There is a newer version of this record available.

Software Open Access

Enterprise-Driven Open Source Software: A Case Study on Security Automation

Angermeir, Florian; Voggenreiter, Markus; Moyón, Fabiola; Mendez, Daniel

Security activities are essential for all software development projects to detect potential flaws early, to avoid security breaches, data loss and adhere to existing standards. The integration of security activities within the broadly utilized continuous integration (CI) pipelines are equally supported by literature as well as security experts.
This paper analyzes the tool usage of automated security activities in CI pipelines. In particular, we mine publicly available enterprise-driven open source software repositories and survey a sample of project maintainers to better understand the role security and security tools play in their CI pipelines. This shall allow, in the long-run, to better understand the extent to which security forms (or should form) part of automated pipelines, thus, facilitating the improvement of practices and standards. To increase the transparency of our results but also to allow other researchers replicate our study (and taking different perspectives), we further disclose our data (and material) to the public.

Our results indicate, among other things, that security may be very much influenced by the programming language, yet it plays a vital role in a large extent of projects. At the same time, only a small fraction of 6.83 \% of the projects appropriately consider security. This corroborates our own industry experiences and leave open an avenue for further improvements of the state of practice which we outline in the manuscript at hands.

Files (1.4 MB)
Name Size
angrymeir/Enterprise-Driven-OSS-Case-Study-Security-Automation-v0.9.zip
md5:9e6091c77c4c68627792a21bc1fbeb8c
1.4 MB Download
110
13
views
downloads
All versions This version
Views 11035
Downloads 132
Data volume 18.8 MB2.8 MB
Unique views 7522
Unique downloads 132

Share

Cite as