Presentation av examensarbete för högskoleingenjörsexamen
| Titel: | Security Guidelines for the Usage of Open Source Software |
| Respondent: | SEBASTIAN DOMAR BOLMSTAM och SIAVASH HANIFIL |
| Dag, Datum och Tid: | Torsdag 2020-06-04 kl 12.00 |
| Plats: | Webb-möte (online-möte) med uppkoppling via Zoom: se denna länk |
| Opponenter: | (max 3 st), kontakta respondenter för opponering på rapport. |
| Examinator: | Anders Sjögren, handledare Mira Kajko-Mattsson |
| Språk: | Muntligt på svenska, presentationsbilder på engelska/svenska (frågor kan ställas på engelska). |
| Anmälan: | Anmälan för lyssnarnärvaro behövs ej för besökare. "Aktiva lyssnare" anmäler sig till as@kth.se senast en dag i förväg. |
Abstract
Open-source software is in average used in more than 65% of the applicationswithin the domains of enterprise software, retail and e-commerce, cybersecurity and internet of things (Synopsys, 2019). With the frequent use of
open-source software, security issues arise which need to be handled. These include among other issues; non-patched vulnerabilities and malicious code (Schryen, 2011). Security guidelines for open-source software usage have been dened by numerous security organizations as an eort to increase eective security handling of open source software within organizations. These guidelines often cover directives on many layers of an organization and are often lacking information necessary for them to be understandable, reliable, and
useful to the person using them.
The purpose of this study is to contribute to increased software security related to open-source software usage, by exploring and providing information on the topic, and by dening a set of improved security guidelines that cover
both what measures to take to minimize security risks, and how to implement it, based on the published state-of-the-art security guidelines for using open-source software.
The subject was investigated through a research process focused on answering whether the current state-of-the-art security guidelines could be improved, using a qualitative research type based on a document analysis data collection method. The research was exploratory in its design and the main focus was to explore the subject by trying to answer the posed research question.
By investigating the state of contemporary security guidelines found in literature, and evaluating them using a large set of desirable attributes of high quality guidelines, it became evident that the contemporary guidelines could
be improved. An eort was therefore made to build on the found guidelines and improve them by trying to resolve the issues found through the evaluation.
Keywords:
Open Source (OS), Open Source Software (OSS), Security Guideline (SG), Open Source Software Security