论文信息 - Hyper Contextual Software Security Management for Open Source Software

Hyper Contextual Software Security Management for Open Source Software

Since the turn of the century, open source software (OSS) has been an active and dynamic research area. OSS development and maintenance are highly distributed processes that involve a multitude of supporting tools and resources. OSS communities use numerous knowledge sources while working on a certain task to help them secure the software products. These not only include security incidents statistics and best practice documents that are published in the open literatures or online communities, but also social networking tools. This often results in additional challenges, as not every OSS project member can correlate particular learned security information with their working context. This position paper outlines the security problems in OSS and describes the use of socio-technical system theory and ontology technologies to capture and model software security knowledge. Our research aims to develop and test a hyper-contextual, knowledge-based environment that stores and process security knowledge to facilitate retrieval in context, and thus allows the non-linearly correlated knowledge between contexts to be identified and transferred between and among OSS developers and users.

Shao-Fang Wen

[1] Sebastian Spaeth,et al. The open source software phenomenon: Characteristics that promote research , 2007, J. Strateg. Inf. Syst..

[2] S. Kowalski,et al. Secure e-Government Adoption: A Case Study of Tanzania , 2011 .

[3] Bart Jacobs,et al. Increased security through open source , 2007, Commun. ACM.

[4] Ruven E. Brooks,et al. Towards a Theory of the Comprehension of Computer Programs , 1983, Int. J. Man Mach. Stud..

[5] Walt Scacchi,et al. Understanding the requirements for developing open source software systems , 2002, IEE Proc. Softw..

[6] Yanyan Zhuang,et al. It's the psychology stupid: how heuristics explain software vulnerabilities and how priming can illuminate developer's blind spots , 2014, ACSAC.

[7] Ilia Bider,et al. A Framework for Synchronizing Human Behavior, Processes and Support Systems Using a Socio-technical Approach , 2014, BMMDS/EMMSAD.

[8] Alan R. Hevner,et al. Design Science in Information Systems Research , 2004, MIS Q..

[9] Helene Juhola,et al. Semantic Web Technologies in Knowledge Management , 2003, ELPUB.

[10] Stewart Kowalski,et al. Towards An Information Security Maturity Model for Secure e-Government Services: A Stakeholders View , 2011, HAISA.

[11] Stewart Kowalski,et al. A Socio-technical Framework for Threat Modeling a Software Supply Chain , 2015, IEEE Security & Privacy.