Open Source Software Projects Needing Security Investments
INSTITUTE FOR DEFENSE ANALYSES ALEXANDRIA VA ALEXANDRIA United States
Pagination or Media Count:
Some open source software OSS is widely used and depended on, and yet not received the level of security analysis appropriate to its importance. This paper describes our work to help identify OSS projects that may especially need investment for security by identifying and using metrics. We performed a literature search, identified promising metrics and potentially-concerning software packages to investigate, developed a specific approach, and applied it to identify a set of OSS projects that we believe are especially concerning. We have focused on automatically gathering metrics, especially those that suggest less active projects. For our initial set of projects to examine we took the set of software packages installed by Debian base and added packages that we or others identified as potentially concerning we could easily add more projects to consider in the future.
- Computer Programming and Software
- Computer Systems Management and Standards