Search results

1 – 3 of 3
Article
Publication date: 28 September 2007

Dindin Wahyudin, Khabib Mustofa, Alexander Schatten, Stefan Biffl and A. Min Tjoa

In response to the increasing number of open‐source software (OSS) project initiatives and the increasing demand of OSS products as alternative solutions by industries, it is…

Abstract

Purpose

In response to the increasing number of open‐source software (OSS) project initiatives and the increasing demand of OSS products as alternative solutions by industries, it is important for particular stakeholders such as the project host/supporter project‐leading teams, and prospective customers to determine whether a project initiative is likely to be sustainable and is worth supporting. This paper aims to propose a concept of “health” indicators and an evaluation process that can help to get a status overview of OSS projects in a timely fashion and predict project survivability based on the project data available on web repositories.

Design/methodology/approach

For initial empirical evaluation of the concept, the indicators are applied to well‐known web‐based OSS projects (Apache Tomcat and Apache HTTP Server) and the results are compared with challenged projects (Apache Xindice and Apache Slide). The results are discussed with OSS experts to investigate the external validity of the indicators.

Findings

From a software project management point of view, a typical web‐based OSS project can be viewed as a web‐engineering process, since most OSS projects exploit the benefits of a web platform and enable the project community to collaborate using web‐based project tools and repositories such as mailing lists, bug trackers, and versioning systems (CVS/SVN) to deliver web systems and applications. These repositories can provide rich collections of process data, and artifacts which can be analyzed to better understand the project status.

Originality/value

The paper provides information of value about open‐source solutions.

Details

International Journal of Web Information Systems, vol. 3 no. 1/2
Type: Research Article
ISSN: 1744-0084

Keywords

Content available
Article
Publication date: 28 September 2007

Ismail Khalil Ibrahim

434

Abstract

Details

International Journal of Web Information Systems, vol. 3 no. 1/2
Type: Research Article
ISSN: 1744-0084

Article
Publication date: 12 July 2013

Stefan Taubenberger, Jan Jürjens, Yijun Yu and Bashar Nuseibeh

In any information security risk assessment, vulnerabilities are usually identified by information‐gathering techniques. However, vulnerability identification errors – wrongly…

1000

Abstract

Purpose

In any information security risk assessment, vulnerabilities are usually identified by information‐gathering techniques. However, vulnerability identification errors – wrongly identified or unidentified vulnerabilities – can occur as uncertain data are used. Furthermore, businesses' security needs are not considered sufficiently. Hence, security functions may not protect business assets sufficiently and cost‐effectively. This paper aims to resolve vulnerability errors by analysing the security requirements of information assets in business process models.

Design/methodology/approach

Business process models have been selected for use, because there is a close relationship between business process objectives and risks. Security functions are evaluated in terms of the information flow of business processes regarding their security requirements. The claim that vulnerability errors can be resolved was validated by comparing the results of a current risk assessment approach with the proposed approach. The comparison is conducted both at three entities of an insurance company, as well as through a controlled experiment within a survey among security professionals.

Findings

Vulnerability identification errors can be resolved by explicitly evaluating security requirements in the course of business; this is not considered in current assessment methods.

Originality/value

It is shown that vulnerability identification errors occur in practice. With the explicit evaluation of security requirements, identification errors can be resolved. Risk assessment methods should consider the explicit evaluation of security requirements.

Details

Information Management & Computer Security, vol. 21 no. 3
Type: Research Article
ISSN: 0968-5227

Keywords

1 – 3 of 3