Search results

In response to the increasing number of open‐source software (OSS) project initiatives and the increasing demand of OSS products as alternative solutions by industries, it is important for particular stakeholders such as the project host/supporter project‐leading teams, and prospective customers to determine whether a project initiative is likely to be sustainable and is worth supporting. This paper aims to propose a concept of “health” indicators and an evaluation process that can help to get a status overview of OSS projects in a timely fashion and predict project survivability based on the project data available on web repositories.

For initial empirical evaluation of the concept, the indicators are applied to well‐known web‐based OSS projects (Apache Tomcat and Apache HTTP Server) and the results are compared with challenged projects (Apache Xindice and Apache Slide). The results are discussed with OSS experts to investigate the external validity of the indicators.

From a software project management point of view, a typical web‐based OSS project can be viewed as a web‐engineering process, since most OSS projects exploit the benefits of a web platform and enable the project community to collaborate using web‐based project tools and repositories such as mailing lists, bug trackers, and versioning systems (CVS/SVN) to deliver web systems and applications. These repositories can provide rich collections of process data, and artifacts which can be analyzed to better understand the project status.

The paper provides information of value about open‐source solutions.

In any information security risk assessment, vulnerabilities are usually identified by information‐gathering techniques. However, vulnerability identification errors – wrongly identified or unidentified vulnerabilities – can occur as uncertain data are used. Furthermore, businesses' security needs are not considered sufficiently. Hence, security functions may not protect business assets sufficiently and cost‐effectively. This paper aims to resolve vulnerability errors by analysing the security requirements of information assets in business process models.

Business process models have been selected for use, because there is a close relationship between business process objectives and risks. Security functions are evaluated in terms of the information flow of business processes regarding their security requirements. The claim that vulnerability errors can be resolved was validated by comparing the results of a current risk assessment approach with the proposed approach. The comparison is conducted both at three entities of an insurance company, as well as through a controlled experiment within a survey among security professionals.

Vulnerability identification errors can be resolved by explicitly evaluating security requirements in the course of business; this is not considered in current assessment methods.

It is shown that vulnerability identification errors occur in practice. With the explicit evaluation of security requirements, identification errors can be resolved. Risk assessment methods should consider the explicit evaluation of security requirements.