Secure open source collaboration: An empirical study of Linus' law

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2009, Pages 453-462

  Meneely, Andrew ^a   Williams, Laurie ^a  

^a North Carolina State University   (United States)

Author keywords

Contribution network; Developer network; Linus' law; Metric; Vulnerability

Indexed keywords

DETRIMENTAL EFFECTS; EMPIRICAL CASE STUDIES; EMPIRICAL STUDIES; HOLD UP; ONE-FACTOR; OPEN SOURCE COLLABORATION; OPEN SOURCE PROJECTS; OPEN SOURCE SOFTWARE; OPEN SOURCES; RED HATS; SECURITY VULNERABILITIES; VERSION CONTROL;

COMPUTER OPERATING SYSTEMS; OPEN SYSTEMS;

NETWORK SECURITY;

EID: 74049133901     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1653662.1653717     Document Type: Conference Paper

References (24)

1. C. Bird, D. Pattison, R. D'Souza et al., "Latent Social Structures in Open Source Projects," in FSE, Atlanta, GA, 2008, p. p24-36.
2. U. Brandes, and T. Erlebach, Network Analysis: Methodological Foundations, Berlin: Springer, 2005.
3. F. Brooks, The mythical man-month: Addison-Wesley, 1995.
4. A. Endres, and D. Rombach, A Handbook of Software and Systems Engineering: Empirical Observations, Laws and Theories: Addison Wesley, 2003.
5. M. Girvan, and M. E. J. Newman, "Community Structure in Social and Biological Networks," The Proceedings of the National Academy of Sciences, vol. 99, no. 12, p. 7821-7826, 2001.
6. J. M. Gonzales-Barahona, L. Lopez-Fernandez, and G. Robles, "Applying Social Network Analysis to the Information in CVS Repositories," in 2005 Mining Software Repositories, Edinburgh, Scotland, United Kingdom, 2004, p.
7. J.-H. Hoepman, and B. Jacobs, "Increased security through open source," Commun. ACM, vol. 50, no. 1, p. 79-83, 2007.
8. ISO, ISO/IEC DIS 14598-1 Information Technology - Software Product Evaluation, 1996.
9. M. M. Lehman, and L. Belady, Program Evolution: Processes of Software Change, London: Academic Press, 1985.
10. M. M. Lehman, and J. F. Ramil, "Rules and Tools for Software Evolution Planning and Management," Annals of Software Engineering, vol. 11, no. 1, p. 15-44, 2001.
11. M. M. Lehman, J. F. Ramil, P. D. Wernick et al., "Metrics and Laws of Software Evolution - The Nineties View," in 4th International Software Metrics Symposium (METRICS '97), Albuquerque, NM, 1997, p. 20-32.
12. A. M. Martinez, and A. C. Kak, "PCA versus LDA," IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 23, no. 2, p. 228-233, 2001.
13. A. Meneely, L. Williams, J. Osborne et al., "Predicting Failures with Developer Networks and Social Network Analysis " in Foundations in Software Engineering, Atlanta, GA, 2008, p. to appear.
14. N. Nagappan, and T. Ball, "Use of Relative Code Churn Measures to Predict System Defect Density," in 27th International Conference on Software Engineering, St. Louis, MO, USA, 2005, p. 284-292.
15. N. Nagappan, B. Murphy, and V. R. Basili, "The Influence of Organizational Structure on Software Quality," in International Conference on Software Engineering, Leipzig, Germany, 2008, p. 521-530.
16. K. Numata, S. Imoto, and S. Miyano, "A Structure Learning Algorithm for Inference of Gene Networks from Microarray Gene Expression Data Using Bayesian Networks," in Bioinformatics and Bioengineering, 2007. BIBE 2007., p. 1280-1284.
17. M. Pinzger, N. Nagappan, and B. Murphy, "Can Developer-Module Networks Predict Failures?," in Foundations in Software Engineering, Atlanta, GA, 2008, p. 2-12.
18. M. Pinzger, N. Nagappan, and B. Murphy, "Can Developer-Module Networks Predict Failures?," in Foundations in Software Engineering, Atlanta, GA, 2008, p. to appear.
19. E. S. Raymond, The Cathedral and the Bazaar: Musings on Linux and Open Source by an Accidental Revolutionary, Sebastopol, California: O'Reilly and Associates, 1999.
20. N. F. Schneidewind, "Methodology For Validating Software Metrics," IEEE Transactions on Software Engineering, vol. 18, no. 5, p. 410-422, 1992.
21. Y. Shin, A. Meneely, L. Williams et al., "Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities," NCSU CSC Technical Report TR-2009-10, submitted to IEEE TSE.
22. K. Tae-Kyun, and J. Kittler, "Locally linear discriminant analysis for multimodally distributed classes for face recognition with a single model image," Pattern Analysis and Machine Intelligence, IEEE Transactions on, vol. 27, no. 3, p. 318-327, 2005.
23. B. Witten, C. Landwehr, and M. Caloyannides, "Does Open Source Improve System Security?," IEEE Softw., vol. 18, no. 5, p. 57-61, 2001.
24. I. H. Witten, and E. Frank, Data Mining: Practical machine learning tools and techniques, 2 ed., San Francisco: Morgan Kaufmann, 2005.