{"title":"An Empirical Study of Security Culture in Open Source Software Communities","authors":"Shao-Fang Wen, Mazaher Kianpour, S. Kowalski","doi":"10.1145/3341161.3343520","DOIUrl":null,"url":null,"abstract":"Open source software (OSS) is a core part of virtually all software applications today. Due to the rapidly growing impact of OSS on society and the economy, the security aspect has attracted researchers' attention to investigate this distinctive phenomenon. Traditionally, research on OSS security has often focused on technical aspects of software development. We argue that these aspects are important, however, technical security practice considering different social aspects of OSS development will assure the effectiveness and efficiency of the implementation of the tool. To mitigate this research gap, in this empirical study, we explore the current security culture in the OSS development phenomenon using a survey instrument with six evaluation dimensions: attitude, behavior, competency, subjective norms, governance, and communication. By exploring the current security culture in OSS communities, we can start to understand the influence of security on participants' security behaviors and decision-making, so that we can make realistic and practical suggestions. In this paper, we present the measurements of security culture adopted in the study and discuss corresponding security issues that need to be addressed in OSS communities.","PeriodicalId":403360,"journal":{"name":"2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3341161.3343520","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
Open source software (OSS) is a core part of virtually all software applications today. Due to the rapidly growing impact of OSS on society and the economy, the security aspect has attracted researchers' attention to investigate this distinctive phenomenon. Traditionally, research on OSS security has often focused on technical aspects of software development. We argue that these aspects are important, however, technical security practice considering different social aspects of OSS development will assure the effectiveness and efficiency of the implementation of the tool. To mitigate this research gap, in this empirical study, we explore the current security culture in the OSS development phenomenon using a survey instrument with six evaluation dimensions: attitude, behavior, competency, subjective norms, governance, and communication. By exploring the current security culture in OSS communities, we can start to understand the influence of security on participants' security behaviors and decision-making, so that we can make realistic and practical suggestions. In this paper, we present the measurements of security culture adopted in the study and discuss corresponding security issues that need to be addressed in OSS communities.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
