Security in Open Source Software Joe Wilcox. What is Open Source?  Source code is published  Created via collaboration of developers  Many different.

Slides:



Advertisements
Similar presentations
ConfluentMinds Solutions Socializing Knowledge
Advertisements

DSL Versus Cable Internet Whats the big deal? Kim Shuffield ETEC 562.
360 Performance Evaluations Presented By; Karl Schaub, Chris Rice & Derek Leslie.
4/18/20151 Quality Costs. 4/18/20152 Learning Objectives After completion of this session you will: Understand the impact of measuring the cost of quality.
Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.
The “Lifecycle” of Software. Chapter 5. Alternatives to the Waterfall Model The “Waterfall” model can mislead: boundaries between phases are not always.
Engineering Secure Software. Does Security Even Matter?  At your table, introduce yourselves: Your name, degree, & app domain What is your favorite software.
Securing Open Source Software: Advantages and Challenges Mitch Stoltz Head Security Engineer Netscape Client Products Division.
Applied Software Project Management Andrew Stellman & Jennifer Greenehttp:// Applied Software Project Management Introduction.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Open Source Software …its not all for the techies. - Dan Coming.
Collaboration Team #2 Jessica Speir Joe Zeles Dave Musson Tyler Brown Motivation of remote participants Team Members:
Computer Security and Liability Roxana Hernandez-Pastrana Ryan Herring Jinghua Luo Kevin Mack Shahram Rezaei Dec. 6, 2005.
SE is not like other projects. l The project is intangible. l There is no standardized solution process. l New projects may have little or no relationship.
Applied Software Project Management 1 Introduction Dr. Mengxia Zhu Computer Science Department Southern Illinois University Carbondale.
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
Host and Application Security Lesson 22: Patch Management.
Moodle Development Why work with Moodle? What skills are required. Strategies for building up the Moodle development community in Thailand.
Viewsion By Frederick Seid.
WHAT IS TECHNOLOGY INTEGRATION ? Technology integration is the use of technology resources -- computers, digital cameras, CD- ROMs, software applications,
Customising Web Application Security Richard Wilson University of Melbourne, Australia Daniel Lowes University of Pretoria, South Africa.
Adam L. Jacobs, CISSP Principal Program Manager, Oracle 15/16 November 2005 Why is Commercial Software So Vulnerable (and How Can We Fix It)?
CSCE 548 Code Review. CSCE Farkas2 Reading This lecture: – McGraw: Chapter 4 – Recommended: Best Practices for Peer Code Review,
CMS Security Justin Klein Keane CMS Working Group March 3, 2010.
How to do research for the History IA. The Perils of the Web Anyone, in theory, can publish on the Web; therefore, it is imperative for users of the Web.
Andrew McNab - License issues - 10 Apr 2002 License issues for EU DataGrid (on behalf of Anders Wannanen) Andrew McNab, University of Manchester
Software Engineering Quality What is Quality? Quality software is software that satisfies a user’s requirements, whether that is explicit or implicit.
Module 5 A system where in its parts perform a unified job of receiving inputs, processes the information and transforms the information into a new kind.
An Ad Hoc Writable Rule Language for White-Box Security Scanners Author:Sebastian Schinzel Referent:Prof. Dr. Alexander del Pino Korreferent:Prof. Dr.
CHAPTER 1 PROTECT YOUR TURF. Netizen – A citizen of cyberspace (ie. Internet) Any person using the Internet to participate in online social communities.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
What is Open-Source Software?  Open-Source software (OSS) is computer software that is available in source code form: the source code and certain other.
Content Management Systems Jenny Owens & Nick Owens.
Open Source Software This permits users to use, change, and improve the software, and to redistribute it in modified or unmodified forms. It is very often.
Teaching students how to be effective users of Information
Proprietary vs. Free/Open Source Software
Mr C Johnston ICT Teacher
CIS 325: Data Communications1 Chapter Seventeen Network Security.
PRESENTATION BY SCOTT MCGEARY SHAREPOINT ADMINISTRATOR FOR DSHS – CHILDREN’S ADMINISTRATION T-5 - SharePoint - Streamline Productivity within your Agency.
THE FUTURE OF PUBLIC TRANSPORTATION Roosevelt Cooper Project Presentation 1 History : C++, Html, Java, C, Obj C.
What is regression testing? Regression testing is a type of testing that ensures there are no defects/issues in exiting functionality because of new change.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
OERS AT RRU: CUSTOMIZING AND SHARING MOODLE CODE Emma Irwin and Mary Burgess.
Aspect Oriented Security Tim Hollebeek, Ph.D.
Technology Startups. Introduction Tech startups have become a major part of our life and economy Most likely many will be working for or starting their.
1 Quality Costs Dr. A. Mohamed Riyazh Khan DoMS, SNS. College of Engg. Dr. Mohamed Riyazh Khan- SNS, DoMS.
1 © Nokia 2015 Code review Adam Badura Public.
Computer and Network Security Brendan Duncombe Bahein Maung.
Chapter 10 Software quality. This chapter discusses n Some important properties we want our system to have, specifically correctness and maintainability.
Full Disclosure: Is It Beneficial? Project Based Information Systems Tim Schultz 12/02/02.
Twesige Richard.  Advanced RISC Machines.  Set of instruction set architectures related to programing registers, CPU’s also I/O devices.  RISC acronym.
MAINTENANCE GAME DESIGN. OBJECTIVES Name and identify the 3 types of maintenance Understand how maintenance was done before the use of networks Understand.
M2 Encryption techniques Gladys Nzita-Mak. What is encryption? Encryption is the method of having information such as text being converted into a format.
Group E - Enrico Costanza Sam Holder, Jonathan Stephens-Jones, Joseph Buckingham, Crispin Clark, Benjamin Dixon Creative Commons, Open Source, Open Movements.
Zero Day Attacks Jason Kephart. Purpose The purpose of this presentation is to describe Zero-Day attacks, stress the danger they pose for computer security.
AGAINST VIRTUAL SCHOOLS Courtney Fahey Section 001.
OPERATING SYSTEMS (OS) By the end of this lesson you will be able to explain: 1. What an OS is 2. The relationship between the OS & application programs.
Wikis Presentation by Stephanie Guerdan, Jason Mooney, Clair Hann, Clare McKendry, and Kaitlin Healy.
Securing Open Source Software: Advantages and Challenges
The Rise and Fall of Open Source
OpenSAF Developer Days 2008 OpenSAF Release Management Session 15-07
Lesson Objectives Aims You should be able to:
1. What are the challenges that CI researchers and practitioners face when they aim to mobilize resources for the development of a CI for a specific community?
Why Is Software Testing Important For Modern Businesses?
Web Application Security
Open Source Business Models
Open Source Share, and be rewarded tenfold ….
Code vulnerabilities Vulnerabilities are mistakes, errors or weaknesses in a piece of software’s source code that can be directly used by a hacker to perform.
Presentation transcript:

Security in Open Source Software Joe Wilcox

What is Open Source?  Source code is published  Created via collaboration of developers  Many different kinds of open source projects  Over 1 million open source projects  Some of the biggest names in technology are using an open source development model

Open Source Software Myths  “If the source code is available to the public, doesn’t that make that piece of code less secure”  “If the source code is available to the public, doesn’t that make the piece of code more secure because more people are able to look at it”  “If anyone can contribute, doesn’t that mean that incompetent developers can create security flaws”

“…doesn’t that make that piece of code less secure”  Open Source Software is written in a way that it is secure, even though it is published  Security is not derived from the secrecy of the source code, but on the functionality of the source code  Studies show that open source software has, on average, no more or less vulnerabilities in it than privately created software  Each type of software has its pros and its cons

…doesn’t that make the piece of code more secure because more people are able to look at it”  More eyes on the source code helps, if they are competent eyes  Much open source software is just published and users will use it, without knowing if the software has been looked at by experts  The best open source software is open so that academics and experts can test and evaluate the software.

“If anyone can contribute, doesn’t that mean that incompetent developers can create security flaws”  Software developers want to have their names on legitimate software to maintain credibility as a developer  Often times, not just anyone can contribute, it’s more of an organized chaos  High-end open source software developers must go through a review process before being able to contribute code  Sometimes there are flaws in Open Source software, but there are just as many flaws in private software

Overall, the major difference between security in Open Source and private software  Software inherently has bugs when it is created. When one vulnerability is patched, another one opens, it’s an endless dance  When a bug is reported, Open Source software is often fixed right away, and the patch will be out within hours or days.  Privately created software often has just as many problems as open source, but the patches for those problems can be slow and expensive, or not done at all  The profit line is always kept in mind

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.