software vulnerabilities, security maintenance},
location = {Innsbruck, Austria},
pdf = {https://www.brucker.ch/bibliography/download/2018/dashevskyi.ea-foss-efforts-2018.pdf},
title = {On the Effort for Security Maintenance of Open Source Components},
url = {https://www.brucker.ch/bibliography/abstract/dashevskyi.ea-foss-efforts-2018},
year = {2018},
}