CHALLENGES IN SECURITY AUDITS IN OPEN SOURCE SYSTEMS
2019 (English)Independent thesis Basic level (degree of Bachelor), 15 credits / 22,5 HE credits
Student thesisAlternative title
UTMANINGAR I SÄKERHETSREVISIONER I SYSTEM MED ÖPPEN KÄLLKOD (Swedish)
Abstract [en]
Today there is a heavy integration of information technology in almost every aspect of our lives and there is an increase in computer security that goes with it. To ensure this security, and that policies and procedures within an organisations related to this security are enforced; security audits are conducted.
At the same time, use of open source software is also becoming increasingly common, becoming more a fact of life rather than an option. With these two trends in mind, this study analyses a selection of scientific literature on the topic and identifies the unique challenges a security audit in an open source environment faces, and aims to contribute on how to help alleviate the challenges.
The study was performed in the form of a literature review, where the comparison and analysis revealed interesting information regarding the open source specific challenges, including both technical issues as well as challenges stemming from people’s perception and handling of open source software today.
The answer to the question “What are the challenges when conducting security audits for open source systems and how can they be alleviated?” shows the main challenges to be too much trust is put in unverified binaries. The report offers suggestions and ideas on how to implement solutions in order to help diminish this challenge through the use and integration of Reproducible Builds, answering the second part of the question.
Place, publisher, year, edition, pages
2019. , p. 25
Keywords [en]
Security Audit, Open Source Software, Reproducible Builds
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:his:diva-17637OAI: oai:DiVA.org:his-17637DiVA, id: diva2:1348210
Subject / course
Informationsteknologi
Educational program
Network and Systems Administration
Supervisors
Examiners
2019-09-042019-09-032019-09-04Bibliographically approved