The work presented in this paper is motivated by the need to estimate the security effort of consuming Free and Open Source Software (FOSS) components within a proprietary software supply chain of a large European software vendor. To this extent we have identified three different cost models: centralized (the company checks each component and propagates changes to the different product groups), distributed (each product group is in charge of evaluating and fixing its consumed FOSS components), and hybrid (only the least used components are checked individually by each development team). We investigated publicly available factors (e. g., development activity such as commits, code size, or fraction of code size in different programming languages) to identify which one has the major impact on the security effort of using a FOSS component in a larger software product.
Scheda prodotto non validato
I dati visualizzati non sono stati ancora sottoposti a validazione formale da parte dello Staff di IRIS, ma sono stati ugualmente trasmessi al Sito Docente Cineca (Loginmiur).
Titolo: | On the security cost of using a free and open source component in a proprietary product |
Autori: | Dashevskyi, Stanislav; Brucker, Achim D.; Massacci, Fabio |
Autori Unitn: | |
Titolo del volume contenente il saggio: | Engineering Secure Software and Systems |
Luogo di edizione: | Svizzera |
Casa editrice: | Springer International Publishing |
Anno di pubblicazione: | 2016 |
Codice identificativo Scopus: | 2-s2.0-84962376509 |
ISBN: | 978-3-319-30805-0 |
Handle: | http://hdl.handle.net/11572/169321 |
Appare nelle tipologie: | 04.1 Saggio in atti di convegno (Paper in proceedings) |