research-article

Security measurements within the framework of quality assessment models for free/libre open source software

Authors:

Arne-Kristian Groven,

Kirsten Haaland,

Ruediger Glott,

Anna TannenbergAuthors Info & Claims

ECSA '10: Proceedings of the Fourth European Conference on Software Architecture: Companion Volume

Pages 229 - 235

https://doi.org/10.1145/1842752.1842796

Published: 23 August 2010 Publication History

Abstract

This article, presents a comparison of a first generation software quality assessment model (OpenBRR) and a second generation model (QualOSS) by applying them to the case of Asterisk, a FLOSS implementation of a telephone private branch exchange (PBX, VoIP). The key trend in the evolution of FLOSS quality assessment models is the movement from manual and descriptive to more automated and analytical models, and from the involvement of a few metrics to hundreds of metrics. Concerning the security measurements, they are much more sophisticated in QualOSS than in OpenBRR. Where OpenBRR have only three security metrics, QualOSS has nine security indicator with altogether 30-40 security metrics. This article shows how security are measured in the two assessment models, putting it into the overall context of the two approaches.

References

[1]

Robson, C., 2002, Real world research: a resource for social scientists and practitioner-researchers, Blackwell Publisher Ltd

[2]

Paulk, M. C., Weber, C. V., Garcia, S. M., Chrissis, M. B., and Bush, M., 1993, Capability Maturity Model for Software, Version 1.1, Software Engineering Institute, Carnegie Mellon University.

[3]

van Loon, H., 2007, Process Assessment and ISO 15504, Springer.

Digital Library

[4]

ISO, 2002" ISO 9001:2000, Quality management systems -- Requirements, International Organization for Standardization.

[5]

McCall, J. A., Richards, P. K., and Walters, G. F., 1973, Factors in Software Quality, Nat'l Tech. Information Service, Vol. 1, 2, and 3.

[6]

Boehm, Barry W., Brown, J. R, and Lipow, M., 1976, Quantitative evaluation of software quality, International Conference on Software Engineering, Proceedings of the 2nd international conference on Software engineering.

Digital Library

[7]

Boehm, B. W., Brown, J. R., Kaspar, H., Lipow, M., McLeod, G., and Merritt, M., 1978, Characteristics of Software Quality, North Holland.

[8]

ISO, 2001, ISO 9126-1:2001, Software engineering -- Product quality, Part 1: Quality model, International Organization for Standardization.

[9]

Capgemini's Open Source Maturity Model (OSMM) assessment available at: http://www.osspartner.com/portail/sections/accueil-public/evaluation-osmm

[10]

Wilson, J., 2006, Open Source Maturity Model, http://www.oss-watch.ac.uk/resources/osmm.xml, section 3

[11]

Sclater, N. Enhancing & Embedding a Mission-Critical Open Source Virtual Learning Environment, 2006, http://www.oss-watch.ac.uk/events/2006-04-10-12/presentations/niallsclater.pdf

[12]

Qualipso, Roadmap: OMM overview, http://qualipso.icmc.usp.br/OMM/

[13]

Qualipso, CMM-like model for OSS, http://www.qualipso.org/node/175

[14]

Samoladas I., Gousios G., Spinellis D., and Stamelos I. The SQO-OSS quality model: Measurement based open source software evaluation. In E. Damiani and G. Succi, ed., Open Source Development, Communities and Quality: 4th International Conference on Open Source Systems, pp. 237--248, Boston.

[15]

SpikeSource, Carnegie Mellon West, Intel, 2005, Business Readiness Rating for Open Source, http://www.openbrr.org/wiki/images/d/da/BRR_whitepaper_2005RFC1.pdf.

[16]

Deprez J.-C., Haaland K., and Kamseu F., 2008, QualOSS Methodology & QUALOSS assessment methods. QualOSS Deliverable D4.1. http://www.qualoss.org/about/Progress/deliverables/WP4_Deliverable4.1_submitted.pdf.

[17]

Ruiz J., Glott R., Flamand J., 2009, Results of Case Studies. QualOSS Deliverable D5.3. http://www.qualoss.org/deliverables/qualoss%20test2.rtf.

[18]

Basili V., 1992, Software Modeling and Measurement: The Goal/Question/Metric Paradigm. University of Maryland Technical Report. UMIACS-TR-92-96

Digital Library

Cited By

Fourné MWermke DEnck WFahl SAcar Y(2023)It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179320(1527-1544)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179320
Namayala PKondo TMselle L(2023)The Factors Affecting User Experience Maturity in Free and Open Source Software Community: An Empirical StudyInternational Journal of Human–Computer Interaction10.1080/10447318.2023.2262270(1-17)Online publication date: 2-Oct-2023
https://doi.org/10.1080/10447318.2023.2262270
Dinev D(2023)Holistic (Software) Quality Theory. An Improved Definition and Meta-ModelComputer Science and Education in Computer Science10.1007/978-3-031-44668-9_10(134-143)Online publication date: 11-Oct-2023
https://doi.org/10.1007/978-3-031-44668-9_10
Show More Cited By

Recommendations

Open source vs. closed source software: towards measuring security
SAC '09: Proceedings of the 2009 ACM symposium on Applied Computing

The increasing availability and deployment of open source software in personal and commercial environments makes open source software highly appealing for hackers, and others who are interested in exploiting software vulnerabilities. This deployment has ...
Quality Models for Free/Libre Open Source Software Towards the "Silver Bullet?
SEAA '10: Proceedings of the 2010 36th EUROMICRO Conference on Software Engineering and Advanced Applications

Selecting the right software is of crucial importance for businesses. Free/Libre Open Source Software (FLOSS) quality models can ease this decision-making. This paper introduces a distinction between first and second generation quality models. The ...
Open source software licenses: Strong-copyleft, non-copyleft, or somewhere in between?

Studies on open source software (OSS) have shown that the license under which an OSS is released has an impact on the success or failure of the software. In this paper, we model the relationship between an OSS developer's utility, the effort that goes ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ECSA '10: Proceedings of the Fourth European Conference on Software Architecture: Companion Volume

August 2010

367 pages

ISBN:9781450301794

DOI:10.1145/1842752

Conference Chair:
Ian Gorton
Pacific Northwest Laboratory
,
Editor:
Carlos E. Cuesta
Rey Juan Carlos University, Spain
,
Program Chair:
Muhammad Ali Babar
IT University of Copenhagen, Denmark

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SAS
FIRST

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 August 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ECSA '10

Sponsor:

ECSA '10: 4th European Conference on Software Architecture

August 23 - 26, 2010

Copenhagen, Denmark

Acceptance Rates

Overall Acceptance Rate 48 of 72 submissions, 67%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
413
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)2

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Fourné MWermke DEnck WFahl SAcar Y(2023)It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179320(1527-1544)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179320
Namayala PKondo TMselle L(2023)The Factors Affecting User Experience Maturity in Free and Open Source Software Community: An Empirical StudyInternational Journal of Human–Computer Interaction10.1080/10447318.2023.2262270(1-17)Online publication date: 2-Oct-2023
https://doi.org/10.1080/10447318.2023.2262270
Dinev D(2023)Holistic (Software) Quality Theory. An Improved Definition and Meta-ModelComputer Science and Education in Computer Science10.1007/978-3-031-44668-9_10(134-143)Online publication date: 11-Oct-2023
https://doi.org/10.1007/978-3-031-44668-9_10
Wermke DWöhler NKlemmer JFourné MAcar YFahl S(2022)Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833686(1880-1896)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833686
Abu Talib MAlsaafin AMedjden S(2021)Application of Quality in Use Model to Evaluate the User Experience of Online Banking SoftwareResearch Anthology on Usage and Development of Open Source Software10.4018/978-1-7998-9158-1.ch029(519-538)Online publication date: 2021
https://doi.org/10.4018/978-1-7998-9158-1.ch029
Ehrensperger RSauerwein CBreu R(2021)Toward a Maturity Model for Digital Business Ecosystems from an IT perspective2021 IEEE 25th International Enterprise Distributed Object Computing Conference (EDOC)10.1109/EDOC52215.2021.00012(11-20)Online publication date: Oct-2021
https://doi.org/10.1109/EDOC52215.2021.00012
Abu Talib MAlsaafin AMedjden S(2020)Application of Quality in Use Model to Evaluate the User Experience of Online Banking SoftwareJournal of Cases on Information Technology10.4018/JCIT.202004010322:2(34-51)Online publication date: 1-Apr-2020
https://dl.acm.org/doi/10.4018/JCIT.2020040103
Wen S(2017)Software Security in Open Source Development: A Systematic Literature ReviewProceedings of the 21st Conference of Open Innovations Association FRUCT10.23919/FRUCT.2017.8250205(364-373)Online publication date: 13-Nov-2017
https://dl.acm.org/doi/10.23919/FRUCT.2017.8250205
Abu Talib M(2016)Quality in Use Analysis to Evaluate User Experience of Open Source Software Compatible with MATLABInternational Journal of Open Source Software and Processes10.4018/IJOSSP.20160701017:3(1-19)Online publication date: 1-Jul-2016
https://dl.acm.org/doi/10.4018/IJOSSP.2016070101
Ouhbi SIdri AAlemán JToval A(2014)Evaluating Software Product QualityProceedings of the 2014 Joint Conference of the International Workshop on Software Measurement and the International Conference on Software Process and Product Measurement10.1109/IWSM.Mensura.2014.30(141-151)Online publication date: 6-Oct-2014
https://dl.acm.org/doi/10.1109/IWSM.Mensura.2014.30
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents