Accession Number : AD1000434


Title :   Open Source Software Projects Needing Security Investments


Descriptive Note : Technical Report


Corporate Author : INSTITUTE FOR DEFENSE ANALYSES ALEXANDRIA VA ALEXANDRIA United States


Personal Author(s) : Wheeler,David A ; Khakimov,Samir


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/1000434.pdf


Report Date : 19 Jun 2015


Pagination or Media Count : 88


Abstract : Some open source software (OSS) is widely used and depended on, and yet not received the level of security analysis appropriate to its importance. This paper describes our work to help identify OSS projects that may especially need investment for security by identifying and using metrics. We performed a literature search, identified promising metrics and potentially-concerning software packages to investigate, developed a specific approach, and applied it to identify a set of OSS projects that we believe are especially concerning. We have focused on automatically gathering metrics, especially those that suggest less active projects. For our initial set of projects to examine we took the set of software packages installed by Debian base and added packages that we or others identified as potentially concerning; we could easily add more projects to consider in the future.


Descriptors :   digital data , computer languages , vulnerability , information systems , application protocols , department of homeland security , computer programming , computer programs , web browsers , software development , operating systems , software metrics , reliability , computers


Subject Categories : Computer Programming and Software
      Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE