The Experts below are selected from a list of 18507 Experts worldwide ranked by ideXlab platform
Mario Silic - One of the best experts on this subject based on the ideXlab platform.
-
Information Security and Open Source Dual Use Security Software: Trust Paradox
2013Co-Authors: Mario Silic, Andrea BackAbstract:Nmap, free Open Source utility for network exploration or Security auditing, today counts for thirteen million lines of code representing four thousand years of programming effort. Hackers can use it to conduct illegal activities, and information Security professionals can use it to safeguard their network. In this dual-use context, question of trust is raised. Can we trust programmers developing Open Source dual use Security software? Motivated by this research question, we conducted interviews among hackers and information Security professionals, and explored ohloh.net database. Our results show that contributors behind Open Source Security software (OSSS) are hackers, OSSS have important dual-use dimension, information Security professionals generally trust OSSS, and large organizations will avoid adopting and using OSSS.
-
Dual-use Open Source Security software in organizations - Dilemma: Help or hinder?
Computers & Security, 2013Co-Authors: Mario SilicAbstract:Dual-use technology can be used for both peaceful and harmful purposes. While the new type of anonymous, invisible and devastating Security threats (malware, worms and viruses) shape contemporary warfare, organizations are challenged by the undefined risks of Open Source dual-use Security tools. The dual-use dilemma is very important. It has not received adequate academic focus: questions such as increased or decreased risk, facilitation of Security breaches, and the impact on Security awareness have not been clarified or studied. This research closes existing gaps by studying the Open Source dual-use Security software challenges that organizations should consider when using this technology. We utilize a triangulation approach with three independent data Sources to conduct a detailed analysis of this phenomenon. Our study has found that the dual-use technology has both positive and negative effects on information system Security. The ease of use of the dual-use Security software facilitates Security breaches and enterprises are using vulnerable Open Source Security libraries and frameworks to develop their own in-house applications. On a positive note, Open Source dual-use Security software is used as a powerful defense tool against attackers. Our study also found that Security awareness is the key to maintaining the right level of information Security risk in the dual-use context. Dual-use can also be of a great help to organizations in leveraging their information system Security.
-
OSS - Information Security and Open Source Dual Use Security Software: Trust Paradox
Open Source Software: Quality Verification, 2013Co-Authors: Mario Silic, Andrea BackAbstract:Nmap, free Open Source utility for network exploration or Security auditing, today counts for thirteen million lines of code representing four thousand years of programming effort. Hackers can use it to conduct illegal activities, and information Security professionals can use it to safeguard their network. In this dual-use context, question of trust is raised. Can we trust programmers developing Open Source dual use Security software? Motivated by this research question, we conducted interviews among hackers and information Security professionals, and explored ohloh.net database. Our results show that contributors behind Open Source Security software (OSSS) are hackers, OSSS have important dual-use dimension, information Security professionals generally trust OSSS, and large organizations will avoid adopting and using OSSS.
Guido Schryen - One of the best experts on this subject based on the ideXlab platform.
-
Is Open Source Security a myth
Communications of the ACM, 2011Co-Authors: Guido SchryenAbstract:What does vulnerability and patch data say?
Damian Hermanowski - One of the best experts on this subject based on the ideXlab platform.
-
Open Source Security Information Management system supporting IT Security audit
2015 IEEE 2nd International Conference on Cybernetics (CYBCONF), 2015Co-Authors: Damian HermanowskiAbstract:Nowadays, assuring Security of computer systems becomes difficult due to the rapid development of IT technologies, even in household appliances. This article shows exemplary model of the IT Security monitoring and management system. Proposed solution is aimed to collect Security events, analyse them, assess the risk they bring and inform the administrator about them in order to take appropriate decision to mitigate potential Security incident. This system is based on Open Source code toolset. This toolset was studied, tested and examined in the context of the whole system. These tools were configured and an additional code was developed in order to achieve synergy effect from adopting various techniques aimed at network monitoring and system Security.
-
CYBCONF - Open Source Security Information Management system supporting IT Security audit
2015 IEEE 2nd International Conference on Cybernetics (CYBCONF), 2015Co-Authors: Damian HermanowskiAbstract:Nowadays, assuring Security of computer systems becomes difficult due to the rapid development of IT technologies, even in household appliances. This article shows exemplary model of the IT Security monitoring and management system. Proposed solution is aimed to collect Security events, analyse them, assess the risk they bring and inform the administrator about them in order to take appropriate decision to mitigate potential Security incident. This system is based on Open Source code toolset. This toolset was studied, tested and examined in the context of the whole system. These tools were configured and an additional code was developed in order to achieve synergy effect from adopting various techniques aimed at network monitoring and system Security.
Christian Payne - One of the best experts on this subject based on the ideXlab platform.
-
On the Security of Open Source software
Information Systems Journal, 2002Co-Authors: Christian PayneAbstract:With the rising popularity of so-called 'Open Source' software there has been increasing interest in both its various benefits and disadvantages. In particular, despite its prominent use in providing many aspects of the Internet's basic infrastructure, many still question the suitability of such software for the commerce-oriented Internet of the future. This paper evaluates the suitability of Open Source software with respect to one of the key attributes that tomorrow's Internet will require, namely Security. It seeks to present a variety of arguments that have been made, both for and against Open Source Security and analyses in relation to empirical evidence of system Security from a previous study. The results represent preliminary quantitative evidence concerning the Security issues surrounding the use and development of Open Source software, in particular relative to traditional proprietary software.
Andreas Schmoll - One of the best experts on this subject based on the ideXlab platform.
-
ARES - An Open Source Code Analyzer and Reviewer (OSCAR) Framework
2015 10th International Conference on Availability Reliability and Security, 2015Co-Authors: Simon Tjoa, Patrick Kochberger, Christoph Malin, Andreas SchmollAbstract:Due to the intense usage of IT and the growing number of fields of application, we rely more than ever on functional software components. In conjunction with this development it could be observed that in the last years the popularity of Open Source software was on the rise for various reasons. However, in the recent past, serious vulnerabilities have been discovered. In order to support Open Source developers testing their Source code for Security bugs, in this paper, we present the idea of a framework which combines existing Open Source Security checkers. After presenting the architecture of the framework we demonstrate the functionality of the framework using the vulnerable application Web Goat.
