30Nov 2017

ON THE SECURITY OF OPEN SOURCE SOFTWARE.

  • Department of Computer Science and Engineering, ManavRachna International University, Faridabad, India.
  • Department of Computer Science, Accendere Knowledge Management System Pvt. Ltd., New Delhi, India.
Crossref Cited-by Linking logo

  • Abstract
  • Keywords
  • References
  • Cite This Article as
  • Corresponding Author

Nowadays, the usage of Open source software (OSS) is becoming more popular along with its flaws and benefits. By using OSS constantly, it provides several aspects of the internet?s infrastructure. There are several commerce-based research questions which may improve the quality of the OSS related to the future of the internet. This software matches with the advantages of OSS in comparison with the key attributes in tomorrow?s network that will need mainly in terms of security. OSS presents few arguments which are beneficial for the open source security. This represents qualitative evidence by which the security issues are getting concerned. It surrounds the development and requirement of OSS. The OSS is particularly related to the software that is proprietary. It allows several rights to the user for further redistribution and modification of the source code. In this paper, we have highlighted various benefits of the usage of open source software. We have also mentioned some security concerning issues that allows an easy prey for an attacker to modify and perform some malicious activities by using the software and the risks associated with it.

  1. Alhazmi, O., Malaiya, Y. & Ray, I. (2005) Security Vulnerabilities, in Software Systems: A Qunatitative Perspective in Data and Applications Security 2005, LCNS 3654, 281-294.
  2. Auguste Kerckhoffs. (1883) La cryptographiemilitarie.Journal des sciences militaries, IX, 1983. pp. 5-8, Jan 1883, pp. 161-191, Feb. 1883.Diyachenko, T. (2015). STATISTICAL ANALYSIS OF THE UNIFORMITY OF CRYPTOGRAMS IN THE DYNAMIC CRYPTOSYSTEMS.
  3. Anderson, R. (2001) Why Information Security is Hard ? An Economic Perspective, in Proceedings of the Seventeenth Computer Security Applications Conference, New Orleans, December 10-14, 358-365.
  4. Banker, R.D., Chang, H., Kemerer, C.F., 1994. Evidence of economies of scale in software development. Information and Software Technology 36 (5), 275-282.
  5. Boehm, B. (1988) A spiral model for software development and enhancement. IEEE Computer, 21 (5), 61-72.
  6. Bollinger, T. ?Linuxand Open-Source Success: Interview with Eric. S. Raymond,? IEEE Computer, 1999, pp. 85-89.
  7. CERT Advisor CA-2001-01 Interbase Server Contains Compiled in Black Door Account (2001),URL: http://www.cert.org/advisories/CA-2001-01.html. (Accessed on 22/08/2016).
  8. Clarke, I., 1999. A distributed decentralized information storage and retrieval system, Unpublished Masters Thesis. University of Edinburgh, Edinburgh.
  9. Callhoun, C., 1986. The radicalism of tradition: community strength or venerable disguise and borrowed language? American Journal of Sociology 88 (6), 886-924.
  10. Clarke, I., Sandberg, O., Wiley, B., Hong, T.W., 2000.Freenet: a distributed anonymous information storage and retrieval system. In: Proceedings of the Paper Presented at the Designing Privacy Enhancing Technologies in International Workshop on Design Issues in Anonymity and Unobservability. Berkley, CA.
  11. Chowdhry,P.(1999)Opensourcemeetsthe?Baywatch,URL:http://www.zdnet.com/eweek/stories/general/0,11011,2352305,00.html. (Accessed on 28/08/2016)
  12. Csikszentmihalyi, M. (1996). Creativity: Flow and the Psychology of Discovery and Invention. New York, HarperCollins.,Csikszentmihalyi (2007). Creativity support tools: Accelerating discovery and innovation5.?Communications of the ACM,?50(12), 20-32.
  13. DiBona, C., Ockman, S. & Stone, M. (eds) (1999) Open Sources: Voices from the Open Source Revolution. O?Reilly & Associates, Sebastapol, California.
  14. Friedrichs, O. (2000) Secure Programming,URL: http://www.securityfocus.com/forums/secprog/secure-programming.html. (Accessed on 02/09/2016).
  15. Fenton, N. &Pfleeger, S.L. (1997)? Software Metrics: a Rigorous and Practical Approach. 2nd International Thomson Computer Press, London.
  16. Fenton, N. & Neil, M. (1999) A critique of software defect prediction models. IEEE Transactions on Software Engineering, 25 (5), 675-689.
  17. Fenton, N., lizuka, Y. &Whitty, R. (eds). (1995) Software Quality Assurance and Measurement: A Worldwide Perspective. International Thomson Computer Press, London.
  18. Feller, J.F., B. ?A Framework Analysis of the Open Source Software Development Paradigm, ? Proceedings of the ICIS 2000, Brisbane, Australia, 2000, pp. 58-69.
  19. Fielding, R. (1998). ?Shared Leadership in the Apache Project.? Communications of the ACM 42(4): 42-43.
  20. Fichman, R.G., Kemerer, D.F., 1997. The assimilation of software process innovations: an organizational learning perspective. Management Science 43 (10), 1345-1363.
  21. Godfrey, M. &Tu, Q. (2000) Evolution in open source software: a case study. Proceedings IEEE International Conference on Software Maintenance.
  22. Garfinkel, S. (1999) Open source: how to secure?,URL: http://www.wideopen.com/story/101.html. (Accessed on 10/09/2016)
  23. Garfinkel, S. &Spafford, E. (1996) Practical Unix and Internet Security, 2nd ? O?Reilly & Associates, Sebastapol, California.
  24. Gross,G.(2000) Panel:open source security needs to be a priority,URL:http://www.newsforge.com/ article.pl?sid=00/10/17/1830254. (Accessed on 10/09/2016).
  25. Grant, R.M., 1996. Towards a knowledge-based theory of the firm. Strategic Management Journal 17, 109-123.
  26. Glaser, B., Strauss, A., 1967. The discovery of grounded theory: strategies for qualitative research. Aldine de Gruyter, New York, NY. Glaser, B. (2017).?Discovery of grounded theory: Strategies for qualitative research. Routledge.
  27. Glass, R.L., Vessey, I., Conger, S.A. 1992. Software tasks: intellectual or clerical. Information and Management 23 (4), 183-192.
  28. Hatton, L. (1997) Re-examining the fault density-component size connection. IEEE Software, 14 (2), 89-98.
  29. Harrison, W. (2001) Editorial: Open Source and Empirical Software Engineering. Empirical Software Engineering, 6, 193-194.
  30. Hatton, L. (1997) Re-examining the fault density-component size connection. IEEE Software, 14 (2), 89-98.
  31. Hars, A., Ou, S. ?Working for free? Motivations of participating in Open Source Projects,?b Proceedings of the Hawaii International Conference on Systems Sciences, 2001.
  32. International Standards Organization (1991) Information Technology-Software Production Evaluation: Quality Characteristics and Guidelines for their Use. ISO/IEC IS 9126, Geneva.
  33. Jorgenson, D.L., 1989. Participant Observation: A Methodology for Human Studies. Sage, Newbury Park, CA.
  34. Kemerer, C.F., Slaughter, S., 1999. An empirical approach to studying software evolution. IEEE Transactions on Software Engineering 25 (4), 493-509.
  35. Kollock, P. (1999). The Economies of Online Cooperation: Gifts and Public Goods in Cyberspace. Chapter 7, Communities in Cyberspace, M. A. P Smith and. Kollock eds. London, Routledge.
  36. Kohanski, D., 1998. Moths in the machine. St. Martin?s Press, New York.
  37. Kohanski, D., 2000. Moths in the machine.The Power and Perils of Programming, 2nd St. Martin?s Press, New York.
  38. Lettice, J. (2001) German armed forces ban MS software, citing NSA snooping, URL: http://www.theregister.co.uk/content/4/17679.html. (Accessed on 17/09/2016)
  39. Levy, E. (1996) Smashing the stack for fun and profit.
  40. Levy, E. (2000 a) Wide open source, URL: http://www.securityfocus.com/commentry/19. (Accessed on 20/09/2016)
  41. Lerner, J., Tirole, J., 2002. The Simple Economics of Open Source, NBER Working Paper Series, WP 7600 .Harvard University, Cambridge, MA.
  42. Levy, S., 1984. Hackers. Anchors/Doubleday, New York.
  43. Moody, , 2001.? Rebel Code. Perseus Publishing, Cambridge,? MA.
  44. McAllister, N. (2001) The spy who hacked me: will open source be the hero of International Security.URL:http://www.sfgate.com/cgibin/article.cgi?file=/technology/archive/2001/03/15/china.dtl. (Accessed on 29/09/2016)
  45. Moody, G. (1997) The greatest OS that never was, URL: http://www.wired.com/wired/5.08/linux_pr.html. (Accessed on 01/10/2016)
  46. McCabe, T.(1976) A complexity measure. IEEE Transactions on Software Engineering, 2 (4), 308-320.
  47. McConnell, S. (1999) Open source methodology: ready for prime time? IEEE Software, 16 (4), 6-8.
  48. Meyer, M.H., Seliger, R., (1998). Product platforms in software development. Sloan Management Review 40 (1), 61-74.
  49. Meyers, J.D., (1997). Qualitative research in information-systems. MIS Quarterly 21 (2), 241-242.Myers, M. D., &Avison, D. (Eds.). (2002).?Qualitative research in information systems: a reader. Sage.
  50. Mockus, A., Fielding (2002) A case study of open source software development: the Apache Server. Proceedings of the International Conference on Software Engineering.
  51. Netcraft Web Server Survey (2001),URL: http://www.netcraft.com/survey/. (Accessed on 10/10/2016)
  52. Neumann, B. C. &Ts?o, T. (1994) Kerberos: An authentication service for computer networks. IEEE Communications.
  53. Norin, L. &Stockel, F. (1998) Open-source software development methodology, URL: http://www.ludd.luth.se/users/no/mssc_abstract.html. (Accessed on 16/10/2016)
  54. NSA Security-Enhanced Linux (2000),URL : http://www.nsa.gov/selinux/. (Accessed on 25/10/2016)
  55. O?Reilly, T. (1999) Lessons from open source software development. Communications of the ACM, 42 (4), 33-37.
  56. Open Source Initiative (OSI) (2006) The Open Source Definition. URL: http://www.opensource.org/docs/osd. (Accessed on 02/01/2017).
  57. Oram, A., 2000. Gnutella and Freenet Represent True Technological Innovation, URL: http://www.openp2p.com/pub/a/20805/12/2000. (Accessed on 22/02/2017)
  58. Ozment, A. (2005) The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting, in Proceedings of the Fourth Workshop on the Economics of Information Security, Harvard University, June 2-3, Cambridge, Massachusetts, 1-21.
  59. Payne, C. (2002) On the security of open source software, in Information Systems Journal, 12,1,61-78.
  60. Pighin, M. &Zamolo, R. (1997) A predictive metric based on discriminant statistical analysis. Proceedings ACM ICSE ?97, 262-269.
  61. Payne, C. (1999) Security through design as a paradigm for systems development. Murdoch University, Perth, Western Australia.
  62. Payne, C. (2000) The role of development process in operating system security. In: Information Security: Third International Workshop, ISW 2000, Vol. 1975 of Lecture Notes in Computer Science. Pieprzyk, J., Okamoto, E. &Seberry, J. (eds), pp. 277-291 Springer, Germany.
  63. Pfleeger, C. (1997) Security in Computing. Prentice-Hall, Upper Saddle River, New Jersey.
  64. Pliskin, , Balaila,? I., Kenigstein,? I.,? 1991. The knowledge contribution of engineers to software development: a case study. IEEE Transactions on Engineering Management 38 (4), 344-348.
  65. Raymond, E. (2000) The Cathedral and the Bazaar, URL: http://www.tuxedo.org/esr/writings/cathedral-bazaar/. (Accessed on 04/11/2016)
  66. Raymond, E., 1999. The Cathedral and the Bazaar: Musings on Linux and Open Source by an Accidental Revolutionary. O?Reilly, Sebastopol, CA.
  67. Russell, D. &Gangemi Sr., G. (1992) Computer Security Basics. O?Reilly & Associates, USA.
  68. Raymond, E.S. (2001) The Cathedral and the Bazaar: Musings on Linux and Open Source by an Accidental Revolutionary, O?Reilly, Beijing, China.
  69. Rescorla, E. (2004) Is finding security holes a good idea? , in Proceedings of the Third Annual Workshop on Economics and Information Security, University of Minnesota, May 13-14.
  70. Schwarz, M. and Takhteyev, Y. (2008) Half a Century of Public Software Institutions: Open Source as a Solution to Hold Up Problem.Schwarz, M., &Takhteyev, Y. (2010). Half a Century of Public Software Institutions: Open Source as a Solution to Hold‐Up Problem.?Journal of Public Economic Theory,?12(4), 609-639.
  71. Schneier, B. (2000a) Closing the window of exposure: reflections on the future of security,URL: http://www.securityfocus.com/templates/-html?forum=2&head=3384&id=3384. (Accessed on 09/11/2016)
  72. Scacchi, W. ?Understanding the requirements for Developing Open Source Software Systems,? IEE Proceedings - Software (In press), 2002.
  73. Schneier, B. (2000b) Full disclosure and the window of exposure. Crypto-Gram,URL: http://www.counterpare.com/crypto-gram-0009.html#1. (Accessed on 22/11/2016)
  74. Simpson, S. (1999)? PGP? DHvs? RSA? FAQ, URL: http://www.scramdisk.clara.net/pgpfaq.html. (Accessed on 29/11/2016).
  75. Simon, H., 1991. Bounded rationally and organizational learning. Organization Science 2 (1), 125-134.
  76. Strauss, A., Corbin, J., 1990. Basics of Qualitative Research.Sage, Thousand Oaks, CA. Corbin, J., Strauss, A., & Strauss, A. L. (2014).?Basics of qualitative research.Sage.
  77. Stake, R.E., 1995. Case studies. In: Denzin, N.K., Lincoln, Y.S. (Eds.), Handbook of Qualitative Research. Sage, Thousand Oaks, CA, pp. 236-247.Denzin, N. K., & Lincoln, Y. S. (Eds.).(2011).?The Sage handbook of qualitative research.Sage.
  78. Strauss, A., Corbin, J., 1990. Basics of Qualitative Research.Sage, Thousand Oaks, CA. Corbin, J., Strauss, A., & Strauss, A. L. (2014).?Basics of qualitative research.Sage.
  79. SSH1Session Key Retrieval Vulnerability (2001) ,URL: http://www.securityfocus.com/vdb/bottom.html?vid=2344. (Accessed on 04/12/2016)
  80. Thompson, K. (1984) Reflections on trusting trust. Communications of ACM, 27.
  81. Telelogic (2000) Logiscope User?s Manual, V3.1. Telelogic, Paris.
  82. Taylor, M., Singleton, S., 1993. The communal resource: transaction cost and the solution to collective action problems. Politics and Society 21 (2), 195-214.
  83. S. Department of Defence (DOD) (1985) Trusted computer system evaluation criteria. DOD 5200.28-STD.
  84. Viega, J. (2000) The myth of open source security,URL: http://developer.earthweb.com/ journal/techfocus/052600_security.html(Accessed on 12/12/2016)
  85. Von Hippel, E. (1998) Sources of Innovation, New York, Oxford University Press
  86. Von Hippel, ,? von? Krogh,?? G.,? 2003. The private-collective innovation in open source software development.Organization Science, in press.
  87. Wilson, G. (1999) Is the open source community setting a bad example? IEEE Software, 16 (1), 23-25.
  88. Wayner, P., 2000. Free For All: How Linux and the Free Software Movement Undercuts the High-Tech Titans. HarperBusiness, New York.
  89. Wolf, B., Karim, R.L., Bates, J. ?Hacker Survey,? Boston Consulting Group, 2002.
  90. Watts, D. Small Worlds, Princeton University Press, Princeton, 1999.
  91. Ylonen, T. (1996) SSH ? secure login connections over the Internet. Proceedings of the 6th USENIX UNIX Security Syposium.
  92. Yin, R.K., 1994. Case Study Research: Design and Methods, second ed. Sage, Thousand Oaks, CA.

[Prattay Sanyal, Shubham Sharma, Deepa Bura and Prasenjit Banerjee. (2017); ON THE SECURITY OF OPEN SOURCE SOFTWARE. Int. J. of Adv. Res. 5 (Nov). 1338-1348] (ISSN 2320-5407). www.journalijar.com

Prattay Sanyal
Department of Computer Science and Engineering, ManavRachna International University, Faridabad, India

DOI:

Article DOI: 10.21474/IJAR01/5904      
DOI URL: https://dx.doi.org/10.21474/IJAR01/5904

Download Full Paper

Download PDF No. of Downloads: 35 | No. of Views: 180