论文信息 - On the security of open source software

On the security of open source software

Abstract With the rising popularity of so‐called ‘open source’ software there has been increasing interest in both its various benefits and disadvantages. In particular, despite its prominent use in providing many aspects of the Internet's basic infrastructure, many still question the suitability of such software for the commerce‐oriented Internet of the future. This paper evaluates the suitability of open source software with respect to one of the key attributes that tomorrow's Internet will require, namely security. It seeks to present a variety of arguments that have been made, both for and against open source security and analyses in relation to empirical evidence of system security from a previous study. The results represent preliminary quantitative evidence concerning the security issues surrounding the use and development of open source software, in particular relative to traditional proprietary software.

Christian Payne | Christian N. Payne

[1] Theodore Y. Ts'o,et al. Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[2] Charles P. Pfleeger,et al. Security in computing , 1988 .

[3] G. T. Gangemi,et al. Computer Security Basics , 2006 .

[4] Chris DiBona,et al. Open Sources: Voices from the Open Source Revolution , 1999 .

[5] John M. Boone,et al. INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[6] Ken Thompson,et al. Reflections on trusting trust , 1984, CACM.

[7] A. One,et al. Smashing The Stack For Fun And Profit , 1996 .

[8] Christian Payne. The Role of the Development Process in Operating System Security , 2000, ISW.

[9] Simson L. Garfinkel,et al. Practical UNIX and Internet Security , 1996 .

[10] Christian Payne. Security through design as a paradigm for systems development , 1999 .

[11] Tatu Ylonen,et al. SSH: secure login connections over the internet , 1996 .