A Brief Note On Security Tactics Adoption And A Security...

IV. CRITICAL ANALYSIS Ryoo, J. et al. was successful in investigating the degree of security tactics adoption and clearly identified a security gap between the design and implementation of the software. The authors followed a manual process to study security vulnerabilities in open source software. Processes like code review or searching for security keywords in the documentation or source code does not prove if the software protects its users from malicious intrusions or leaking private data. The authors searched for keywords like security, authenticate, authorize, cipher, encrypt etc. in the source code of the selected 53 Open Source Software to see if any of these security tactics appear as file names or class names. This is not a†¦show more content†¦900 social insurance numbers were stolen from Canadian Revenue Agency by exploiting the heartbleed bug. To identify such critical bugs, there has to be an automated testing framework that tests common programming errors, data leakage and other ways of malicious intrusions into the application. This paper is very limited to identifying the rate of usage of the security tactics in open source software. Well documented and implemented security policies are very important to maintain the quality and reliability of any software application. V. OUR CONTRIBUTION The following are some of our recommendations that should be considered when deploying or using any open source software. A. Notification Getting users to update to the lasted version of the application has been a long lasting issue with Open Source Software. The main reason for this was attributed to the lack of awareness about the security update. All the security patches to the application are pushed to consumers through such updates. Maintenance is very important to maintain the quality and reliability of the product. In the software industry updates are a form of maintenance. We suggest Open source software community to start notifying consumers about the update. This can done by assigning a unique identification for each of its users and mandatorily collecting their contact information. Subscribing users to the respective open source