Skip to main content
SpringerLink
Log in

Modelling the Economics of Free and Open Source Software Security

  • Chapter
ISSE 2006 — Securing Electronic Busines Processes

Abstract

The increasing popularity and adoption of Free and Open Source Software (F/OSS) has fostered heated debates about the dependability of software developed in such an open, highly distributed context. Claims are made in favour of and against F/OSS as a viable alternative to proprietary software. Due to the complex nature of software security, and the large number of interacting factors involved, a wider systemic view is required to produce more defensible claims about the economics of F/OSS security. In this paper, we propose a quantitative approach based on system dynamics to validate stated claims about F/OSS security and its economic aspects. We sketch a first attempt towards a computer simulation model to test different hypotheses by using empirical data. The model applicability is demonstrated by an illustrative example; the preliminary results obtained are comparable to data reported in the literature. The example supports our belief in the validity of the system dynamics approach as a testing vehicle to explain observed phenomena and support or disprove argued hypotheses. The model is also useful for predicting future behaviour of F/OSS development projects and comparing F/OSS to other software development processes

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Arief, Bosio, Gacek and Rouncefield: Dependability Issues in Open Source Software. In DIRC Project Activity 5 Final Report, 2002.

    Google Scholar 

  2. Alhazmi 0. H., Malaiya Y. K.: “Quantitative Vulnerability Assessment of Systems Software”. In Proceedings of International Symposium on Product Quality and Integrity (RAMS 2005), January 2005, pp. 14D3.1–6.

    Google Scholar 

  3. Alhazmzi 0. H., Malaiya Y. K.: “Modeling the Vulnerability Discovery Process”. In 16th IEEE International Symposium on Software Reliability Engineering (ISSRE’OS), 2005, pp. 129–138.

    Google Scholar 

  4. Alhazmi 0. H., Malaiya Y. K. and Ray I.: “Security Vulnerabilities in Software Systems: A Quantitative Perspective”. In Proc. Ann. IFIP WG1 1.3 Working Conference on Data and Information Security, Aug. 2005.

    Google Scholar 

  5. Antoniades I. P., Stamelos I., Angelis L., Bleris G. L.: A Novel Simulation Model for the Development Process of Open Source Software Projects. In International Journal of Software Process: Improvement and Practise (SPIP), special issue on Software Process Simulation and Modelling, 2003.

    Google Scholar 

  6. Boehm B., Huang L. G., Jam A., Madachy R.: “The ROI of Software Dependability: The iDAVE Model”. In IEEE Software, vol. 21, no. 3, May/Jun. 2004, pp. 54–61.

    Article  Google Scholar 

  7. Bosio D., Littlewood B., Strigim L. and Newby M. J.: “Advantages of Open Source Processes for Reliability: clarifying the issues”. In Proceedings of the Open Source Software Development Workshop, Newcastle upon Tyne, UK; February 25-26, 2002, ed. C. Gacek and B. Ariel. pp. 30–46. nr][BugzO6] http://www.bugzilla.org, accessed 14 March 2006.

  8. Fink R. A.: “Reliability Modeling of Freely-Available Internet-Distributed Software”. In metrics, Fifth International Symposium on Software Metrics (METRICS’98), 1998, pp. 101.

    Google Scholar 

  9. Forrester J. W.: Principles of systems, Cambridge: Wright-Allen Press, 1968.

    Google Scholar 

  10. Lawrice Y. and Jones C.: “Goal-Diversity in the Design of Dependable Computer-Based Systems”. In Proceedings of the Open Source Software Development Workshop, Newcastle upon Tyne, UK, February 25-26, 2002, ed. Gacek and B. Arief., 2002, pp. 130–154.

    Google Scholar 

  11. Laprie J. C. (Ed.): “Dependability: Basic Concepts and Terminology”. In Dependable Computing and Fault Tolerance-in English, French, German, Italian and Japanese, Vienna, Austria. Springer-Verlag, 1992.

    Google Scholar 

  12. Levy E.: “Wide Open Source”, http://www.securityfocus.com/news/19, 2002, accessed March 15, 2006.

  13. Littlewood B. and Strigini. L.: “Software reliability and dependability: A road-map”. In A. Finkelstein, editor, The Future of Software Engineering. ACM Press, New York, 2000.

    Google Scholar 

  14. Mockus A., Fielding R., Herbsleb J.: “Two case studies of open source software development: Apache and mozilla”. ACM Transactions on Software Engineering and Methodology 11(3), 2002, pp. 1–38.

    Article  Google Scholar 

  15. Neumann P.: “Developing Open Source Systems: Principles for Composable Architectures” (keynote speech). In Proceedings of the Open Source Software Development Workshop, Newcastle upon Tyne, UK, February 25-26, 2002, ed. Gacek and B. Arief. pp. 68–82.

    Google Scholar 

  16. Payne C.: “On the Security of Open Source Software”. Info Systems Journal, 2002, pp. 61–68.

    Google Scholar 

  17. Raymond E. S.: “The Cathedral and the Bazaar”. http://www.catb.org/-esr/writings/cathedral-bazaar/cathedral-bazaar/, 2000, (accessed September 4, 2005).

  18. Schultz E. E. Jr., Brown D. S. and Longstaff T. A.: “Responding to Computer Security Incidents”, Lawrence Livermore National Laboratory, ftp://ftp.cert.dfn.de/pub/docs/csir/ihg.ps.gz, July 23, 1990.

  19. Wheeler D. A.: “Why Open Source Software / Free Software (OSSIFS)? Look at the Numbers!”, http://www.dwheeler.com/oss_fswhy.html, 2005, accessed March 15, 2006.

  20. Xie M., Hong G. Y., and Wohlin C.: “A Practical Method for the Estimation of Software Reliability Growth in the Early Stage of Testing,” In Proceedings of 8th International Symposium on Software Reliability Engineering, Albuqueurque, NM, 1997, pp. 116–123.

    Google Scholar 

  21. Zhou Y. and Davis J.: “Open source software reliability model: an empirical approach”. In Proceedings of the Fifth Workshop on Open Source Software Engineering (St. Louis, Missouri, May 17-17, 2005). 5-WOSSE. ACM Press, New York, NY, 2005.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Cardiff University, 5 The Parade, Cardiff, CF24 3AA, UK

    Anas Tawileh, Jeremy Hilton & Steve McIntosh

Authors
  1. Anas Tawileh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jeremy Hilton
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Steve McIntosh
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Friedr. Vieweg & Sohn Verlag | GWV-Fachverlage GmbH, Wiesbaden

About this chapter

Cite this chapter

Tawileh, A., Hilton, J., McIntosh, S. (2006). Modelling the Economics of Free and Open Source Software Security. In: ISSE 2006 — Securing Electronic Busines Processes. Vieweg. https://doi.org/10.1007/978-3-8348-9195-2_35

Download citation

  • DOI: https://doi.org/10.1007/978-3-8348-9195-2_35

  • Publisher Name: Vieweg

  • Print ISBN: 978-3-8348-0213-2

  • Online ISBN: 978-3-8348-9195-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation