An Empirical Study of Security Issues Posted in Open Source Projects
نویسندگان
چکیده
When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security issues and their key themes and topics. We applied a mixedmethods approach, combining topic modeling techniques and qualitative analysis. Our findings have revealed that a) the rate of security-related issues was rather small (approx. 3% of all issues), b) the majority of the security issues were related to identity management and cryptography topics. We present 7 high-level themes of problems that developers face in implementing security features.
منابع مشابه
The Application of DEA to Measure the Efficiency of Open Source Security Tool Production
There are a wide variety of open source security tools available for deployment within the enterprise. Despite the success of many security-based open source software (OSS) projects, large numbers of these projects become inactive and are eventually abandoned. The purpose of this research is to develop an empirical study to determine the relative efficiency of security-based OSS projects. A sec...
متن کاملUnderstanding knowledge sharing activities in free/open source software projects: An empirical study
Free/Open Source Software (F/OSS) projects are people-oriented and knowledge intensive software development environments. Many researchers focused on mailing lists to study coding activities of software developers. How expert software developers interact with each other and with non-developers in the use of community products have received little attention. This paper discusses the altruistic s...
متن کاملAn Empirical Study of Security Requirements in Planning Bug Fixes for an Open Source Software Project
it is often difficult to estimate the resources needed to plan for bug fixing activities in software development projects. Security bug fixes are commonly implemented as patches in response to emergent common vulnerability and exposure (CVE) reports. In this paper we investigate how to plan for bug fixing, and whether security related bug fixes are different from other bugs. In a preprocessing ...
متن کاملContributors Preference in Open Source Software Usability: An Empirical Study
The fact that the number of users of open source software (OSS) is practically un-limited and that ultimately the software quality is determined by end user’s experience, makes the usability an even more critical quality attribute than it is for proprietary software. With the sharp increase in use of open source projects by both individuals and organizations, the level of usability and related ...
متن کاملAn Empirical Study on Off-the-Shelf Component Usage in Industrial Projects
Using OTS (Off-The-Shelf) components in software projects has become increasing popular in the IT industry. After project managers opt for OTS components, they can decide to use COTS (Commercial-Off-The-Shelf) components or OSS (Open Source Software) components instead of building these themselves. This paper describes an empirical study on why project decisionmakers use COTS components instead...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2017