Committed to Trust: A Qualitative Study on Security &amp; Trust in Open Source Software Projects

Wermke, Dominik; Wohler, Noah; Klemmer, Jan H.; Fourné, Marcel; Acar, Yasemin; Fahl, Sascha

doi:10.1109/sp46214.2022.9833686

Cited by 18 publications

(9 citation statements)

References 75 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the mobile context, ransomware mitigation strategies leveraged unique aspects of mobile operating systems, such as application sandboxing and stricter app store policies [21,7,22]. Efforts were primarily concentrated on preventing the installation of malicious apps through vetted app store mechanisms and using mobile security solutions that monitored for suspicious behaviors [22,23]. However, these strategies often fell short in environments where users could bypass standard security measures through activities like jailbreaking or installing apps from unofficial sources, thus exposing devices to ransomware risks [24,25].…”

Section: Ransomware Mitigation On Mobile Devicesmentioning

confidence: 99%

Leveraging File System Characteristics for Ransomware Mitigation in Linux Operating System Environments

Guo,

Liang,

Long

2024

Preprint

View full text Add to dashboard Cite

A novel approach to mitigating ransomware attacks on Linux systems is introduced in this study, which capitalizes on the unique characteristics of the Linux file system. This method significantly deviates from traditional ransomware mitigation strategies that primarily depend on reactive detection algorithms. Instead, it introduces proactive system-level enhancements that preemptively secure file systems against a spectrum of both known and emerging ransomware threats. The core innovation of this approach lies in its strategic utilization of the structural benefits of Linux file system architectures, providing a robust framework for shielding against sophisticated and evolving ransomware attacks. These enhancements not only bolster security but also ensure minimal impact on system performance, thereby offering a balanced and effective solution to the persistent challenge of ransomware in Linux environments. By integrating behavior-based detection mechanisms with real-time system monitoring, this approach demonstrates a substantial improvement in both detection accuracy and response times, setting a new standard for ransomware defense strategies in Linux systems.

show abstract

Section: Ransomware Mitigation On Mobile Devicesmentioning

confidence: 99%

Leveraging File System Characteristics for Ransomware Mitigation in Linux Operating System Environments

Guo,

Liang,

Long

2024

Preprint

View full text Add to dashboard Cite

show abstract

“…They used a novel extracting method and analysed registered metadata in repositories such as commits and xes that were used for the maintenance of the projects. Wermke et al [21] conducted interviews with 27 people who were involved in the maintenance of open source projects and analysesd their practices for security and trust.…”

Section: Static Code Analysismentioning

confidence: 99%

Trust challenges in reusing open source software

Ghofrani

Paria

et al. 2022

Proceedings of the 26th ACM International Systems and Software Product Line Conference - Volume B

View full text Add to dashboard Cite

Open source projects play a signicant role in software production. Most of the software projects reuse and build upon the existing open source projects and libraries. While reusing is a time and cost saving strategy, some of the key factors are often neglected that create vulnerability in the software system. We look beyond the static code analysis and dependency chain tracing to prevent vulnerabilities at the human factors level. Literature lacks a comprehensive study of the human factors perspective to the issue of trust in reusing open source projects. We performed an interview-based initial study with software developers to get an understanding of the trust issue and limitations among the practitioners. We outline some of the key trust issues in this paper and layout the rst steps towards a trustworthy reuse of software.

show abstract

“…Transparency and accountability are next established in OSS projects, requesting that code reviews and decision-making procedures be conducted transparently. Thus, people are made trustful and work together, which is a community-enhancing factor [8]. Governance structures form one of the most important pillars of sustainable enterprises that ensure compliance with set standards, aid in exchanging ideas, and efficiently use resources to integrate safety measures in their management practices [3].…”

Section: Framework Formulationmentioning

confidence: 99%

“…Encouraging cooperation and knowledge transfer among the community members is essential to the formation of a culture of data mutual understanding and shared responsibility for one another. Opensource projects should allow for the collaborative exchange of methods that have worked, security guides, and threat data [8].…”

Section: Policy Recommendationsmentioning

confidence: 99%

A Theoretical Framework for Enhancing Open-Source Software Security

Ghag

2022

J Arti Inte & Cloud Comp

View full text Add to dashboard Cite

Cyber security is a rapidly developing field and open-source software (OSS) is being led by a collaborative community and a transparent nature. This research intends to make a theoretical framework highlighting the symbiosis of community engagement models, governance models, and the security of open-source ecosystems. The significant purposes aim to investigate how community engagement affects open source software development, analyze the deployment of the governance systems in widely used open source projects, and create the theoretical model that brings the cybersecurity processes in those practices. The literature survey covers existing research on open-source software development, community engagement, governance models, and cybersecurity practices within the OSS ecosystem. Through literature review the basic concepts are investigated using conceptual analysis to determine which principles and mechanisms the Community Model Engagement and Governance models operate, influencing the security of Open Source Software. Open-source project policy recommendations are the foundation for the security of communities where members fully contribute to better governance. This includes developing a fundamental conceptual analysis to lay out the framework's principles and operation (mechanisms). This contributes to the overall development of the theoretical framework. This research expects to develop a standardized theoretical framework that tackles the community engagement-governance models-security software link from new and insightful perspectives. Practical policy recommendations to protect OSS projects will be presented to solve the cybersecurity problem easily and immediately. This study aims to add to the academic and practical discussions that focus on human and organizational components' critical roles in securing open-source software. The discussion of theoretical aspects gives this platform a unique angle that fits well into the technical approach while improving the understanding of a legally open cybersecurity community

show abstract

Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects

Cited by 18 publications

References 75 publications

Leveraging File System Characteristics for Ransomware Mitigation in Linux Operating System Environments

Leveraging File System Characteristics for Ransomware Mitigation in Linux Operating System Environments

Trust challenges in reusing open source software

A Theoretical Framework for Enhancing Open-Source Software Security

Contact Info

Product

Resources

About