Open Source Software Projects Needing Security Investments

Abstract

Some open source software (OSS) is widely used and depended on, and yet not received the level of security analysis appropriate to its importance. This paper describes our work to help identify OSS projects that may especially need investment for security by identifying and using metrics. We performed a literature search, identified promising metrics and potentially-concerning software packages to investigate, developed a specific approach, and applied it to identify a set of OSS projects that we believe are especially concerning. We have focused on automatically gathering metrics, especially those that suggest less active projects. For our initial set of projects to examine we took the set of software packages installed by Debian base and added packages that we or others identified as potentially concerning; we could easily add more projects to consider in the future.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 19, 2015
Accession Number
AD1000434

Entities

People

  • David A. Wheeler
  • Samir Khakimov

Organizations

  • Institute for Defense Analyses

Tags

Communities of Interest

  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Application Protocols
  • Artificial Intelligence
  • Computer Languages
  • Computer Programming
  • Computer Programs
  • Computers
  • Electronic Mail
  • Information Processing
  • Information Science
  • Information Systems
  • Network Science
  • Open Source Software
  • Operating Systems
  • Software Development
  • Software Metrics
  • Supervised Machine Learning
  • Web Browsers

Fields of Study

  • Computer science
  • Engineering

Readers

  • Software Engineering.
  • Systems Analysis and Design