Abstract
The increasing popularity and adoption of Free and Open Source Software (F/OSS) has fostered heated debates about the dependability of software developed in such an open, highly distributed context. Claims are made in favour of and against F/OSS as a viable alternative to proprietary software. Due to the complex nature of software security, and the large number of interacting factors involved, a wider systemic view is required to produce more defensible claims about the economics of F/OSS security. In this paper, we propose a quantitative approach based on system dynamics to validate stated claims about F/OSS security and its economic aspects. We sketch a first attempt towards a computer simulation model to test different hypotheses by using empirical data. The model applicability is demonstrated by an illustrative example; the preliminary results obtained are comparable to data reported in the literature. The example supports our belief in the validity of the system dynamics approach as a testing vehicle to explain observed phenomena and support or disprove argued hypotheses. The model is also useful for predicting future behaviour of F/OSS development projects and comparing F/OSS to other software development processes
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Arief, Bosio, Gacek and Rouncefield: Dependability Issues in Open Source Software. In DIRC Project Activity 5 Final Report, 2002.
Alhazmi 0. H., Malaiya Y. K.: “Quantitative Vulnerability Assessment of Systems Software”. In Proceedings of International Symposium on Product Quality and Integrity (RAMS 2005), January 2005, pp. 14D3.1–6.
Alhazmzi 0. H., Malaiya Y. K.: “Modeling the Vulnerability Discovery Process”. In 16th IEEE International Symposium on Software Reliability Engineering (ISSRE’OS), 2005, pp. 129–138.
Alhazmi 0. H., Malaiya Y. K. and Ray I.: “Security Vulnerabilities in Software Systems: A Quantitative Perspective”. In Proc. Ann. IFIP WG1 1.3 Working Conference on Data and Information Security, Aug. 2005.
Antoniades I. P., Stamelos I., Angelis L., Bleris G. L.: A Novel Simulation Model for the Development Process of Open Source Software Projects. In International Journal of Software Process: Improvement and Practise (SPIP), special issue on Software Process Simulation and Modelling, 2003.
Boehm B., Huang L. G., Jam A., Madachy R.: “The ROI of Software Dependability: The iDAVE Model”. In IEEE Software, vol. 21, no. 3, May/Jun. 2004, pp. 54–61.
Bosio D., Littlewood B., Strigim L. and Newby M. J.: “Advantages of Open Source Processes for Reliability: clarifying the issues”. In Proceedings of the Open Source Software Development Workshop, Newcastle upon Tyne, UK; February 25-26, 2002, ed. C. Gacek and B. Ariel. pp. 30–46. nr][BugzO6] http://www.bugzilla.org, accessed 14 March 2006.
Fink R. A.: “Reliability Modeling of Freely-Available Internet-Distributed Software”. In metrics, Fifth International Symposium on Software Metrics (METRICS’98), 1998, pp. 101.
Forrester J. W.: Principles of systems, Cambridge: Wright-Allen Press, 1968.
Lawrice Y. and Jones C.: “Goal-Diversity in the Design of Dependable Computer-Based Systems”. In Proceedings of the Open Source Software Development Workshop, Newcastle upon Tyne, UK, February 25-26, 2002, ed. Gacek and B. Arief., 2002, pp. 130–154.
Laprie J. C. (Ed.): “Dependability: Basic Concepts and Terminology”. In Dependable Computing and Fault Tolerance-in English, French, German, Italian and Japanese, Vienna, Austria. Springer-Verlag, 1992.
Levy E.: “Wide Open Source”, http://www.securityfocus.com/news/19, 2002, accessed March 15, 2006.
Littlewood B. and Strigini. L.: “Software reliability and dependability: A road-map”. In A. Finkelstein, editor, The Future of Software Engineering. ACM Press, New York, 2000.
Mockus A., Fielding R., Herbsleb J.: “Two case studies of open source software development: Apache and mozilla”. ACM Transactions on Software Engineering and Methodology 11(3), 2002, pp. 1–38.
Neumann P.: “Developing Open Source Systems: Principles for Composable Architectures” (keynote speech). In Proceedings of the Open Source Software Development Workshop, Newcastle upon Tyne, UK, February 25-26, 2002, ed. Gacek and B. Arief. pp. 68–82.
Payne C.: “On the Security of Open Source Software”. Info Systems Journal, 2002, pp. 61–68.
Raymond E. S.: “The Cathedral and the Bazaar”. http://www.catb.org/-esr/writings/cathedral-bazaar/cathedral-bazaar/, 2000, (accessed September 4, 2005).
Schultz E. E. Jr., Brown D. S. and Longstaff T. A.: “Responding to Computer Security Incidents”, Lawrence Livermore National Laboratory, ftp://ftp.cert.dfn.de/pub/docs/csir/ihg.ps.gz, July 23, 1990.
Wheeler D. A.: “Why Open Source Software / Free Software (OSSIFS)? Look at the Numbers!”, http://www.dwheeler.com/oss_fswhy.html, 2005, accessed March 15, 2006.
Xie M., Hong G. Y., and Wohlin C.: “A Practical Method for the Estimation of Software Reliability Growth in the Early Stage of Testing,” In Proceedings of 8th International Symposium on Software Reliability Engineering, Albuqueurque, NM, 1997, pp. 116–123.
Zhou Y. and Davis J.: “Open source software reliability model: an empirical approach”. In Proceedings of the Fifth Workshop on Open Source Software Engineering (St. Louis, Missouri, May 17-17, 2005). 5-WOSSE. ACM Press, New York, NY, 2005.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2006 Friedr. Vieweg & Sohn Verlag | GWV-Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
Tawileh, A., Hilton, J., McIntosh, S. (2006). Modelling the Economics of Free and Open Source Software Security. In: ISSE 2006 — Securing Electronic Busines Processes. Vieweg. https://doi.org/10.1007/978-3-8348-9195-2_35
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9195-2_35
Publisher Name: Vieweg
Print ISBN: 978-3-8348-0213-2
Online ISBN: 978-3-8348-9195-2
eBook Packages: Computer ScienceComputer Science (R0)