{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T01:48:56Z","timestamp":1773798536240,"version":"3.50.1"},"reference-count":67,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,11]]},"DOI":"10.23919\/fruct.2017.8250205","type":"proceedings-article","created":{"date-parts":[[2018,1,11]],"date-time":"2018-01-11T19:02:08Z","timestamp":1515697328000},"page":"364-373","source":"Crossref","is-referenced-by-count":25,"title":["Software security in open source development: A systematic literature review"],"prefix":"10.23919","author":[{"given":"Shao-Fang","family":"Wen","sequence":"first","affiliation":[]}],"member":"263","reference":[{"key":"ref39","author":"levy","year":"2016","journal-title":"Top Open Source Security Vulnerabilities &#x201D; WhiteSource Blog Web"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/B978-044452769-1\/50008-1"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2663887.2663900"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2010.05.008"},{"key":"ref31","article-title":"Modelling Software Organisations","author":"hales","year":"2002","journal-title":"Proc of PPIG"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/1842752.1842796"},{"key":"ref37","author":"kowalski","year":"1994","journal-title":"IT Insecurity A Multi-discipline Inquiry"},{"key":"ref36","article-title":"Guidelines for performing systematic literature reviews in software engineering","author":"kitchenham","year":"2007","journal-title":"EBSE Technical Report EBSE-2007-01"},{"key":"ref35","first-page":"1","volume":"33","author":"kitchenham","year":"2004","journal-title":"Procedures for Performing Systematic Reviews"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-10-0281-6_40"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-8348-9195-2_35"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.1060.0560"},{"key":"ref61","author":"vangaveeti","year":"2015","journal-title":"An Assessment of Security Problems in Open Source Software"},{"key":"ref63","article-title":"Using software reliability models for security assessment-Verification of assumptions","author":"vouk","year":"2013","journal-title":"2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)"},{"key":"ref28","year":"2008","journal-title":"Open Source Security Study How Are Open Source development communities embracing Security Best practices?"},{"key":"ref64","article-title":"Security of open source web applications","author":"walden","year":"2009","journal-title":"Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/WICSA.2016.41"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1145\/2508075.2514872"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/2531602.2531722"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1177\/0021886395311009"},{"key":"ref67","article-title":"Perspectives on the Security of Open Source Software","author":"xiong","year":"2004","journal-title":"EBook"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/ICEMIS.2016.7745369"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/2832987.2833051"},{"key":"ref20","first-page":"7","article-title":"Analysis of software design artifacts for socio-technical aspects","volume":"6","author":"dama\u0161evi?ius","year":"2007","journal-title":"INFOCOMP Journal of Computer Science"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-77324-7"},{"key":"ref21","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1007\/b137171_2","article-title":"On the human, organizational, and technical aspects of software development and analysis","author":"dama\u0161evi?ius","year":"2009","journal-title":"Information Systems Development"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382218"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1007\/s10606-005-9000-1"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-34588-4_18"},{"key":"ref25","article-title":"A case study in open source software security and privacy: Android adware","author":"erturk","year":"2012","journal-title":"Internet Security (WorldCIS) 2011 World Congress On"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606557"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(16)30048-4"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-8348-9195-2_35"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-013-9258-8"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02032-2_15"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1002\/spip.255"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2015.2500367"},{"key":"ref54","article-title":"Scalable automatic extraction of process models for understanding F\/OSS bug repair","author":"ripoche","year":"2003","journal-title":"Proc ICS'03"},{"key":"ref53","author":"ransbotham","year":"2010","journal-title":"An Empirical Analysis of ExploitationAttempts Based on Vulnerabilities in Open Source Software"},{"key":"ref52","article-title":"An Empirical Analysis of Exploitation Attempts Based on Vulnerabilities in Open Source Software","author":"ransbotham","year":"2010","journal-title":"Proceedings of the 9th Workshop on Economics of Information Security"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/2652524.2652544"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635880"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/1181309.1181314"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-55128-4_37"},{"key":"ref13","author":"chandra","year":"2009","journal-title":"The Software Assurance Maturity Model-A guide to building security into software development"},{"key":"ref14","article-title":"The impact of security by design on the success of open source software","author":"chehrazi","year":"2016","journal-title":"Research Papers ECIS 2016 Proceedings"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/WAINA.2013.245"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1176994"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.4018\/jdm.2008040101"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2089125.2089127"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2145204.2145396"},{"key":"ref4","first-page":"3","article-title":"Vulnerabilities and patches of open source software: an empirical study","volume":"4","author":"altinkemer","year":"2008","journal-title":"Information and System Security"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/UEMCON.2016.7777883"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2010.48"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2009.25"},{"key":"ref8","year":"2016","journal-title":"Security in the age of open source"},{"key":"ref7","article-title":"Ensuring Authentication and Integrity of Open Source Software using Digital Signature","author":"banday","year":"2011","journal-title":"International Journal of Computer Application (IJCA)"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606557"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/2591062.2591200"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/567793.567795"},{"key":"ref45","article-title":"Quality practices and problems in free software projects","author":"michlmayr","year":"2005","journal-title":"Proceedings of the First International Conference on Open Source Systems"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/CSMR.2009.51"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/1501434.1501486"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653717"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/2661685.2661687"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/1985793.1985832"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/1852786.1852798"}],"event":{"name":"2017 21st Conference of Open Innovations Association (FRUCT)","location":"Helsinki","start":{"date-parts":[[2017,11,6]]},"end":{"date-parts":[[2017,11,10]]}},"container-title":["2017 21st Conference of Open Innovations Association (FRUCT)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8241162\/8250155\/08250205.pdf?arnumber=8250205","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,9]],"date-time":"2019-10-09T04:26:05Z","timestamp":1570595165000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/8250205\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,11]]},"references-count":67,"URL":"https:\/\/doi.org\/10.23919\/fruct.2017.8250205","relation":{},"subject":[],"published":{"date-parts":[[2017,11]]}}}