Vulnerability Assessment Analysis in Open Source Code Management within Business Environments

Authors

  • Phanumas Thanapat School of Information Technology, King Mongkut's University of Technology Thonburi, Thailand
  • Chitsuda Gamon School of Information Technology, King Mongkut's University of Technology Thonburi, Thailand

Keywords:

Open Source Software (OSS), Vulnerability Management, Security Assessment Tools, Business Operations, Risk Mitigation Strategies

Abstract

The increasing adoption of open source software (OSS) in business environments has brought numerous advantages, including cost-effectiveness, flexibility, and access to innovation. However, the decentralized nature of OSS introduces significant security risks, as businesses often lack centralized control over software updates and vulnerability management. This research aims to assess the vulnerabilities inherent in the management of open source code within business contexts, explore the effectiveness of current vulnerability assessment tools, and investigate the strategies organizations employ to mitigate these risks. Through a comprehensive analysis of the tools, practices, and challenges businesses face, this study identifies common vulnerabilities in OSS components, evaluates the performance of existing security tools, and examines how businesses manage OSS vulnerabilities in their operations. The findings reveal that while many organizations use vulnerability assessment tools, they often face limitations in managing large-scale OSS deployments and staying current with frequent updates from open source communities. The research also highlights the need for more integrated, proactive vulnerability management practices and provides recommendations for improving OSS security. By offering insights into the specific vulnerabilities and practices associated with OSS in business environments, this study contributes to the growing body of knowledge on open source security and provides actionable strategies for businesses to enhance their OSS management practices.

Downloads

Download data is not yet available.

References

AlMarzouq, M., Zheng, L., Rong, G., & Grover, V. (2005). Open source: Concepts, benefits, and challenges. Communications of the Association for Information Systems, 16(1), 37.

Angle, J. L. (2014). An Examination of Secure Implementation and Maintenance for Free and Open-Source Software. Northcentral University.

Colazo, J. A. (2008). Innovation success: An empirical study of software development projects in the context of the open source paradigm. Library and Archives Canada= Bibliothèque et Archives Canada, Ottawa.

Dowd, M., McDonald, J., & Schuh, J. (2006). The art of software security assessment: Identifying and preventing software vulnerabilities. Pearson Education.

Evans, D. S., Hagiu, A., & Schmalensee, R. (2008). Invisible engines: How software platforms drive innovation and transform industries. The MIT Press.

Fitzgerald, B. (2006). The transformation of open source software. MIS Quarterly, 587–598.

Goldman, R., & Gabriel, R. P. (2005). Innovation happens elsewhere: Open source as business strategy. Morgan Kaufmann.

Herr, H., & Nettekoven, Z. M. (2017). The role of small and medium-sized enterprises in Development. What Can Be Learned from the German Experience.

Jüttner, U. (2005). Supply chain risk management: Understanding the business requirements from a practitioner perspective. The International Journal of Logistics Management, 16(1), 120–141.

Kumar, R., & Goyal, R. (2020). Modeling continuous security: A conceptual model for automated DevSecOps using open-source software over cloud (ADOC). Computers & Security, 97, 101967.

Li, F., & Paxson, V. (2017). A large-scale empirical study of security patches. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2201–2215.

Manzalini, A., Buyukkoc, C., Chemouil, P., Callegati, F., Galis, A., Odini, M. P., Huang, J., Bursell, M., Crespi, N., & Healy, E. (2016). Towards 5G software-defined ecosystems: Technical challenges, business sustainability and policy issues.

Meng, G., Liu, Y., Zhang, J., Pokluda, A., & Boutaba, R. (2015). Collaborative security: A survey and taxonomy. ACM Computing Surveys (CSUR), 48(1), 1–42.

Nguyen, H. K. (2020). Enhancement of a Vulnerability Checker for Software Libraries with Similarity Metrics based on File-Hashes. Bachelor’s thesis, Leibniz Universität Hannover, Software Engineering Group.

Panetto, H., Zdravkovic, M., Jardim-Goncalves, R., Romero, D., Cecil, J., & Mezgár, I. (2016). New perspectives for the future interoperable enterprise systems. Computers in Industry, 79, 47–63.

Parn, E. A., & Edwards, D. (2019). Cyber threats confronting the digital built environment: Common data environment vulnerabilities and block chain deterrence. Engineering, Construction and Architectural Management, 26(2), 245–266.

Pfleeger, C. P., & Pfleeger, S. L. (2012). Analyzing computer security: A threat/vulnerability/countermeasure approach. Prentice Hall Professional.

Ponta, S. E., Plate, H., & Sabetta, A. (2020). Detection, assessment and mitigation of vulnerabilities in open source dependencies. Empirical Software Engineering, 25(5), 3175–3215.

Rajala, R., Westerlund, M., & Möller, K. (2012). Strategic flexibility in open innovation–designing business models for open source software. European Journal of Marketing, 46(10), 1368–1388.

Reeves, M., & Deimler, M. (2012). Adaptability: The new competitive advantage. Own the Future: 50 Ways to Win from the Boston Consulting Group, 19–26.

Schweik, C. M., & English, R. C. (2012). Internet success: a study of open-source software commons. MIT Press.

Simon, K. D. (2005). The value of open standards and open-source software in government environments. IBM Systems Journal, 44(2), 227–238.

Sommer, P., & Brown, I. (2011). Reducing systemic cybersecurity risk. Organisation for Economic Cooperation and Development Working Paper No. IFP/WKP/FGS (2011), 3.

Stol, K.-J., Babar, M. A., Avgeriou, P., & Fitzgerald, B. (2011). A comparative study of challenges in integrating open source software and inner source software. Information and Software Technology, 53(12), 1319–1336.

Woods, D., & Guliani, G. (2005). Open Source for the Enterprise: Managing risks, reaping rewards. “ O’Reilly Media, Inc.”

Downloads

Published

2023-07-30

How to Cite

Thanapat, P., & Gamon, C. (2023). Vulnerability Assessment Analysis in Open Source Code Management within Business Environments. Idea: Future Research, 1(2), 58–65. Retrieved from https://idea.ristek.or.id/index.php/idea/article/view/15

Issue

Vol. 1 No. 2 (2023): July: Idea: Future Research

Section

Articles

License

Copyright (c) 2023 Phanumas Thanapat, Chitsuda Gamon

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.