Software security in open source development: A systematic literature review

摘要

Despite the security community's emphasis on the importance of building secure open source software (OSS), the number of new vulnerabilities found in OSS is increasing. In addition, software security is about the people that develop and use those applications and how their vulnerable behaviors can lead to exploitation. This leads to a need for reiteration of software security studies for OSS developments to understand the existing security practices and the security weakness among them. In this paper, a systematic review method with a sociotechnical analysis approach is applied to identify, extract and analyze the security studies conducted in the context of open source development. The findings include: (1) System verification is the most cited security area in OSS research; (2) The socio-technical perspective has not gained much attention in this research area; and (3) No research has been conducted focusing on the aspects of security knowledge management in OSS development.