Topic "Safety and Security"

Open Source software is often claimed to achieve high levels of safety and security when compared to traditionally developed software. On the other hand the common argument warns about the high risks that are due to the open access to the internal source documents. This seminar topic shall investigate current research into reliability, safety and security studies about Open Source projects. We want to find flaws in arguments from both sides, concerning the ability to find bugs and security related concerns.

Key Questions

  • How secure can software be that is developed publicly?
  • How reasonable are attack scenarios like the infiltration of spy code into Open Source?
  • How does the quotation "Given enough eyeballs, all bugs are shallow" stand the test of empirical evaluation?
  • What kind of importance do traditional quality measures hold in the world of Open Source?

Literatur

  • Christian Payne, 2002. On the security of Open Source software. Information Systems Journal, 12(1):61-78. (Abstract, PDF 110kb, probably only accessible from within FU Berlin)
  • Franz Rieger 1999. Freie Software und Sicherheit. Talk given at "Wizard of Os". (HTML)