A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior
IEEE Transactions on Software Engineering
Communications of the ACM
Computer
Cryptoanalysis of the Cellular Encryption Algorithm
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Building Diverse Computer Systems
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Increased security through open source
Communications of the ACM - The patent holder's dilemma: buy, sell, or troll?
IEEE Software
Empirical study of the effects of open source adoption on software development economics
Journal of Systems and Software
Open source vs. closed source software: towards measuring security
Proceedings of the 2009 ACM symposium on Applied Computing
A survey on security in JXTA applications
Journal of Systems and Software
Secure open source collaboration: an empirical study of linus' law
Proceedings of the 16th ACM conference on Computer and communications security
Strengthening the empirical analysis of the relationship between Linus' Law and software security
Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement
Organizational social structures for software engineering
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
Most commercial software producers guard access to the source code of their systems, making it difficult for anyone outside their organizations to apply a variety of measures that could potentially improve system security. But since an attacker could also examine public source code to find flaws, would source code access be a net gain or loss for security? The question goes beyond the technical issues involved because publishing source code reveals intellectual property and therefore affects the producer's business model. We consider this question from several perspectives and tentatively conclude that having source code available should on balance work in favor of system security.