Abstract
Nmap, free open source utility for network exploration or security auditing, today counts for thirteen million lines of code representing four thousand years of programming effort. Hackers can use it to conduct illegal activities, and information security professionals can use it to safeguard their network. In this dual-use context, question of trust is raised. Can we trust programmers developing open source dual use security software? Motivated by this research question, we conducted interviews among hackers and information security professionals, and explored ohloh.net database. Our results show that contributors behind open source security software (OSSS) are hackers, OSSS have important dual-use dimension, information security professionals generally trust OSSS, and large organizations will avoid adopting and using OSSS.
Chapter PDF
Similar content being viewed by others
Keywords
References
Allen, J., Collison, S., and Luckey, R.: Ohloh Web Site Api (2009), http://www.ohloh.net
Boehm, B.W.: Software Engineering Economics. Prentice Hall (1981)
Cavusoglu, H., Cavusoglu, H., Raghunathan, S.: Efficiency of Vulnerability Disclosure Mechanisms to Disseminate Vulnerability Knowledge. IEEE Transactions on Software Engineering 33(3), 171–185 (2007)
Cavusoglu, H., Cavusoglu, H., Zhang, J.: Security Patch Management: Share the Burden or Share the Damage? Management Science 54(4), 657–670 (2008)
Creswell, J.W.: Educational research: Planning, conducting and evaluating quantitative and qualitative Research. Pearson Education, Inc., Upper Saddle River (2002)
Crowston, K., Scozzi, B.: Open Source Software Projects as Virtual Organizations: Competency Rallying for Software Development. lEE Proceedings Software 149(1), 3–17 (2002)
Das, T.K., Teng, B.: Between trust and control: developing confidence in partner cooperation in alliances. Academy of Management Review 23, 491–512 (1998)
DiBona, C., Ockman, S., Stone, M.: Open Sources. Voices from the Open Source Revolution. O’Reilly & Associates, Sebastapol (1999)
Eriksson Anders, E.: Information Warfare: Hype or Reality. The Nonproliferation Review (Spring-Summer 1999)
Williams, E.M., Hays Bret, B.: Dual-Use Technology In the Context of the Non-Proliferation Regime, History and Technology (March 2006), doi: 10.1080/07341510500517850
Gallivan, M.: Striking a balance between trust and control in a virtual organization: a content analysis of open source software case studies. Inf. Syst. J. 11(4), 277–304 (2001)
Gallivan, M.J.: Striking a Balance Between Trust and Control in a Virtual Organization: A Content Analysis of Open Source Software Case Studies. Information Systems Joumal 11(4), 277–304 (2001)
Haines, J., Ryder, D.K., Tinnel, L., Taylor, S.: Validation of Sensor Alert Correlators. IEEE Security and Privacy 1(1), 46–56 (2003), http://dx.doi.org/10.1109/MSECP.2003.1176995 , doi:10.1109/MSECP.2003.1176995
Harrison, J.S., St John, C.H.: Managing and partnering with external stakeholders. Academy of Management Executive 10, 46–61 (1996)
Hars, A., Ou, S.: Working for Free? Motivations for Participating in Open-Source Projects. International Journal of Electronic Commerce (6), 25–39 (2002)
Hars, A., Ou, S.: Working for Free? Motivations for Participating in Open Source Projeets. International Journal of Electronic Commerce 6(3), 25–39 (2002)
Hertel, G.: Management virtueller teams auf der basis sozialpsychologischer modelle. In: Witte, E.H. (ed.) Sozialpsychologie Wirtschaflicher Prozesse, pp. 172–202. Pabst Publishers, Lengerich (2002)
Hertel, G., Konradt, U., Orlikowski, B.: Managing distance by interdependence: goal setting, task interdependence, and team-based rewards in virtual teams, submitted for publication. Jargon File (2002), The On-Line Hacker Jargon File, Version
Hertel, G., Niedner, S., Herrmann, S.: Motivation of software developers in Open Source projects: An internet-based survey of contributors to the Linux kernel. Research Policy 32(7), 1159–1177 (2003)
Lakhani, K.R., von Hippel, E.: How Open Source Software Works: ‘Free’ User-to-User Assistance. Research Policy 32(6), 923–943 (2003)
Lakhani, K., Wolf, B., Bates, J., DiBona, C.: Why Hackers Do What They Do: Understanding Motivation and Effort in Free/Open Source Software Projects. The Boston Consulting Group Hacker Survey (2002), http://www.osdn.com/bcg
Lakhani, K.R., Wolf, R.G.: Why Hackers Do What They Do: Understanding Motivation and Effort in Free/Open Source Software Projects (September 2003). MIT Sloan Working Paper No. 4425-3. Available at SSRN http://ssrn.com/abstract=443040 or http://dx.doi.org/10.2139/ssrn.443040
Lerner, J., Tirole, J.: Some Simple Economics of Open Source. Journal of Industrial Economics 50(2), 197–234 (2002)
Lerner, J., Tirole, J.: The Simple Economics of Open Source, NBER Working Paper Series, WP 7600. Harvard University, Cambridge, MA (2000)
Malone, T.W., Laubacher, R.J.: The Dawn of the E-Lance Economy. Harvard Business Review 76(5), 144–152 (1998)
Markus, M.L., Manville, B., Agres, C.E.: What Makes a Virtual Organization Work? Shan Management Review 42(1), 13–26 (2000)
Markus, M.L., Manville, B., Agres, C.E.: What makes a virtual organization work? Sloan Management Review 42, 13–26 (2000)
Moon, J.Y., Sproull, L.: Essence of distributed Trust and control in a virtual organization 303 © 2001 Blackwell Science Ltd. Information Systems Journal 11, 277–304 (2000), work: the case of the Linux kernel. First Monday: Peer-Reviewed Journal on the Internet, http://www.firstmonday.org/issues/issue5_11/moon/index.html
Moon, J.Y., Sproull, L.: Essence of distributed work: the case of the Linux kernel. In: Hinds, P., Kiesler, S. (eds.) Distributed Work, pp. 381–404. MIT Press, Cambridge (2002), Also available on the World Wide Web: http://www.firstmonday.dk/issues/issue511/moon/index.html (retrieved October 28, 2002)
O’Reilly, T.: Open source: the model for collaboration in the age of the Internet. Computers, Freedom and Privacy (keynote address), Toronto,Canada. O’Reilly Network (2000), http://www.wideopen.com/reprint/740.html
Osterloh, M., Rota, S.G.: Open Source Software Development—Just Another Case of Collective Invention? Research Policy 36(2), 157–171 (2007)
Perens, B.: The Open Source Definition (1998), http://perens.com/articles/osd.html
Raymond, E.S.: The Cathedral & the Bazaar, pp. 19–64. O’Reilly & Associates, Inc., Sebastapol (1999)
Reppy, J.: International School on Disarmament and Research on Conflicts, http://www.isodarco.it/courses/andalo12/paper/ISO12_ReppyCyber.pdf
Roberts, J.A., Hann, I., Slaughter, S.A.: Understanding the Motivations, Participation, and Performance of Open Source Software Developers: A Longitudinal Study of the Apache Projects. Management Science 52(7), 984–999 (2006)
Stewart, K.J., Gosain, S.: The Impact of Ideology on Effectiveness in Open Source Software Development Teams. MIS Quarterly 30(2) (2006)
Torvalds, L.: Interview with Linus Torvalds: what motivates free software developers? First Monday 3 (1998), http://www.firstmonday.dk/issues/33/torvalds (retrieved from the World Wide Web, December 14, 2001)
Torvalds, L., Diamond, D.: Just for Fun: the Story of an Accidental Revolutionary. Harper Business, New York (2001)
von Krogh, G., Haefliger, S., Spaeth, S., Wallin, M.W.: Carrots and Rainbows: Motivation and Social Practice in Open Source Software Development. MIS Quarterly 36(2), 649–676 (2012)
Wu, C., Gerlach, J.H., Young, C.E.: An Empirical Analysis of Open Source Software Developers’ Motivations and Continuance Intentions. Information & Management 44(3), 253–262 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Silic, M., Back, A. (2013). Information Security and Open Source Dual Use Security Software: Trust Paradox. In: Petrinja, E., Succi, G., El Ioini, N., Sillitti, A. (eds) Open Source Software: Quality Verification. OSS 2013. IFIP Advances in Information and Communication Technology, vol 404. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38928-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-38928-3_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38927-6
Online ISBN: 978-3-642-38928-3
eBook Packages: Computer ScienceComputer Science (R0)