On the security cost of using a free and open source component in a proprietary product

The work presented in this paper is motivated by the need to estimate the security effort of consuming Free and Open Source Software (FOSS) components within a proprietary software supply chain of a large European software vendor. To this extent we have identified three different cost models: centralized (the company checks each component and propagates changes to the different product groups), distributed (each product group is in charge of evaluating and fixing its consumed FOSS components), and hybrid (only the least used components are checked individually by each development team). We investigated publicly available factors (e. g., development activity such as commits, code size, or fraction of code size in different programming languages) to identify which one has the major impact on the security effort of using a FOSS component in a larger software product.

Titolo: On the security cost of using a free and open source component in a proprietary product
Autori: Dashevskyi, Stanislav; Brucker, Achim D.; Massacci, Fabio
Autori Unitn: 
Dashevskyi, Stanislav
Massacci, Fabio
mostra contributor esterni 
Titolo del volume contenente il saggio: Engineering Secure Software and Systems
Luogo di edizione: Svizzera
Casa editrice: Springer International Publishing
Anno di pubblicazione: 2016
Codice identificativo Scopus: 2-s2.0-84962376509
ISBN: 978-3-319-30805-0
Handle: http://hdl.handle.net/11572/169321
Appare nelle tipologie:04.1 Saggio in atti di convegno (Paper in proceedings)

File in questo prodotto:
Non ci sono file associati a questo prodotto.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
 
 
 
Powered by IRIS-about IRIS-Utilizzo dei cookie
Logo CINECA  Copyright © 2021