A survey tool was created to cover the socio-technical aspects of software security including the security culture of the organisations that employees belong to and the features of the code they evaluated (explained in detail in the following section). [...] Security culture depends on various factors including the size and maturity of the organisation, the type of product they create, the business priorities of the organisation, and personal security preferences of employees. [...] Evaluation Checks A combination of academic and grey literature shows that the metadata features of code and its context influence stakeholders’ trust in an OSS component and may often stand in as a proxy for the estimated security of this component.14,15,16 We asked stakeholders if and how they consider the following contextual information about the code while they’re selecting an OSS component t. [...] Which Dependencies Are Present 86% If The Project Updates Dependencies In A Timely 75% Manner If The Dependences Can Be Validated As Well 73% If The Project Uses Tools To Help Automatically Update Dependencies 71% The Project Has A Large Number Of Dependencies, Disproportionate To The 68% Functionality It Brings If The Project Pin And Declare The Dependencies 65% The responses received on testing. [...] The security of the code does not seem to be the respondent’s responsibility, and the possibility of bugs propagating through the software supply chain is not a primary concern for most employees.
- Pages
- 27
- Published in
- India
