Security of open source and closed source software: An empirical comparison of published vulnerabilities

15th Americas Conference on Information Systems 2009, AMCIS 2009

Volumn 5, Issue , 2009, Pages 3076-3087

  Schryen, Guido ^a  

^a INTERNATIONAL COMPUTER SCIENCE INSTITUTE   (United States)

Author keywords

Closed source software; Empirical comparison; Open source software; Security; Vulnerabilities

Indexed keywords

CLOSED SOURCE SOFTWARES; EMPIRICAL COMPARISON; OPEN SOURCE SOFTWARE; SECURITY; VULNERABILITIES;

C (PROGRAMMING LANGUAGE); INFORMATION SYSTEMS; PIECEWISE LINEAR TECHNIQUES; PUBLISHING; SECURITY OF DATA; SOFTWARE PACKAGES;

OPEN SYSTEMS;

EID: 84870378281     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (27)

1. Alhazmi, O., Malaiya, Y. and Ray, I. (2005) Security Vulnerabilities, in Software Systems: A Quantitative Perspective in Data and Applications Security 2005, LNCS 3654, 281-294.
2. Alhazmi, O., Malaiya, Y., Ray, I. (2007) Measuring, analyzing and predicting security vulnerabilities in software systems, in Computers & Security, 26, 3, 219-228.
3. Anderson, R. (2005) Open and Closed Systems are Equivalent (that is, in an ideal world), in Feller, J., Fitzgerald, B., Hissam, S. A. and Lakhani, K.R. (Eds.) Perspectives on Free and Open Source Software, MIT Press, Cambridge, 127-142.
4. Anderson, R. (2002) Security in Open versus Closed Systems-The Dance of Boltzmann, Coase and Moore, in Proceedings of the Conference on Open Source Software Economics, Toulouse, France, June 20-21, 1-13.
5. Anderson, R. (2001) Why Information Security is Hard-An Economic Perspective, in Proceedings of the Seventeenth Computer Security Applications Conference, New Orleans, December 10-14, 358-365.
6. Arora, A., Krishnan, R., Nandkumar, A., Telang, R. and Yang, Y. (2004) Impact of Vulnerability Disclosure and Patch Availability-An Empirical Analysis, in Proceedings of the Third Workshop on the Economics of Information Security, University of Minnesota, May 13-14, 1-20.
7. Arora, A., Telang, A. and Xu, H. (2004), "Optimal Policy for Software Vulnerability Disclosure", in Proceedings of the Third Annual Workshop on Economics and Information Security, University of Minnesota, May 13-14, 52-59.
8. FIRST (2007) A Complete Guide to the Common Vulnerability Scoring SystemVersion 2.0, http://www.first.org/cvss/cvss-guide.html.
9. Free Software Foundation (FSF) (2007) The Free Software Definition, http://www.fsf.org/licensing/essays/free-sw.html.
10. Glass, R.L. (2004) A look at the economics of open source, in Comm. of the ACM, 47,2, 25-27.
11. Goel, A.L. and Okumoto, K. (1979) Time-Dependent Error-Detection Rate Model for Software and Other Performance Measures, in IEEE Transactions on Reliability, 28, 3, 206-211.
12. Gonzalez-Barahona, J. M. (2000) Free Software/Open Source: Information Society Opportunities for Europe?, Working group on Libre Software, http://eu.conecta.it/paper/cathedral_bazaar.html.
13. Jonsson, E., Strömberg, L. and Lindskog, S. (2000) On the functional relation between security and dependability impairments, in Proceedings of the 1999 Workshop on New Security Paradigms, Caledon Hills, Ontario, Canada, September 22-24, 104-111.
14. Kimura, M. (2006) Software vulnerability: definition, modelling, and practical evaluation for e-mail transfer software, in International Journal of Pressure Vessels and Piping, 83, 4, 256-261.
15. Levy, E. (2000) Wide open source, http://www.securityfocus.com/news/19.
16. Messmer, E. (2005) Open source vs. Windows: security debate rages, in Network World, 22, 26, 26-27.
17. MITRE (2009) Vulnerability Management Products & Services by Product Type, http://cve.mitre.org/compatible/vulnerability_management.html.
18. Naraine, R. (2006) DHS backs open-source security, in eWeek, 23, 3, 20.
19. Nizovtsev, D. and Thursby, M. (2007) To disclose or not? An analysis of software user behavior, in Information Economics and Policy, 19, 1, 43-64.
20. Open Source Initiative (OSI) (2006) The Open Source Definition, http://www.opensource.org/docs/osd.
21. Ozment, A. (2005) The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting, in Proceedings of the Fourth Workshop on the Economics of Information Security, Harvard University, June 2-3, Cambridge, Massachusetts, 1-21.
22. Payne, C. (2002) On the security of open source software, in Information Systems Journal, 12, 1, 61-78.
23. Raymond, E.S. (2001) The Cathedral and the Bazaar: Musings on Linux and Open Source by an Accidental Revolutionary, O'Reilly, Beijing, China.
24. Rescorla, E. (2004) Is finding security holes a good idea?, in Proceedings of the Third Annual Workshop on Economics and Information Security, University of Minnesota, May 13-14.
25. Schryen, G. and Kadura, R. (2009) Open Source vs. Closed Source Software: Towards Measuring Security, in Proceedings of the 2009 ACM Symposium on Applied Computing, Honolulu, Hawaii, USA, March 8-12, 2016-2023.
26. Schwarz, M. and Takhteyev, Y. (2008) Half a Century of Public Software Institutions: Open Source as a Solution to Hold Up Problem, http://www.takhteyev.org/papers/Schwarz-Takhteyev-2008.pdf.
27. Witten, B., Landwehr, C. and Caloyannidis, M. (2001) Does open source improve system security?, in IEEE Software, 18,5, 57-61.