Accession Number : AD1000434

Title :   Open Source Software Projects Needing Security Investments

Descriptive Note : Technical Report


Personal Author(s) : Wheeler,David A ; Khakimov,Samir

Full Text :

Report Date : 19 Jun 2015

Pagination or Media Count : 88

Abstract : Some open source software (OSS) is widely used and depended on, and yet not received the level of security analysis appropriate to its importance. This paper describes our work to help identify OSS projects that may especially need investment for security by identifying and using metrics. We performed a literature search, identified promising metrics and potentially-concerning software packages to investigate, developed a specific approach, and applied it to identify a set of OSS projects that we believe are especially concerning. We have focused on automatically gathering metrics, especially those that suggest less active projects. For our initial set of projects to examine we took the set of software packages installed by Debian base and added packages that we or others identified as potentially concerning; we could easily add more projects to consider in the future.

Descriptors :   digital data , computer languages , vulnerability , information systems , application protocols , department of homeland security , computer programming , computer programs , web browsers , software development , operating systems , software metrics , reliability , computers

Subject Categories : Computer Programming and Software
      Computer Systems Management and Standards

Distribution Statement : APPROVED FOR PUBLIC RELEASE