Information Security and Open Source Dual Use Security Software: Trust Paradox

  • Mario Silic
  • Andrea Back
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 404)

Abstract

Nmap, free open source utility for network exploration or security auditing, today counts for thirteen million lines of code representing four thousand years of programming effort. Hackers can use it to conduct illegal activities, and information security professionals can use it to safeguard their network. In this dual-use context, question of trust is raised. Can we trust programmers developing open source dual use security software? Motivated by this research question, we conducted interviews among hackers and information security professionals, and explored ohloh.net database. Our results show that contributors behind open source security software (OSSS) are hackers, OSSS have important dual-use dimension, information security professionals generally trust OSSS, and large organizations will avoid adopting and using OSSS.

Keywords

information security dual-use technology open source security software FLOSS trust hacker Nmap ohloh.net 

References

  1. 1.
    Allen, J., Collison, S., and Luckey, R.: Ohloh Web Site Api (2009), http://www.ohloh.net
  2. 2.
    Boehm, B.W.: Software Engineering Economics. Prentice Hall (1981)Google Scholar
  3. 3.
    Cavusoglu, H., Cavusoglu, H., Raghunathan, S.: Efficiency of Vulnerability Disclosure Mechanisms to Disseminate Vulnerability Knowledge. IEEE Transactions on Software Engineering 33(3), 171–185 (2007)CrossRefGoogle Scholar
  4. 4.
    Cavusoglu, H., Cavusoglu, H., Zhang, J.: Security Patch Management: Share the Burden or Share the Damage? Management Science 54(4), 657–670 (2008)CrossRefGoogle Scholar
  5. 5.
    Creswell, J.W.: Educational research: Planning, conducting and evaluating quantitative and qualitative Research. Pearson Education, Inc., Upper Saddle River (2002)Google Scholar
  6. 6.
    Crowston, K., Scozzi, B.: Open Source Software Projects as Virtual Organizations: Competency Rallying for Software Development. lEE Proceedings Software 149(1), 3–17 (2002)CrossRefGoogle Scholar
  7. 7.
    Das, T.K., Teng, B.: Between trust and control: developing confidence in partner cooperation in alliances. Academy of Management Review 23, 491–512 (1998)Google Scholar
  8. 8.
    DiBona, C., Ockman, S., Stone, M.: Open Sources. Voices from the Open Source Revolution. O’Reilly & Associates, Sebastapol (1999)MATHGoogle Scholar
  9. 9.
    Eriksson Anders, E.: Information Warfare: Hype or Reality. The Nonproliferation Review (Spring-Summer 1999) Google Scholar
  10. 10.
    Williams, E.M., Hays Bret, B.: Dual-Use Technology In the Context of the Non-Proliferation Regime, History and Technology (March 2006), doi: 10.1080/07341510500517850 Google Scholar
  11. 11.
    Gallivan, M.: Striking a balance between trust and control in a virtual organization: a content analysis of open source software case studies. Inf. Syst. J. 11(4), 277–304 (2001)MathSciNetMATHCrossRefGoogle Scholar
  12. 12.
    Gallivan, M.J.: Striking a Balance Between Trust and Control in a Virtual Organization: A Content Analysis of Open Source Software Case Studies. Information Systems Joumal 11(4), 277–304 (2001)MathSciNetMATHCrossRefGoogle Scholar
  13. 13.
    Haines, J., Ryder, D.K., Tinnel, L., Taylor, S.: Validation of Sensor Alert Correlators. IEEE Security and Privacy 1(1), 46–56 (2003), http://dx.doi.org/10.1109/MSECP.2003.1176995, doi:10.1109/MSECP.2003.1176995CrossRefGoogle Scholar
  14. 14.
    Harrison, J.S., St John, C.H.: Managing and partnering with external stakeholders. Academy of Management Executive 10, 46–61 (1996)Google Scholar
  15. 15.
    Hars, A., Ou, S.: Working for Free? Motivations for Participating in Open-Source Projects. International Journal of Electronic Commerce (6), 25–39 (2002)Google Scholar
  16. 16.
    Hars, A., Ou, S.: Working for Free? Motivations for Participating in Open Source Projeets. International Journal of Electronic Commerce 6(3), 25–39 (2002)Google Scholar
  17. 17.
    Hertel, G.: Management virtueller teams auf der basis sozialpsychologischer modelle. In: Witte, E.H. (ed.) Sozialpsychologie Wirtschaflicher Prozesse, pp. 172–202. Pabst Publishers, Lengerich (2002)Google Scholar
  18. 18.
    Hertel, G., Konradt, U., Orlikowski, B.: Managing distance by interdependence: goal setting, task interdependence, and team-based rewards in virtual teams, submitted for publication. Jargon File (2002), The On-Line Hacker Jargon File, Version Google Scholar
  19. 19.
    Hertel, G., Niedner, S., Herrmann, S.: Motivation of software developers in Open Source projects: An internet-based survey of contributors to the Linux kernel. Research Policy 32(7), 1159–1177 (2003)CrossRefGoogle Scholar
  20. 20.
    Lakhani, K.R., von Hippel, E.: How Open Source Software Works: ‘Free’ User-to-User Assistance. Research Policy 32(6), 923–943 (2003)CrossRefGoogle Scholar
  21. 21.
    Lakhani, K., Wolf, B., Bates, J., DiBona, C.: Why Hackers Do What They Do: Understanding Motivation and Effort in Free/Open Source Software Projects. The Boston Consulting Group Hacker Survey (2002), http://www.osdn.com/bcg
  22. 22.
    Lakhani, K.R., Wolf, R.G.: Why Hackers Do What They Do: Understanding Motivation and Effort in Free/Open Source Software Projects (September 2003). MIT Sloan Working Paper No. 4425-3. Available at SSRN http://ssrn.com/abstract=443040 or http://dx.doi.org/10.2139/ssrn.443040
  23. 23.
    Lerner, J., Tirole, J.: Some Simple Economics of Open Source. Journal of Industrial Economics 50(2), 197–234 (2002)CrossRefGoogle Scholar
  24. 24.
    Lerner, J., Tirole, J.: The Simple Economics of Open Source, NBER Working Paper Series, WP 7600. Harvard University, Cambridge, MA (2000)Google Scholar
  25. 25.
    Malone, T.W., Laubacher, R.J.: The Dawn of the E-Lance Economy. Harvard Business Review 76(5), 144–152 (1998)Google Scholar
  26. 26.
    Markus, M.L., Manville, B., Agres, C.E.: What Makes a Virtual Organization Work? Shan Management Review 42(1), 13–26 (2000)Google Scholar
  27. 27.
    Markus, M.L., Manville, B., Agres, C.E.: What makes a virtual organization work? Sloan Management Review 42, 13–26 (2000)Google Scholar
  28. 28.
    Moon, J.Y., Sproull, L.: Essence of distributed Trust and control in a virtual organization 303 © 2001 Blackwell Science Ltd. Information Systems Journal 11, 277–304 (2000), work: the case of the Linux kernel. First Monday: Peer-Reviewed Journal on the Internet, http://www.firstmonday.org/issues/issue5_11/moon/index.html
  29. 29.
    Moon, J.Y., Sproull, L.: Essence of distributed work: the case of the Linux kernel. In: Hinds, P., Kiesler, S. (eds.) Distributed Work, pp. 381–404. MIT Press, Cambridge (2002), Also available on the World Wide Web: http://www.firstmonday.dk/issues/issue511/moon/index.html (retrieved October 28, 2002)Google Scholar
  30. 30.
    O’Reilly, T.: Open source: the model for collaboration in the age of the Internet. Computers, Freedom and Privacy (keynote address), Toronto,Canada. O’Reilly Network (2000), http://www.wideopen.com/reprint/740.html
  31. 31.
    Osterloh, M., Rota, S.G.: Open Source Software Development—Just Another Case of Collective Invention? Research Policy 36(2), 157–171 (2007)CrossRefGoogle Scholar
  32. 32.
    Perens, B.: The Open Source Definition (1998), http://perens.com/articles/osd.html
  33. 33.
    Raymond, E.S.: The Cathedral & the Bazaar, pp. 19–64. O’Reilly & Associates, Inc., Sebastapol (1999)Google Scholar
  34. 34.
    Reppy, J.: International School on Disarmament and Research on Conflicts, http://www.isodarco.it/courses/andalo12/paper/ISO12_ReppyCyber.pdf
  35. 35.
    Roberts, J.A., Hann, I., Slaughter, S.A.: Understanding the Motivations, Participation, and Performance of Open Source Software Developers: A Longitudinal Study of the Apache Projects. Management Science 52(7), 984–999 (2006)CrossRefGoogle Scholar
  36. 36.
    Stewart, K.J., Gosain, S.: The Impact of Ideology on Effectiveness in Open Source Software Development Teams. MIS Quarterly 30(2) (2006)Google Scholar
  37. 37.
    Torvalds, L.: Interview with Linus Torvalds: what motivates free software developers? First Monday 3 (1998), http://www.firstmonday.dk/issues/33/torvalds (retrieved from the World Wide Web, December 14, 2001)
  38. 38.
    Torvalds, L., Diamond, D.: Just for Fun: the Story of an Accidental Revolutionary. Harper Business, New York (2001)Google Scholar
  39. 39.
    von Krogh, G., Haefliger, S., Spaeth, S., Wallin, M.W.: Carrots and Rainbows: Motivation and Social Practice in Open Source Software Development. MIS Quarterly 36(2), 649–676 (2012)Google Scholar
  40. 40.
    Wu, C., Gerlach, J.H., Young, C.E.: An Empirical Analysis of Open Source Software Developers’ Motivations and Continuance Intentions. Information & Management 44(3), 253–262 (2007)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Mario Silic
    • 1
  • Andrea Back
    • 1
  1. 1.Institute of Information Management (IWI)University of St. GallenSwitzerland

Personalised recommendations