David A. Wheeler's Blog

Tue, 06 May 2008

Securing Open Source Software (OSS)

I’ve just posted my presentation titled “Securing Open Source Software (OSS or FLOSS), which is to be presented at the 8th Semi-Annual Software Assurance Forum, May 6-8, 2008, Sheraton Premiere, Tyson’s Corner in Vienna, Virginia. In it, I discuss how to improve the security of an OSS component by modifying its environment, as well as securing the OSS component itself (by selecting a secure component, building a secure component from scratch, or modifying an existing component). I include a number of examples; they’re necessarily incomplete, but I hope it will help people who are developing or deploying systems. (Here is “Securing Open Source Software (OSS or FLOSS)” in OpenDocument format.) Enjoy!

path: /security | Current Weblog | permanent link to this entry