Browse > Article
http://dx.doi.org/10.5626/KTCP.2017.23.8.487

Open Source Software Security Issues and Applying a Secure Coding Scheme  

Kim, Byoungkuk (Korea Univ.)
Publication Information
KIISE Transactions on Computing Practices / v.23, no.8, 2017 , pp. 487-491 More about this Journal
Abstract
Open source software allows the users to freely use, copy, distribute and modify source code without any particular limitations, and this offers the advantages of low entry cost, fast and flexible development, compatibility, reliability and safety. The emergence of many useful open source projects has the advantage of achieving high levels of output with lower costs and time commitment for software development. However, this also increases the risks caused by the security vulnerabilities of the used open source software. There is still no separate process to verify security in using open source software. In this paper, we analyze the security weakness in open source and propose a secure coding scheme in adopting open source, which is known to be highly reliable from a security point of view.
Keywords
open source software; secure coding; software weakness; software vulnerability; static analysis tool;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Synopsys. Coverity Releases Security Spotlight Report on Critical Security Defects in Open Source Projects [Online]. Available: http://www.coverity.com/press-releases/coverity-releases-security-potlight-report-on-critical-security-defects-in-open-source-projects/ (downloaded 2016. Sep. 22).
2 Redhat. Red Hat Product Security Risk Report: 2015 [Online]. Available: https://access.redhat.com/blogs/766093/posts/2262281 (downloaded 2016. Sep. 25).
3 SC Magazine. Open source products could greatly increase digital risks, report [Online]. Available: http://www.scmagazine.com/report-finds-companies-should-manage-application-risks-as-an-enterprise-risks/article/561981/ (downloaded 2016. Oct. 23).
4 CWE. What is CWE? What is a "software weakness?" [Online]. Available: https://cwe.mitre.org/about/faq.html#A.1 (downloaded 2016. Oct. 23).
5 CVE. What is a "vulnerability?" [Online]. Available: http://cve.mitre.org/about/faqs.html#a8 (downloaded 2016. Oct. 23).
6 CWE. Common Weakness Scoring System [Online]. Available: http://cwe.mitre.org/cwss/cwss_v1.0.1.html (downloaded 2017. May. 2).
7 CVE. Common Vulnerability Scoring System [Online]. Available: https://www.first.org/cvss (downloaded 2017. May. 2).
8 Apple. Secure Coding Guide [Online]. Available: https://developer.apple.com/library/content/documentation/Security/Conceptual/SecureCodingGuide/Introduction.html (downloaded 2016. Oct. 11).
9 CERT. The SEI CERT Coding Standard, 2016 Edition., Carnegie Mellon University, 2016.
10 Ministry of the Interior. Secure Coding Guide, Ministry of the Interior, 2012.
11 Facebook. Infer bug types [Online]. Available: http://fbinfer.com/docs/infer-bug-types.html (downloaded 2016. Oct. 11).
12 H. J. Im, "Status and Issue in Using Open Source Software for Embedded Systems," Proc. Communications of the KIISE, Vol. 26, No. 7, pp. 67-74, 2008. (in Korean).
13 Black Duck Software, Inc., Open Source Security Analysis., Black Duck Software, Inc., 2016.
14 GitHub. FMDB [Online]. Available: https://github.com/arttrick/fmdb/ (downloaded 2017. Jun. 3).
15 GitHub. RestKit [Online]. Available: https: //github.com/arttrick/RestKit/ (downloaded 2017. Jun. 3).
16 GitHub. AFNetworking [Online]. Available: https://github.com/arttrick/AFNetworking (downloaded 2017. Jun. 4).
17 GitHub. GPUImage [Online]. Available: https://github.com/arttrick/GPUImage (downloaded 2017. Jun. 4).