Abstract
While the vast majority of European and US companies increasingly use open source software for non-key applications, a much smaller number of companies have deployed it in critical areas such as security and access control. This is partly due to residual difficulties in performing and documenting the selection process of open source solutions. In this paper we describe the FOCSE metrics framework, supporting a specific selection process for security-related open source code. FOCSE is based on a set of general purpose metrics suitable for evaluating open source frameworks in general; however, it includes some specific metrics expressing security solutions’ capability of responding to continuous change in threats. We show FOCSE at work in two use cases about selecting two different types of security-related open source solutions, i.e. Single Sign-On and Secure Shell applications.
Chapter PDF
Similar content being viewed by others
References
S. Abiteboul, X. Leroy, B. Vrdoljak, R. Di Cosmo, S. Fermigier, S. Lauriere, F. Lepied, R. Pop, F. Villard, J.P. Smets, C. Bryce, K.R. Dittrich, T. Milo, A. Sagi, Y. Shtossel, and E. Panto. Edos: Environment for the development and distribution of open source software. In Proc of The First International Conference on Open Source Systems, pages 66–70, Genova (Italy), July 2005.
C.A. Ardagna, E. Damiani, S. De Capitani di Vimercati, F. Frati, and P. Samarati. CAS++: an open source single sign-on solution for secure e-services. In Proc. of the 21st IFIP International Information Security Conference “Security and Privacy in Dynamic Environments”, May 2006.
C.A. Ardagna, E. Damiani, F. Frati, and M. Madravio. Open source solution to secure e-government services. Encyclopedia of Digital Government, 2006.
C.A. Ardagna, E. Damiani, F. Frati, and M. Montel. Using open source middleware for securing e-gov applications. In Proc. of The First International Conference on Open Source Systems, pages 172–178, Genova (Italy), July 2005.
C.A. Ardagna, E. Damiani, F. Frati, and S. Reale. Adopting open source for mission-critical applications: A case study on single sign-on. In Proc. of IFIP Working Group 2.13 Foundation on Open Source Software, volume 203/2006, pages 209–220, Como, Italy, 2006.
C.A. Ardagna, E. Damiani, F. Frati, and S. Reale. Secure authentication process for high sensitive data e-services: A roadmap. Journal of Cases on Information Technology, 9(1):20–35, 2007.
P. Aubry, V. Mathieu, and J. Marchal. Esup-portal: open source single sign-on with cas (central authentication service). In Proc. of EUNIS04 — IT Innovation in a Changing World, pages 172–178, Bled (Slovenia), 2005.
A. Capiluppi, P. Lago, and M. Morisio. Characteristics of open source projects. In CSMR, page 317, 2003.
CERT-CC. Cert coordination center. Available: www.cert.org/.
M. Conklin. Beyond low-hanging fruit: Seeking the next generation in floss data mining. In Proc. of IFIP Working Group 2.13 Foundation on Open Source Software, volume 203/2006, Como, Italy, 2006.
C. Cowan. Software security for open-source systems. IEEE-SEC-PRIV, 1(1):38–45, January/February 2003.
J. Feller and B. Fitzgerald. A framework analysis of the open source software development paradigm. In ICIS, pages 58–69, 2000.
FLOSSmole. Collaborative collection and analysis of free/libre/open source project data. Available: ossmole.sourceforge.net/.
B. Golden. Succeeding with Open Source. Addison-Wesley Professional, 2004.
The Open Group. Single sign-on. Available: www.opengroup.org/security/sso/.
A. Josang, R. Ismail, and C. Boyd. A survey of trust and reputation systems for online service provision. In Decision Support Systems, 2005.
JOSSO. Java open single sign-on. Available: sourceforge.net/projects/josso.
OpenSSO. Open web SSO. Available: opensso.dev.java.net/.
E. Damiani P. Ceravolo and M. Viviani. Bottom-up extraction and trust-based refinement of ontology metadata. IEEE Transaction on Knowledge and Data Engineering, 19(2):149–163, February 2007.
PuTTY. A free telnet/ssh client. Available: www.chiark.greenend.org.uk/~sgtatham/putty/.
E.S. Raymond. The cathedral and the bazaar. Available: www.openresources.com/documents/cathedral-bazaar/, August 1998.
SourceID. Open source federated identity management. Available: www.sourceid.org/.
Cluster SSH. Cluster admin via ssh. Available: sourceforge.net/projects/clusterssh.
V. Torra. The weighted OWA operator. International Journal of Intelligent Systems, 12(2):153–166, 1997.
WinSCP. Free sftp and scp client for windows. Available: winscp.net/eng/index.php.
R.R. Yager. On ordered weighted averaging aggregation operators in multi-criteria decision making. IEEE Transaction Systems, Man, Cybernetics, 18(1):183–190, January/February 1988.
T. Ylonen. Ssh-secure login connections over the internet. In Proc. of Sixth USENIX Security Symposium, page 3742, San Jose, California, USA, 1996.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Ardagna, C.A., Damiani, E., Frati, F. (2007). FOCSE: An OWA-based Evaluation Framework for OS Adoption in Critical Environments. In: Feller, J., Fitzgerald, B., Scacchi, W., Sillitti, A. (eds) Open Source Development, Adoption and Innovation. OSS 2007. IFIP — The International Federation for Information Processing, vol 234. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-72486-7_1
Download citation
DOI: https://doi.org/10.1007/978-0-387-72486-7_1
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-72485-0
Online ISBN: 978-0-387-72486-7
eBook Packages: Computer ScienceComputer Science (R0)