Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

Trust and vulnerability in open source software

Trust and vulnerability in open source software

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Add to cart
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)
Add to cart

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IEE Proceedings - Software — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

IEE
Published

Software plays an ever increasing role in the critical infrastructures that run our cities, manage our economies, and defend our nations. In 1999, the Presidents Information Technology Advisory Committee (PITAC) reported to the United States President the need for software components that are reliable, tested, modelled and secure supporting the development of predictably reliable and secure systems that underscore our critical infrastructures. Open source software (OSS) constitutes a viable source for software components. Some believe that OSS is more reliable and more secure than closed source software (CSS)—due to a phenomenon dubbed `many eyeballs'—but is this truly the case? Or does OSS give the cyber criminal an edge that he would likewise not have? In this paper, we explore OSS from the perspective of the cyber criminal and discuss what the community of software developers and users alike can do to increase their trust in both open source software and closed source software.

Inspec keywords: public domain software; security of data

Other keywords: PITAC; users; predictably reliable systems; predictably secure systems; open source software; vulnerability; Presidents Information Technology Advisory Committee; trust; closed source software; community of software developers; critical infrastructures; software components; cyber criminal

Subjects: Computer installation management; Data security

References

    1. 1)
      • Whitlock, N.: `Does open source mean an open door?' http://www-106.ibm.com/developerworks/linux/library/l-oss.html (2001).
    2. 2)
      • Feller, J., Fitzgerald, B.: `A framework analysis of the open-source software development paradigm', Proceedings of the International Conference on Information system, ICIS'2000, 10–13 December 2000, Brisbane, Australia, p. 58–69.
    3. 3)
      • President's Information Technology Advisory Committee PITAC, and co-chairs JOY, B., and Kennedy, K. (Eds.): `Report to the President, Information Technology Research: Investing in our Future'. http://www.ccic.gov/ac/report/pitac_report.pdf (February 1999).
    4. 4)
      • Thomas, B. (Ed.): `A discussion of open-source software.' SEI Interactive. http://interactive.sei.cmu.edu/Features/2000/March/Roundtable/Roundtable.mar00.pdf (March 1990).
    5. 5)
      • CERT Coordination Center.: `Number of incidents reported'. http://www.cert.org/stats/cert_stats.html#incidents (July 2001).
    6. 6)
      • Asundi, J.: `Issues in software development: outsourcing, design and organization'. PhD Dissertation, School of Computer Science, Carnegie Mellon University, 2001.
    7. 7)
      • E. Raymond . (1999) , The cathedral & the bazaar: musings on Linux and open source by an accidental revolutionary.
    8. 8)
      • Netcraft: `Netcraft web server survey'. http://www.netcraft.com/survey (October 2001).
    9. 9)
      • Neumann, P.: `Computer-related risks' (Addison-Wesley, Reading, MA, October 1995)..
    10. 10)
      • Internet Security Systems, Inc.: `Teardrop IP fragmentation' http://xforce.iss.net/static/338.php (2001).
    11. 11)
      • DARPA: `Internet protocol, DARPA internet program protocol specification (RFC-791)'. Marina Del Ray, CA: Information Sciences Institute, University of Southern California, September 1981. ftp://ftp.isi.edu/in-notes/rfc791.txt.
    12. 12)
      • Ellison, R., Fisher, D., Linger, R., Lipson, H., Longstaff, T., and Mead, N.: `Survivable network systems: an emerging discipline' (CMU/SEI-97-TR-013, ADA341963, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, November 1997). http://www.sei.cmu.edu/publications/documents/97.reports/97tr013/97tr013abstract.html.
    13. 13)
      • CERT Coordination Center: `CERT® advisory CA-1997-28 IP denial-of-service attacks'. http://www.cert.org/advisories/CA-1997-28.html (2001).
    14. 14)
      • Nakakoji, K., Yamamoto, Y.: `Taxonomy of open-source software development', Making sense of the bazaar: Proceedings of the 1st workshop on Open-source software engineering, ICSE'2001, 12–19 May 2001, Toronto, Canada, p. 41–42.
    15. 15)
      • CERT Coordination Center: `CERT® advisory CA-1999-14 multiple vulnerabilities in BIND'. http://www.cert.org/advisories/CA-1999-14.html (2001).
    16. 16)
      • Viega, J.: `The myth of open-source security'. http://webdeveloper.earthweb.com/websecu/article/0,,12013_621851,00.html (June 2000)..
    17. 17)
      • Hissam, S.: Case study: correcting system failure in a COTS information system'. SEI Monographs on the Use of Commercial Software in Government Systems (monograph). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, October 1997. http://www.sei.cmu.edu/cbs/papers/monographs/case-study-correcting/case.study.correcting.htm.
http://iet.metastore.ingenta.com/content/journals/10.1049/ip-sen_20020208
Loading

Related content

content/journals/10.1049/ip-sen_20020208
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address