Analysis of the Security of Open-source Software

Abstract

Open-source software replaces today in companies, authorities and private environment, more and more commercial closed source software and has become by widespread use an attractive target for hackers. This development has led to a debate about security of open-source software compared to closed Source software. However, it is difficult to model the different influences of the two strategies on software security. The published models either do not consider the difference between open-source software and closed source software or provide results that do not match the results of empirical studies on the software security of large open-source projects. The report on the Heartbleed Bug in the OpenSSL library has brought this problem into the public eye.