While the vast majority of European and US companies increasingly use open source software for non-key applications, a much smaller number of companies have deployed it in critical areas such as security and access control. This is partly due to residual difficulties in performing and documenting the selection process of open source solutions. In this paper we describe the FOCSE metrics framework, supporting a specific selection process for security-related open source code. FOCSE is based on a set of general purpose metrics suitable for evaluating open source frameworks in general; however, it includes some specific metrics expressing security solutions’ capability of responding to continuous change in threats. We show FOCSE at work in two use cases about selecting two different types of security-related open source solutions, i.e. Single Sign-On and Secure Shell applications.
FOCSE : an OWA-based evaluation framework for OS adoption in critical environments / C.A. Ardagna, E. Damiani, F. Frati (IFIP INTERNATIONAL FEDERATION FOR INFORMATION PROCESSING). - In: Open source development, adoption and innovation : IFIP working group 2.13 on open source software : june 11-14, 2007, Limerick, Ireland / [a cura di] J. Feller, B. Fitzgerald, W. Scacchi, A. Sillitti. - New York : Springer, 2007. - ISBN 9780387724850. - pp. 3-16 (( Intervento presentato al 3. convegno International Conference on Open Source Systems tenutosi a Limerick, Ireland nel 2007 [10.1007/978-0-387-72486-7_1].
FOCSE : an OWA-based evaluation framework for OS adoption in critical environments
C.A. ArdagnaPrimo
;E. DamianiSecondo
;F. FratiUltimo
2007
Abstract
While the vast majority of European and US companies increasingly use open source software for non-key applications, a much smaller number of companies have deployed it in critical areas such as security and access control. This is partly due to residual difficulties in performing and documenting the selection process of open source solutions. In this paper we describe the FOCSE metrics framework, supporting a specific selection process for security-related open source code. FOCSE is based on a set of general purpose metrics suitable for evaluating open source frameworks in general; however, it includes some specific metrics expressing security solutions’ capability of responding to continuous change in threats. We show FOCSE at work in two use cases about selecting two different types of security-related open source solutions, i.e. Single Sign-On and Secure Shell applications.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
