CINXE.COM
Open-source software security - Wikipedia
<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>Open-source software security - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy", "wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"f734d4e9-8937-4cf8-83d5-89af82bccfb7","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Open-source_software_security","wgTitle":"Open-source software security","wgCurRevisionId":1199420820,"wgRevisionId":1199420820,"wgArticleId":17501415,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["Webarchive template wayback links","Use dmy dates from June 2023","Computer security","Open source"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName":"Open-source_software_security","wgRelevantArticleId":17501415,"wgIsProbablyEditable":true,"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false, "wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":8000,"wgRelatedArticlesCompat":[],"wgCentralAuthMobileDomain":false,"wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q7096421","wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness","fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={ "ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","jquery.makeCollapsible.styles":"ready","ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["ext.cite.ux-enhancements","site","mediawiki.page.ready","jquery.makeCollapsible","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar","ext.centralauth.centralautologin","mmv.bootstrap","ext.popups","ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents", "ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints","ext.growthExperiments.SuggestedEditSession","wikibase.sidebar.tracking"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cjquery.makeCollapsible.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022"> <script async="" src="/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.4"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="Open-source software security - Wikipedia"> <meta property="og:type" content="website"> <link rel="preconnect" href="//upload.wikimedia.org"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/Open-source_software_security"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=Open-source_software_security&action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/Open-source_software_security"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="//login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-Open-source_software_security rootpage-Open-source_software_security skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-menu mw-ui-icon-wikimedia-menu"></span> <span class="vector-dropdown-label-text">Main menu</span> </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z"><span>Main page</span></a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia"><span>Contents</span></a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events"><span>Current events</span></a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x"><span>Random article</span></a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works"><span>About Wikipedia</span></a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia"><span>Contact us</span></a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia"><span>Help</span></a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia"><span>Learn to edit</span></a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors"><span>Community portal</span></a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r"><span>Recent changes</span></a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia"><span>Upload file</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <span class="mw-logo-container skin-invert"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </span> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page's font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-appearance mw-ui-icon-wikimedia-appearance"></span> <span class="vector-dropdown-label-text">Appearance</span> </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en" class=""><span>Donate</span></a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&returnto=Open-source+software+security" title="You are encouraged to create an account and log in; however, it is not mandatory" class=""><span>Create account</span></a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&returnto=Open-source+software+security" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o" class=""><span>Log in</span></a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-ellipsis mw-ui-icon-wikimedia-ellipsis"></span> <span class="vector-dropdown-label-text">Personal tools</span> </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en"><span>Donate</span></a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&returnto=Open-source+software+security" title="You are encouraged to create an account and log in; however, it is not mandatory"><span class="vector-icon mw-ui-icon-userAdd mw-ui-icon-wikimedia-userAdd"></span> <span>Create account</span></a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&returnto=Open-source+software+security" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o"><span class="vector-icon mw-ui-icon-logIn mw-ui-icon-wikimedia-logIn"></span> <span>Log in</span></a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing"><span>learn more</span></a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y"><span>Contributions</span></a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n"><span>Talk</span></a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"><!-- CentralNotice --></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-Implementation_debate" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Implementation_debate"> <div class="vector-toc-text"> <span class="vector-toc-numb">1</span> <span>Implementation debate</span> </div> </a> <button aria-controls="toc-Implementation_debate-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Implementation debate subsection</span> </button> <ul id="toc-Implementation_debate-sublist" class="vector-toc-list"> <li id="toc-Benefits" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Benefits"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.1</span> <span>Benefits</span> </div> </a> <ul id="toc-Benefits-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Drawbacks" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Drawbacks"> <div class="vector-toc-text"> <span class="vector-toc-numb">1.2</span> <span>Drawbacks</span> </div> </a> <ul id="toc-Drawbacks-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Metrics_and_models" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Metrics_and_models"> <div class="vector-toc-text"> <span class="vector-toc-numb">2</span> <span>Metrics and models</span> </div> </a> <button aria-controls="toc-Metrics_and_models-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Metrics and models subsection</span> </button> <ul id="toc-Metrics_and_models-sublist" class="vector-toc-list"> <li id="toc-Number_of_days_between_vulnerabilities" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Number_of_days_between_vulnerabilities"> <div class="vector-toc-text"> <span class="vector-toc-numb">2.1</span> <span>Number of days between vulnerabilities</span> </div> </a> <ul id="toc-Number_of_days_between_vulnerabilities-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Poisson_process" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Poisson_process"> <div class="vector-toc-text"> <span class="vector-toc-numb">2.2</span> <span>Poisson process</span> </div> </a> <ul id="toc-Poisson_process-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Morningstar_model" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Morningstar_model"> <div class="vector-toc-text"> <span class="vector-toc-numb">2.3</span> <span>Morningstar model</span> </div> </a> <ul id="toc-Morningstar_model-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Coverity_scan" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Coverity_scan"> <div class="vector-toc-text"> <span class="vector-toc-numb">2.4</span> <span>Coverity scan</span> </div> </a> <ul id="toc-Coverity_scan-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-See_also" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#See_also"> <div class="vector-toc-text"> <span class="vector-toc-numb">3</span> <span>See also</span> </div> </a> <ul id="toc-See_also-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> <span class="vector-toc-numb">4</span> <span>References</span> </div> </a> <ul id="toc-References-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-External_links" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#External_links"> <div class="vector-toc-text"> <span class="vector-toc-numb">5</span> <span>External links</span> </div> </a> <ul id="toc-External_links-sublist" class="vector-toc-list"> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading"><span class="mw-page-title-main">Open-source software security</span></h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 2 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-2" aria-hidden="true" ><span class="vector-icon mw-ui-icon-language-progressive mw-ui-icon-wikimedia-language-progressive"></span> <span class="vector-dropdown-label-text">2 languages</span> </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/Seguridad_de_Software_de_C%C3%B3digo_Abierto" title="Seguridad de Software de Código Abierto – Spanish" lang="es" hreflang="es" data-title="Seguridad de Software de Código Abierto" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target"><span>Español</span></a></li><li class="interlanguage-link interwiki-ja mw-list-item"><a href="https://ja.wikipedia.org/wiki/%E3%82%AA%E3%83%BC%E3%83%97%E3%83%B3%E3%82%BD%E3%83%BC%E3%82%B9%E3%82%BD%E3%83%95%E3%83%88%E3%82%A6%E3%82%A7%E3%82%A2%E3%81%AE%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3" title="オープンソースソフトウェアのセキュリティ – Japanese" lang="ja" hreflang="ja" data-title="オープンソースソフトウェアのセキュリティ" data-language-autonym="日本語" data-language-local-name="Japanese" class="interlanguage-link-target"><span>日本語</span></a></li> </ul> <div class="after-portlet after-portlet-lang"><span class="wb-langlinks-edit wb-langlinks-link"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q7096421#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></span></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Open-source_software_security" title="View the content page [c]" accesskey="c"><span>Article</span></a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:Open-source_software_security" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t"><span>Talk</span></a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">English</span> </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Open-source_software_security"><span>Read</span></a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Open-source_software_security&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Open-source_software_security&action=history" title="Past revisions of this page [h]" accesskey="h"><span>View history</span></a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">Tools</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/Open-source_software_security"><span>Read</span></a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Open-source_software_security&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Open-source_software_security&action=history"><span>View history</span></a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/Open-source_software_security" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j"><span>What links here</span></a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/Open-source_software_security" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k"><span>Related changes</span></a></li><li id="t-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u"><span>Upload file</span></a></li><li id="t-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q"><span>Special pages</span></a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=Open-source_software_security&oldid=1199420820" title="Permanent link to this revision of this page"><span>Permanent link</span></a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=Open-source_software_security&action=info" title="More information about this page"><span>Page information</span></a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&page=Open-source_software_security&id=1199420820&wpFormIdentifier=titleform" title="Information on how to cite this page"><span>Cite this page</span></a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FOpen-source_software_security"><span>Get shortened URL</span></a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FOpen-source_software_security"><span>Download QR code</span></a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&page=Open-source_software_security&action=show-download-screen" title="Download this page as a PDF file"><span>Download as PDF</span></a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=Open-source_software_security&printable=yes" title="Printable version of this page [p]" accesskey="p"><span>Printable version</span></a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q7096421" title="Structured data on this page hosted by Wikidata [g]" accesskey="g"><span>Wikidata item</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><p> <b>Open-source software security</b> is the measure of assurance or guarantee in the freedom from danger and risk inherent to an <a href="/wiki/Open-source_software" title="Open-source software">open-source software</a> system. </p> <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="Implementation_debate">Implementation debate</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Open-source_software_security&action=edit&section=1" title="Edit section: Implementation debate"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <div class="mw-heading mw-heading3"><h3 id="Benefits">Benefits</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Open-source_software_security&action=edit&section=2" title="Edit section: Benefits"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/Proprietary_software" title="Proprietary software">Proprietary software</a> forces the user to accept the level of security that the software vendor is willing to deliver and to accept the rate that patches and updates are released.<sup id="cite_ref-1" class="reference"><a href="#cite_note-1"><span class="cite-bracket">[</span>1<span class="cite-bracket">]</span></a></sup></li> <li>It is assumed that any compiler that is used creates code that can be trusted, but it has been demonstrated by <a href="/wiki/Ken_Thompson" title="Ken Thompson">Ken Thompson</a> that a compiler can be subverted using a <a href="/wiki/Backdoor_(computing)#Compiler_backdoors" title="Backdoor (computing)">compiler backdoor</a> to create faulty executables that are unwittingly produced by a well-intentioned developer.<sup id="cite_ref-Witten_2-0" class="reference"><a href="#cite_note-Witten-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> With access to the source code for the compiler, the developer has at least the ability to discover if there is any mal-intention.</li> <li><a href="/wiki/Kerckhoffs%27_principle" class="mw-redirect" title="Kerckhoffs' principle">Kerckhoffs' principle</a> is based on the idea that an enemy can steal a secure military system and not be able to compromise the information. His ideas were the basis for many modern security practices, and followed that <a href="/wiki/Security_through_obscurity" title="Security through obscurity">security through obscurity</a> is a bad practice.<sup id="cite_ref-3" class="reference"><a href="#cite_note-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup></li></ul> <div class="mw-heading mw-heading3"><h3 id="Drawbacks">Drawbacks</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Open-source_software_security&action=edit&section=3" title="Edit section: Drawbacks"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li>Simply making source code available does not guarantee review. An example of this occurring is when <a href="/wiki/Marcus_J._Ranum" title="Marcus J. Ranum">Marcus Ranum</a>, an expert on security system design and implementation, released his first public firewall toolkit. At one time, there were over 2,000 sites using his toolkit, but only 10 people gave him any feedback or patches.<sup id="cite_ref-4" class="reference"><a href="#cite_note-4"><span class="cite-bracket">[</span>4<span class="cite-bracket">]</span></a></sup></li> <li>Having a large amount of eyes reviewing code can "lull a user into a false sense of security".<sup id="cite_ref-5" class="reference"><a href="#cite_note-5"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup> Having many users look at source code does not guarantee that security flaws will be found and fixed.</li></ul> <div class="mw-heading mw-heading2"><h2 id="Metrics_and_models">Metrics and models</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Open-source_software_security&action=edit&section=4" title="Edit section: Metrics and models"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>There are a variety of models and metrics to measure the security of a system. These are a few methods that can be used to measure the security of software systems. </p> <div class="mw-heading mw-heading3"><h3 id="Number_of_days_between_vulnerabilities">Number of days between vulnerabilities</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Open-source_software_security&action=edit&section=5" title="Edit section: Number of days between vulnerabilities"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>It is argued that a system is most vulnerable after a potential vulnerability is discovered, but before a patch is created. By measuring the number of days between the vulnerability and when the vulnerability is fixed, a basis can be determined on the security of the system. There are a few caveats to such an approach: not every vulnerability is equally bad, and fixing a lot of bugs quickly might not be better than only finding a few and taking a little bit longer to fix them, taking into account the operating system, or the effectiveness of the fix.<sup id="cite_ref-Witten_2-1" class="reference"><a href="#cite_note-Witten-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="Poisson_process">Poisson process</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Open-source_software_security&action=edit&section=6" title="Edit section: Poisson process"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The <a href="/wiki/Poisson_process" class="mw-redirect" title="Poisson process">Poisson process</a> can be used to measure the rates at which different people find security flaws between open and closed source software. The process can be broken down by the number of volunteers N<sub>v</sub> and paid reviewers N<sub>p</sub>. The rates at which volunteers find a flaw is measured by λ<sub>v</sub> and the rate that paid reviewers find a flaw is measured by λ<sub>p</sub>. The expected time that a volunteer group is expected to find a flaw is 1/(N<sub>v</sub> λ<sub>v</sub>) and the expected time that a paid group is expected to find a flaw is 1/(N<sub>p</sub> λ<sub>p</sub>).<sup id="cite_ref-Witten_2-2" class="reference"><a href="#cite_note-Witten-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="Morningstar_model">Morningstar model</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Open-source_software_security&action=edit&section=7" title="Edit section: Morningstar model"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>By comparing a large variety of open source and closed source projects a star system could be used to analyze the security of the project similar to how <a href="/wiki/Morningstar,_Inc." title="Morningstar, Inc.">Morningstar, Inc.</a> rates mutual funds. With a large enough data set, statistics could be used to measure the overall effectiveness of one group over the other. An example of such as system is as follows:<sup id="cite_ref-6" class="reference"><a href="#cite_note-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup> </p> <ul><li>1 Star: Many security vulnerabilities.</li> <li>2 Stars: Reliability issues.</li> <li>3 Stars: Follows best security practices.</li> <li>4 Stars: Documented secure development process.</li> <li>5 Stars: Passed independent security review.</li></ul> <div class="mw-heading mw-heading3"><h3 id="Coverity_scan">Coverity scan</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Open-source_software_security&action=edit&section=8" title="Edit section: Coverity scan"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p><a href="/wiki/Coverity" title="Coverity">Coverity</a> in collaboration with Stanford University has established a new baseline for open-source quality and security. The development is being completed through a contract with the Department of Homeland Security. They are utilizing innovations in automated defect detection to identify critical types of bugs found in software.<sup id="cite_ref-CoverityIndex_7-0" class="reference"><a href="#cite_note-CoverityIndex-7"><span class="cite-bracket">[</span>7<span class="cite-bracket">]</span></a></sup> The level of quality and security is measured in rungs. Rungs do not have a definitive meaning, and can change as Coverity releases new tools. Rungs are based on the progress of fixing issues found by the Coverity Analysis results and the degree of collaboration with Coverity.<sup id="cite_ref-CoverityLadder_8-0" class="reference"><a href="#cite_note-CoverityLadder-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> They start with Rung 0 and currently go up to Rung 2. </p> <ul><li><b>Rung 0</b></li></ul> <p>The project has been analyzed by Coverity's Scan infrastructure, but no representatives from the open-source software have come forward for the results.<sup id="cite_ref-CoverityLadder_8-1" class="reference"><a href="#cite_note-CoverityLadder-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> </p> <ul><li><b>Rung 1</b></li></ul> <p>At rung 1, there is collaboration between Coverity and the development team. The software is analyzed with a subset of the scanning features to prevent the development team from being overwhelmed.<sup id="cite_ref-CoverityLadder_8-2" class="reference"><a href="#cite_note-CoverityLadder-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> </p> <ul><li><b>Rung 2</b></li></ul> <p>There are 11 projects that have been analyzed and upgraded to the status of Rung 2 by reaching zero defects in the first year of the scan. These projects include: AMANDA, <a href="/wiki/Network_Time_Protocol#Reference_implementation" title="Network Time Protocol">ntp</a>, <a href="/wiki/OpenPAM" title="OpenPAM">OpenPAM</a>, <a href="/wiki/OpenVPN" title="OpenVPN">OpenVPN</a>, Overdose, <a href="/wiki/Perl" title="Perl">Perl</a>, <a href="/wiki/PHP" title="PHP">PHP</a>, <a href="/wiki/Postfix_(software)" title="Postfix (software)">Postfix</a>, <a href="/wiki/Python_(programming_language)" title="Python (programming language)">Python</a>, <a href="/wiki/Samba_(software)" title="Samba (software)">Samba</a>, and <a href="/wiki/Tcl" title="Tcl">tcl</a>.<sup id="cite_ref-CoverityLadder_8-3" class="reference"><a href="#cite_note-CoverityLadder-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="See_also">See also</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Open-source_software_security&action=edit&section=9" title="Edit section: See also"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/Open_Source_Security_Foundation" title="Open Source Security Foundation">Open Source Security Foundation</a></li></ul> <div class="mw-heading mw-heading2"><h2 id="References">References</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Open-source_software_security&action=edit&section=10" title="Edit section: References"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239543626">.mw-parser-output .reflist{margin-bottom:0.5em;list-style-type:decimal}@media screen{.mw-parser-output .reflist{font-size:90%}}.mw-parser-output .reflist .references{font-size:100%;margin-bottom:0;list-style-type:inherit}.mw-parser-output .reflist-columns-2{column-width:30em}.mw-parser-output .reflist-columns-3{column-width:25em}.mw-parser-output .reflist-columns{margin-top:0.3em}.mw-parser-output .reflist-columns ol{margin-top:0}.mw-parser-output .reflist-columns li{page-break-inside:avoid;break-inside:avoid-column}.mw-parser-output .reflist-upper-alpha{list-style-type:upper-alpha}.mw-parser-output .reflist-upper-roman{list-style-type:upper-roman}.mw-parser-output .reflist-lower-alpha{list-style-type:lower-alpha}.mw-parser-output .reflist-lower-greek{list-style-type:lower-greek}.mw-parser-output .reflist-lower-roman{list-style-type:lower-roman}</style><div class="reflist"> <div class="mw-references-wrap"><ol class="references"> <li id="cite_note-1"><span class="mw-cite-backlink"><b><a href="#cite_ref-1">^</a></b></span> <span class="reference-text">Cowan, C. (January 2003). Software Security for Open-Source Systems. IEEE Security & Privacy, 38–45. Retrieved 5 May 2008, from IEEE Computer Society Digital Library.</span> </li> <li id="cite_note-Witten-2"><span class="mw-cite-backlink">^ <a href="#cite_ref-Witten_2-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-Witten_2-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-Witten_2-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text">Witten, B., Landwehr, C., & Caloyannides, M. (2001, September/October). Does Open Source Improve System Security? <i>IEEE Software</i>, 57–61. Retrieved 5 May 2008, from Computer Database.</span> </li> <li id="cite_note-3"><span class="mw-cite-backlink"><b><a href="#cite_ref-3">^</a></b></span> <span class="reference-text">Hoepman, J.-H., & Jacobs, B. (2007). Increased Security Through Open Source. Communications of the ACM, 50 (1), 79–83. Retrieved 5 May 2008, from ACM Digital Library.</span> </li> <li id="cite_note-4"><span class="mw-cite-backlink"><b><a href="#cite_ref-4">^</a></b></span> <span class="reference-text">Lawton, G. (March 2002). Open Source Security: Opportunity or Oxymoron? Computer, 18–21. Retrieved 5 May 2008, from IEEE Computer Society Digital Library.</span> </li> <li id="cite_note-5"><span class="mw-cite-backlink"><b><a href="#cite_ref-5">^</a></b></span> <span class="reference-text">Hansen, M., Köhntopp, K., & Pfitzmann, A. (2002). The Open Source approach – opportunities and limitations with respect to security and privacy. Computers & Security, 21 (5), 461–471. Retrieved 5 May 2008, from Computer Database.</span> </li> <li id="cite_note-6"><span class="mw-cite-backlink"><b><a href="#cite_ref-6">^</a></b></span> <span class="reference-text">Peterson, G. (6 May 2008). <a rel="nofollow" class="external text" href="http://1raindrop.typepad.com/1_raindrop/security_metrics/index.html">Stalking the right software security metric</a>. Retrieved 18 May 2008, from Raindrop.</span> </li> <li id="cite_note-CoverityIndex-7"><span class="mw-cite-backlink"><b><a href="#cite_ref-CoverityIndex_7-0">^</a></b></span> <span class="reference-text">Coverity. (n.d.). <a rel="nofollow" class="external text" href="http://scan.coverity.com/index.html">Accelerating Open Source Quality</a> <a rel="nofollow" class="external text" href="https://web.archive.org/web/20160305075024/http://scan.coverity.com/index.html">Archived</a> 5 March 2016 at the <a href="/wiki/Wayback_Machine" title="Wayback Machine">Wayback Machine</a>. Retrieved 18 May 2008, from Scan.Coverity.com</span> </li> <li id="cite_note-CoverityLadder-8"><span class="mw-cite-backlink">^ <a href="#cite_ref-CoverityLadder_8-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-CoverityLadder_8-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-CoverityLadder_8-2"><sup><i><b>c</b></i></sup></a> <a href="#cite_ref-CoverityLadder_8-3"><sup><i><b>d</b></i></sup></a></span> <span class="reference-text">Coverity. (n.d.). <a rel="nofollow" class="external text" href="http://scan.coverity.com/ladder.html">Scan Ladder FAQ</a> <a rel="nofollow" class="external text" href="https://web.archive.org/web/20160306061645/http://scan.coverity.com/ladder.html">Archived</a> 6 March 2016 at the <a href="/wiki/Wayback_Machine" title="Wayback Machine">Wayback Machine</a>. Retrieved 18 May 2008, from Scan.Coverity.com.</span> </li> </ol></div></div> <div class="mw-heading mw-heading2"><h2 id="External_links">External links</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Open-source_software_security&action=edit&section=11" title="Edit section: External links"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/Bruce_Schneier" title="Bruce Schneier">Bruce Schneier</a>: <a rel="nofollow" class="external text" href="http://www.schneier.com/crypto-gram-9909.html#OpenSourceandSecurity">"Open Source and Security"</a>, <i>Crypto-Gram Newsletter</i>, 15 September 1999</li> <li>Messmer, Ellen. (2013). <a rel="nofollow" class="external text" href="https://www.networkworld.com/article/2164333/security-of-open-source-software-again-being-scrutinized.html">"Security of open-source software again being scrutinized"</a>. <i><a href="/wiki/Network_World" class="mw-redirect" title="Network World">Network World</a></i>, 30(5), 12-12,14. (<a rel="nofollow" class="external text" href="https://www.cio.com/article/2387595/security-of-open-source-software-again-being-scrutinized.html">Article</a> at <i><a href="/wiki/CIO_magazine" class="mw-redirect" title="CIO magazine">CIO magazine</a></i>)</li> <li><a rel="nofollow" class="external text" href="https://www.coreinfrastructure.org/programs/census-project">Census Project / Core Infrastructure Initiative</a> by <a href="/wiki/Linux_Foundation" title="Linux Foundation">Linux Foundation</a></li></ul> <div class="navbox-styles"><style data-mw-deduplicate="TemplateStyles:r1129693374">.mw-parser-output .hlist dl,.mw-parser-output .hlist ol,.mw-parser-output .hlist ul{margin:0;padding:0}.mw-parser-output .hlist dd,.mw-parser-output .hlist dt,.mw-parser-output .hlist li{margin:0;display:inline}.mw-parser-output .hlist.inline,.mw-parser-output .hlist.inline dl,.mw-parser-output .hlist.inline ol,.mw-parser-output .hlist.inline ul,.mw-parser-output .hlist dl dl,.mw-parser-output .hlist dl ol,.mw-parser-output .hlist dl ul,.mw-parser-output .hlist ol dl,.mw-parser-output .hlist ol ol,.mw-parser-output .hlist ol ul,.mw-parser-output .hlist ul dl,.mw-parser-output .hlist ul ol,.mw-parser-output .hlist ul ul{display:inline}.mw-parser-output .hlist .mw-empty-li{display:none}.mw-parser-output .hlist dt::after{content:": "}.mw-parser-output .hlist dd::after,.mw-parser-output .hlist li::after{content:" · ";font-weight:bold}.mw-parser-output .hlist dd:last-child::after,.mw-parser-output .hlist dt:last-child::after,.mw-parser-output .hlist li:last-child::after{content:none}.mw-parser-output .hlist dd dd:first-child::before,.mw-parser-output .hlist dd dt:first-child::before,.mw-parser-output .hlist dd li:first-child::before,.mw-parser-output .hlist dt dd:first-child::before,.mw-parser-output .hlist dt dt:first-child::before,.mw-parser-output .hlist dt li:first-child::before,.mw-parser-output .hlist li dd:first-child::before,.mw-parser-output .hlist li dt:first-child::before,.mw-parser-output .hlist li li:first-child::before{content:" (";font-weight:normal}.mw-parser-output .hlist dd dd:last-child::after,.mw-parser-output .hlist dd dt:last-child::after,.mw-parser-output .hlist dd li:last-child::after,.mw-parser-output .hlist dt dd:last-child::after,.mw-parser-output .hlist dt dt:last-child::after,.mw-parser-output .hlist dt li:last-child::after,.mw-parser-output .hlist li dd:last-child::after,.mw-parser-output .hlist li dt:last-child::after,.mw-parser-output .hlist li li:last-child::after{content:")";font-weight:normal}.mw-parser-output .hlist ol{counter-reset:listitem}.mw-parser-output .hlist ol>li{counter-increment:listitem}.mw-parser-output .hlist ol>li::before{content:" "counter(listitem)"\a0 "}.mw-parser-output .hlist dd ol>li:first-child::before,.mw-parser-output .hlist dt ol>li:first-child::before,.mw-parser-output .hlist li ol>li:first-child::before{content:" ("counter(listitem)"\a0 "}</style><style data-mw-deduplicate="TemplateStyles:r1236075235">.mw-parser-output .navbox{box-sizing:border-box;border:1px solid #a2a9b1;width:100%;clear:both;font-size:88%;text-align:center;padding:1px;margin:1em auto 0}.mw-parser-output .navbox .navbox{margin-top:0}.mw-parser-output .navbox+.navbox,.mw-parser-output .navbox+.navbox-styles+.navbox{margin-top:-1px}.mw-parser-output .navbox-inner,.mw-parser-output .navbox-subgroup{width:100%}.mw-parser-output .navbox-group,.mw-parser-output .navbox-title,.mw-parser-output .navbox-abovebelow{padding:0.25em 1em;line-height:1.5em;text-align:center}.mw-parser-output .navbox-group{white-space:nowrap;text-align:right}.mw-parser-output .navbox,.mw-parser-output .navbox-subgroup{background-color:#fdfdfd}.mw-parser-output .navbox-list{line-height:1.5em;border-color:#fdfdfd}.mw-parser-output .navbox-list-with-group{text-align:left;border-left-width:2px;border-left-style:solid}.mw-parser-output tr+tr>.navbox-abovebelow,.mw-parser-output tr+tr>.navbox-group,.mw-parser-output tr+tr>.navbox-image,.mw-parser-output tr+tr>.navbox-list{border-top:2px solid #fdfdfd}.mw-parser-output .navbox-title{background-color:#ccf}.mw-parser-output .navbox-abovebelow,.mw-parser-output .navbox-group,.mw-parser-output .navbox-subgroup .navbox-title{background-color:#ddf}.mw-parser-output .navbox-subgroup .navbox-group,.mw-parser-output .navbox-subgroup .navbox-abovebelow{background-color:#e6e6ff}.mw-parser-output .navbox-even{background-color:#f7f7f7}.mw-parser-output .navbox-odd{background-color:transparent}.mw-parser-output .navbox .hlist td dl,.mw-parser-output .navbox .hlist td ol,.mw-parser-output .navbox .hlist td ul,.mw-parser-output .navbox td.hlist dl,.mw-parser-output .navbox td.hlist ol,.mw-parser-output .navbox td.hlist ul{padding:0.125em 0}.mw-parser-output .navbox .navbar{display:block;font-size:100%}.mw-parser-output .navbox-title .navbar{float:left;text-align:left;margin-right:0.5em}body.skin--responsive .mw-parser-output .navbox-image img{max-width:none!important}@media print{body.ns-0 .mw-parser-output .navbox{display:none!important}}</style></div><div role="navigation" class="navbox" aria-labelledby="Free_and_open-source_software" style="padding:3px"><table class="nowraplinks hlist mw-collapsible autocollapse navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><style data-mw-deduplicate="TemplateStyles:r1239400231">.mw-parser-output .navbar{display:inline;font-size:88%;font-weight:normal}.mw-parser-output .navbar-collapse{float:left;text-align:left}.mw-parser-output .navbar-boxtext{word-spacing:0}.mw-parser-output .navbar ul{display:inline-block;white-space:nowrap;line-height:inherit}.mw-parser-output .navbar-brackets::before{margin-right:-0.125em;content:"[ "}.mw-parser-output .navbar-brackets::after{margin-left:-0.125em;content:" ]"}.mw-parser-output .navbar li{word-spacing:-0.125em}.mw-parser-output .navbar a>span,.mw-parser-output .navbar a>abbr{text-decoration:inherit}.mw-parser-output .navbar-mini abbr{font-variant:small-caps;border-bottom:none;text-decoration:none;cursor:inherit}.mw-parser-output .navbar-ct-full{font-size:114%;margin:0 7em}.mw-parser-output .navbar-ct-mini{font-size:114%;margin:0 4em}html.skin-theme-clientpref-night .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}@media(prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}}@media print{.mw-parser-output .navbar{display:none!important}}</style><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:FOSS" title="Template:FOSS"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:FOSS" title="Template talk:FOSS"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:FOSS" title="Special:EditPage/Template:FOSS"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Free_and_open-source_software" style="font-size:114%;margin:0 4em"><a href="/wiki/Free_and_open-source_software" title="Free and open-source software">Free and open-source software</a></div></th></tr><tr><th scope="row" class="navbox-group" style="width:1%">General</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Alternative_terms_for_free_software" title="Alternative terms for free software">Alternative terms for free software</a></li> <li><a href="/wiki/Comparison_of_open-source_and_closed-source_software" title="Comparison of open-source and closed-source software">Comparison of open-source and closed-source software</a></li> <li><a href="/wiki/Comparison_of_source-code-hosting_facilities" title="Comparison of source-code-hosting facilities">Comparison of source-code-hosting facilities</a></li> <li><a href="/wiki/Free_software" title="Free software">Free software</a></li> <li><a href="/wiki/List_of_free_software_project_directories" title="List of free software project directories">Free software project directories</a></li> <li><a href="/wiki/Gratis_versus_libre" title="Gratis versus libre">Gratis versus libre</a></li> <li><a href="/wiki/Long-term_support" title="Long-term support">Long-term support</a></li> <li><a href="/wiki/Open-source_software" title="Open-source software">Open-source software</a></li> <li><a href="/wiki/Open-source_software_development" title="Open-source software development">Open-source software development</a></li> <li><a href="/wiki/Outline_of_free_software" title="Outline of free software">Outline</a></li> <li><a href="/wiki/Timeline_of_free_and_open-source_software" title="Timeline of free and open-source software">Timeline</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/List_of_free_and_open-source_software_packages" title="List of free and open-source software packages">Software<br />packages</a></th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Comparison_of_free_software_for_audio" title="Comparison of free software for audio">Audio</a></li> <li><a href="/wiki/List_of_open-source_bioinformatics_software" title="List of open-source bioinformatics software">Bioinformatics</a></li> <li><a href="/wiki/List_of_open-source_codecs" title="List of open-source codecs">Codecs</a></li> <li><a href="/wiki/Comparison_of_open-source_configuration_management_software" title="Comparison of open-source configuration management software">Configuration management</a></li> <li><a href="/wiki/Device_driver" title="Device driver">Drivers</a> <ul><li><a href="/wiki/Free_and_open-source_graphics_device_driver" title="Free and open-source graphics device driver">Graphics</a></li> <li><a href="/wiki/Comparison_of_open-source_wireless_drivers" title="Comparison of open-source wireless drivers">Wireless</a></li></ul></li> <li><a href="/wiki/List_of_open-source_health_software" title="List of open-source health software">Health</a></li> <li><a href="/wiki/List_of_open-source_software_for_mathematics" title="List of open-source software for mathematics">Mathematics</a></li> <li><a href="/wiki/List_of_office_suites" title="List of office suites">Office suites</a></li> <li><a href="/wiki/Comparison_of_open-source_operating_systems" title="Comparison of open-source operating systems">Operating systems</a></li> <li><a href="/wiki/List_of_open-source_routing_platforms" title="List of open-source routing platforms">Routing</a></li> <li><a href="/wiki/List_of_free_television_software" title="List of free television software">Television</a></li> <li><a href="/wiki/List_of_open-source_video_games" title="List of open-source video games">Video games</a></li> <li><a href="/wiki/List_of_free_and_open-source_web_applications" title="List of free and open-source web applications">Web applications</a> <ul><li><a href="/wiki/Comparison_of_shopping_cart_software" title="Comparison of shopping cart software">E-commerce</a></li></ul></li> <li><a href="/wiki/List_of_free_and_open-source_Android_applications" title="List of free and open-source Android applications">Android apps</a></li> <li><a href="/wiki/List_of_free_and_open-source_iOS_applications" title="List of free and open-source iOS applications">iOS apps</a></li> <li><a href="/wiki/List_of_commercial_open-source_applications_and_services" title="List of commercial open-source applications and services">Commercial</a></li> <li><a href="/wiki/List_of_formerly_proprietary_software" title="List of formerly proprietary software">Formerly proprietary</a></li> <li><a href="/wiki/List_of_formerly_free_and_open-source_software" class="mw-redirect" title="List of formerly free and open-source software">Formerly open-source</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Community_of_practice" title="Community of practice">Community</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Free_software_movement" title="Free software movement">Free software movement</a></li> <li><a href="/wiki/History_of_free_and_open-source_software" title="History of free and open-source software">History</a></li> <li><a href="/wiki/Open-source-software_movement" title="Open-source-software movement">Open-source-software movement</a></li> <li><a href="/wiki/List_of_free-software_events" title="List of free-software events">Events</a></li> <li><a href="/wiki/Open-source_software_advocacy" title="Open-source software advocacy">Advocacy</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/List_of_free_and_open-source_software_organizations" title="List of free and open-source software organizations">Organisations</a></th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Free_Software_Movement_of_India" title="Free Software Movement of India">Free Software Movement of India</a></li> <li><a href="/wiki/Free_Software_Foundation" title="Free Software Foundation">Free Software Foundation</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Free-software_license" title="Free-software license">Licenses</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Academic_Free_License" title="Academic Free License">AFL</a></li> <li><a href="/wiki/Apache_License" title="Apache License">Apache</a></li> <li><a href="/wiki/Apple_Public_Source_License" title="Apple Public Source License">APSL</a></li> <li><a href="/wiki/Artistic_License" title="Artistic License">Artistic</a></li> <li><a href="/wiki/Beerware" title="Beerware">Beerware</a></li> <li><a href="/wiki/BSD_licenses" title="BSD licenses">BSD</a></li> <li><a href="/wiki/Creative_Commons_license" title="Creative Commons license">Creative Commons</a></li> <li><a href="/wiki/Common_Development_and_Distribution_License" title="Common Development and Distribution License">CDDL</a></li> <li><a href="/wiki/Eclipse_Public_License" title="Eclipse Public License">EPL</a></li> <li><a href="/wiki/Free_Software_Foundation" title="Free Software Foundation">Free Software Foundation</a> <ul><li><a href="/wiki/GNU_General_Public_License" title="GNU General Public License">GNU GPL</a></li> <li><a href="/wiki/GNU_Affero_General_Public_License" title="GNU Affero General Public License">GNU AGPL</a></li> <li><a href="/wiki/GNU_Lesser_General_Public_License" title="GNU Lesser General Public License">GNU LGPL</a></li></ul></li> <li><a href="/wiki/ISC_license" title="ISC license">ISC</a></li> <li><a href="/wiki/MIT_License" title="MIT License">MIT</a></li> <li><a href="/wiki/Mozilla_Public_License" title="Mozilla Public License">MPL</a></li> <li><a href="/wiki/Python_License" title="Python License">Python</a></li> <li><a href="/wiki/Python_Software_Foundation_License" title="Python Software Foundation License">Python Software Foundation License</a></li> <li><a href="/wiki/Shared_Source_Initiative" title="Shared Source Initiative">Shared Source Initiative</a></li> <li><a href="/wiki/Sleepycat_License" class="mw-redirect" title="Sleepycat License">Sleepycat</a></li> <li><a href="/wiki/Unlicense" title="Unlicense">Unlicense</a></li> <li><a href="/wiki/WTFPL" title="WTFPL">WTFPL</a></li> <li><a href="/wiki/Zlib_License" title="Zlib License">zlib</a></li></ul> </div><table class="nowraplinks navbox-subgroup" style="border-spacing:0"><tbody><tr><th id="Types_and_standards" scope="row" class="navbox-group" style="width:1%">Types and<br /> standards</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Comparison_of_free_and_open-source_software_licenses" title="Comparison of free and open-source software licenses">Comparison of licenses</a></li> <li><a href="/wiki/Contributor_License_Agreement" title="Contributor License Agreement">Contributor License Agreement</a></li> <li><a href="/wiki/Copyleft" title="Copyleft">Copyleft</a></li> <li><a href="/wiki/Debian_Free_Software_Guidelines" class="mw-redirect" title="Debian Free Software Guidelines">Debian Free Software Guidelines</a></li> <li><a href="/wiki/Definition_of_Free_Cultural_Works" title="Definition of Free Cultural Works">Definition of Free Cultural Works</a></li> <li><a href="/wiki/Free_license" title="Free license">Free license</a></li> <li><a href="/wiki/The_Free_Software_Definition" title="The Free Software Definition">The Free Software Definition</a></li> <li><a href="/wiki/The_Open_Source_Definition" title="The Open Source Definition">The Open Source Definition</a></li> <li><a href="/wiki/Open-source_license" title="Open-source license">Open-source license</a></li> <li><a href="/wiki/Permissive_software_license" title="Permissive software license">Permissive software license</a></li> <li><a href="/wiki/Public_domain" title="Public domain">Public domain</a></li></ul> </div></td></tr></tbody></table><div> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Challenges</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Digital_rights_management" title="Digital rights management">Digital rights management</a></li> <li><a href="/wiki/License_proliferation" title="License proliferation">License proliferation</a></li> <li><a href="/wiki/Mozilla_software_rebranded_by_Debian" class="mw-redirect" title="Mozilla software rebranded by Debian">Mozilla software rebranding</a></li> <li><a href="/wiki/Proprietary_device_driver" class="mw-redirect" title="Proprietary device driver">Proprietary device drivers</a></li> <li><a href="/wiki/Proprietary_firmware" title="Proprietary firmware">Proprietary firmware</a></li> <li><a href="/wiki/Proprietary_software" title="Proprietary software">Proprietary software</a></li> <li><a href="/wiki/SCO%E2%80%93Linux_disputes" title="SCO–Linux disputes">SCO/Linux controversies</a></li> <li><a href="/wiki/Software_patents_and_free_software" title="Software patents and free software">Software patents</a></li> <li><a class="mw-selflink selflink">Software security</a></li> <li><a href="/wiki/Tivoization" title="Tivoization">Tivoization</a></li> <li><a href="/wiki/Trusted_Computing" title="Trusted Computing">Trusted Computing</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Related <br />topics</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Fork_(software_development)" title="Fork (software development)">Forking</a></li> <li><i><a href="/wiki/GNU_Manifesto" title="GNU Manifesto">GNU Manifesto</a></i></li> <li><a href="/wiki/Microsoft_Open_Specification_Promise" title="Microsoft Open Specification Promise">Microsoft Open Specification Promise</a></li> <li><a href="/wiki/Open-core_model" title="Open-core model">Open-core model</a></li> <li><a href="/wiki/Open-source_hardware" title="Open-source hardware">Open-source hardware</a></li> <li><a href="/wiki/Shared_Source_Initiative" title="Shared Source Initiative">Shared Source Initiative</a></li> <li><a href="/wiki/Source-available_software" title="Source-available software">Source-available software</a></li> <li><i><a href="/wiki/The_Cathedral_and_the_Bazaar" title="The Cathedral and the Bazaar">The Cathedral and the Bazaar</a></i></li> <li><i><a href="/wiki/Revolution_OS" title="Revolution OS">Revolution OS</a></i></li></ul> </div></td></tr><tr><td class="navbox-abovebelow" colspan="2" style="font-weight:bold"><div> <ul><li><span class="noviewer" typeof="mw:File"><a href="/wiki/File:Symbol_portal_class.svg" class="mw-file-description" title="Portal"><img alt="" src="//upload.wikimedia.org/wikipedia/en/thumb/e/e2/Symbol_portal_class.svg/16px-Symbol_portal_class.svg.png" decoding="async" width="16" height="16" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/e/e2/Symbol_portal_class.svg/23px-Symbol_portal_class.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/e/e2/Symbol_portal_class.svg/31px-Symbol_portal_class.svg.png 2x" data-file-width="180" data-file-height="185" /></a></span> <a href="/wiki/Portal:Free_and_open-source_software" title="Portal:Free and open-source software">Portal</a></li> <li><span class="noviewer" typeof="mw:File"><span title="Category"><img alt="" src="//upload.wikimedia.org/wikipedia/en/thumb/9/96/Symbol_category_class.svg/16px-Symbol_category_class.svg.png" decoding="async" width="16" height="16" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/9/96/Symbol_category_class.svg/23px-Symbol_category_class.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/9/96/Symbol_category_class.svg/31px-Symbol_category_class.svg.png 2x" data-file-width="180" data-file-height="185" /></span></span> <a href="/wiki/Category:Free_software" title="Category:Free software">Category</a></li></ul> </div></td></tr></tbody></table></div> <!-- NewPP limit report Parsed by mw‐web.eqiad.main‐6b6c9bdc8b‐4n7f2 Cached time: 20241103000424 Cache expiry: 2592000 Reduced expiry: false Complications: [show‐toc] CPU time usage: 0.176 seconds Real time usage: 0.310 seconds Preprocessor visited node count: 492/1000000 Post‐expand include size: 24545/2097152 bytes Template argument size: 300/2097152 bytes Highest expansion depth: 12/100 Expensive parser function count: 1/500 Unstrip recursion depth: 0/20 Unstrip post‐expand size: 14851/5000000 bytes Lua time usage: 0.086/10.000 seconds Lua memory usage: 1568912/52428800 bytes Number of Wikibase entities loaded: 0/400 --> <!-- Transclusion expansion time report (%,ms,calls,template) 100.00% 254.931 1 -total 70.71% 180.265 1 Template:FOSS 69.41% 176.945 2 Template:Navbox 13.32% 33.960 1 Template:Use_dmy_dates 12.89% 32.852 1 Template:Reflist 5.86% 14.927 2 Template:Webarchive 5.04% 12.851 1 Template:DMCA 4.32% 11.010 2 Template:Icon 3.84% 9.785 1 Template:Dated_maintenance_category 2.80% 7.127 1 Template:FULLROOTPAGENAME --> <!-- Saved in parser cache with key enwiki:pcache:idhash:17501415-0!canonical and timestamp 20241103000424 and revision id 1199420820. Rendering was triggered because: page-view --> </div><!--esi <esi:include src="/esitest-fa8a495983347898/content" /> --><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?type=1x1" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=Open-source_software_security&oldid=1199420820">https://en.wikipedia.org/w/index.php?title=Open-source_software_security&oldid=1199420820</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Categories</a>: <ul><li><a href="/wiki/Category:Computer_security" title="Category:Computer security">Computer security</a></li><li><a href="/wiki/Category:Open_source" title="Category:Open source">Open source</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:Webarchive_template_wayback_links" title="Category:Webarchive template wayback links">Webarchive template wayback links</a></li><li><a href="/wiki/Category:Use_dmy_dates_from_June_2023" title="Category:Use dmy dates from June 2023">Use dmy dates from June 2023</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 27 January 2024, at 01:13<span class="anonymous-show"> (UTC)</span>.</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=Open-source_software_security&mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://wikimediafoundation.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/static/images/footer/wikimedia-button.svg" width="84" height="29" alt="Wikimedia Foundation" loading="lazy"></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/w/resources/assets/poweredby_mediawiki.svg" alt="Powered by MediaWiki" width="88" height="31" loading="lazy"></a></li> </ul> </footer> </div> </div> </div> <div class="vector-settings" id="p-dock-bottom"> <ul></ul> </div><script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-f69cdc8f6-mf4ts","wgBackendResponseTime":164,"wgPageParseReport":{"limitreport":{"cputime":"0.176","walltime":"0.310","ppvisitednodes":{"value":492,"limit":1000000},"postexpandincludesize":{"value":24545,"limit":2097152},"templateargumentsize":{"value":300,"limit":2097152},"expansiondepth":{"value":12,"limit":100},"expensivefunctioncount":{"value":1,"limit":500},"unstrip-depth":{"value":0,"limit":20},"unstrip-size":{"value":14851,"limit":5000000},"entityaccesscount":{"value":0,"limit":400},"timingprofile":["100.00% 254.931 1 -total"," 70.71% 180.265 1 Template:FOSS"," 69.41% 176.945 2 Template:Navbox"," 13.32% 33.960 1 Template:Use_dmy_dates"," 12.89% 32.852 1 Template:Reflist"," 5.86% 14.927 2 Template:Webarchive"," 5.04% 12.851 1 Template:DMCA"," 4.32% 11.010 2 Template:Icon"," 3.84% 9.785 1 Template:Dated_maintenance_category"," 2.80% 7.127 1 Template:FULLROOTPAGENAME"]},"scribunto":{"limitreport-timeusage":{"value":"0.086","limit":"10.000"},"limitreport-memusage":{"value":1568912,"limit":52428800}},"cachereport":{"origin":"mw-web.eqiad.main-6b6c9bdc8b-4n7f2","timestamp":"20241103000424","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"Open-source software security","url":"https:\/\/en.wikipedia.org\/wiki\/Open-source_software_security","sameAs":"http:\/\/www.wikidata.org\/entity\/Q7096421","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q7096421","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2008-05-19T03:45:41Z","dateModified":"2024-01-27T01:13:06Z","headline":"computer security applied to open source software"}</script> </body> </html>