Security assessment of four open source software systems

<p class="Abstract">Incorporating Open Source Software (OSS) tools in software development is increasing day by day due to their accessibility on the internet. With the advantages of OSS comes disadvantages in terms of security vulnerabilities. Therefore, in this paper, we analyzed four famous open source software tools (i.e. Moodle, Joomla, Flask and VLC media player) which are used by software developers nowadays. For the analysis of each system, security vulnerabilities and weakness were identified, threat models were modeled,and code inspection was performed. The findings are discussed in more details.</p>

Download Full-text

USABILITY IN OPEN SOURCE SOFTWARE DEVELOPMENT: OPINIONS AND PRACTICE

Information Technology And Control ◽

10.5755/j01.itc.35.3.11776 ◽

2006 ◽

Vol 35 (3) ◽

Cited By ~ 4

Author(s):

Morten Sieker Andreasen ◽

Henrik Villemann Nielsen ◽

Simon Ormholt Schrøder ◽

Jan Stage

Keyword(s):

Empirical Study ◽

Software Development ◽

Open Source ◽

Open Source Software ◽

Common Sense ◽

Questionnaire Survey ◽

Usability Evaluation ◽

Software Developers ◽

Commercial Software ◽

Proprietary Software

Open Source Software (OSS) development has gained significant importance in the production of soft-ware products. Open Source Software developers have produced systems with a functionality that is competitive with similar proprietary software developed by commercial software organizations. Yet OSS is usually designed for and by power-users, and OSS products have been criticized for having little or no emphasis on usability. We have conducted an empirical study of the developers’ opinions about usability and the way usability engineering is practiced in a variety of OSS projects. The study included a questionnaire survey and a series of interviews, where we interviewed OSS contributors with both technical and usability backgrounds. Overall we found that OSS developers are interested in usability, but in practice it is not top priority, and OSS projects rarely employs systematic usability evaluation. Most of the efforts are based on common sense. Most developers have a very limited understanding of usability, and there is a lack of resources and evaluation methods fitting into the OSS paradigm.

Download Full-text

Open Source Software Development Model

Encyclopedia of Information Science and Technology, First Edition ◽

10.4018/978-1-59140-553-5.ch391 ◽

2005 ◽

pp. 2221-2224 ◽

Cited By ~ 1

Author(s):

Luyin Zhao ◽

Fadi P. Deek

Keyword(s):

Software Development ◽

Open Source ◽

Open Source Software ◽

Free Software ◽

Development Model ◽

Software Systems ◽

Software System ◽

Software Development Model ◽

Hacker Culture ◽

Free Software Foundation

The open source movement can be traced back to the hacker culture in the ’60s and ’70s. In the early 1980s, the tenet of free software for sharing was explicitly raised by Richard Stallman, who was working on developing software systems and invited others to share, contribute, and give back to the community of cooperative hackers. Stallman, together with other volunteers, established the Free Software Foundation to host GNU (Gnu’s Not Unix, a set of UNIX-compatible software system). Eric Raymond, Stallman’s collaborator, is the primary founder of the Open Source Initiative. Both communities are considered the principal drivers of open source movement.

Download Full-text

The realities of Free/Libre/Open Source Software developers in Japan and Asia

First Monday ◽

10.5210/fm.v9i11.1190 ◽

2004 ◽

Cited By ~ 2

Author(s):

Hiroyuki Shimizu ◽

Jun Iio ◽

Kazuo Hiyane

Keyword(s):

Open Source ◽

Open Source Software ◽

Web Site ◽

Regional Differences ◽

The Internet ◽

The West ◽

Software Developers ◽

The World ◽

Asian Languages

A variety of individuals around the world are furthering development of Free/Libre/Open Source Software (FLOSS) through the Internet. Why do they participate in developers’ communities and continue to develop FLOSS? Is their treatment enough to sustain their activities? Surveys, using online questionnaires, were conducted to answer these questions to analyze the FLOSS movement sociologically. However these surveys tend to focus on developers in the West. We decided to see if there are regional differences in FLOSS development. To that end, we conducted two surveys, the FLOSS–JP survey in Japanese and the FLOSS–ASIA survey in other Asian languages. In this paper, we describe regional differences, especially among Asian and Japanese FLOSS developers and compare the results to those from Western FLOSS surveys. Detailed reports of FLOSS–JP/ASIA are available at our Web site (MRI, 2004)

Download Full-text

Evaluation indicators for open-source software: a review

Cybersecurity ◽

10.1186/s42400-021-00084-8 ◽

2021 ◽

Vol 4 (1) ◽

Author(s):

Yuhang Zhao ◽

Ruigang Liang ◽

Xiang Chen ◽

Jing Zou

Keyword(s):

Supply Chain ◽

Comparative Analysis ◽

Open Source ◽

Open Source Software ◽

Source Code ◽

Comprehensive Understanding ◽

Security Risks ◽

Software Developers ◽

Security Vulnerabilities ◽

The Past

AbstractIn recent years, the widespread applications of open-source software (OSS) have brought great convenience for software developers. However, it is always facing unavoidable security risks, such as open-source code defects and security vulnerabilities. To find out the OSS risks in time, we carry out an empirical study to identify the indicators for evaluating the OSS. To achieve a comprehensive understanding of the OSS assessment, we collect 56 papers from prestigious academic venues (such as IEEE Xplore, ACM Digital Library, DBLP, and Google Scholar) in the past 21 years. During the process of the investigation, we first identify the main concerns for selecting OSS and distill five types of commonly used indicators to assess OSS. We then conduct a comparative analysis to discuss how these indicators are used in each surveyed study and their differences. Moreover, we further undertake a correlation analysis between these indicators and uncover 13 confirmed conclusions and four cases with controversy occurring in these studies. Finally, we discuss several possible applications of these conclusions, which are insightful for the research on OSS and software supply chain.

Download Full-text

Evaluation of FLOSS by Analyzing Its Software Evolution

Journal of Information Technology Research ◽

10.4018/jitr.2015010105 ◽

2015 ◽

Vol 8 (1) ◽

pp. 62-81

Author(s):

Héctor J. Macho ◽

Gregorio Robles ◽

Jesus M. González-Barahona

Keyword(s):

Open Source ◽

Open Source Software ◽

Management System ◽

Software Evolution ◽

Development Model ◽

Educational Institutions ◽

Software Systems ◽

The Internet ◽

Evaluation Models ◽

The One

In today's world, management often rely on FLOSS (Free/Libre/Open Source Software) systems to run their organizations. However, the nature of FLOSS is different from the software they have been using in the last decades. Its development model is distributed, and its authors are diverse as many volunteers and companies may collaborate in the project. In this paper, the authors want to shed some light on how to evaluate a FLOSS system by looking at the Moodle platform, which is currently the most used learning management system among educational institutions worldwide. In contrast with other evaluation models that have been proposed so far, the one presented here is based on retrieving historical information that can be obtained publicly from the Internet, allowing the authors to study its evolution. As a result, they will show how using their methodology management can take informed decisions that lower the risk that organizations face when investing in a FLOSS system.

Download Full-text

Software Source Code Plagiarism and Direction Detection Based on PDG

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.373-375.1172 ◽

2013 ◽

Vol 373-375 ◽

pp. 1172-1177

Author(s):

Bo Shu ◽

Xiao Jun Du

Keyword(s):

Software Development ◽

Open Source ◽

Open Source Software ◽

Process Design ◽

Source Code ◽

Detection Algorithm ◽

Plagiarism Detection ◽

Software Developers ◽

Development Cycle ◽

Direction Detection

Because of the complexity of the software development, some software developers may plagiarize source code that comes from other projects or open source software in order to shorten development cycle. Usually the copyist would modify and disguise the source code copied to escape plagiarism detection. So far, most algorithms cant completely detect the source disguised by the copyist, especially cant exactly distinguish between the source code and the plagiaristic code. In this paper, we summarize and analyze the effect of disguised source to the detection process, design the strategy to remove the effect of disguised source, and propose a PDG-based software source code plagiarism detection algorithm. The algorithm can detect the existence of disguised source, so as to find out source code plagiarism. And we propose a heuristic rule to make the detection algorithm have the ability to give the plagiarism direction. Any existing algorithm does not have this function. We prove the availability of the algorithm by experiment.

Download Full-text