Economics and Ethics Behind Successful Free & Open Source Security Projects
Formal research duration: 2021 Spring and Summer semesters.
Abstract
Many organizations use Free and Open Source Software (FOSS) to build products and implement procedures. Yet, there is a lack of understanding, acknowledgment, and support of the FOSS community in the cybersecurity industry, creating gaps in security knowledge.
This project explores the relationship between FOSS and closed-source vulnerabilities, FOSS lifecycles, and FOSS security trends in projects including and excluding Freedom 3 (i.e., the ability to redistribute modified programs). Furthermore, it examines the social workings and economic development behind successful FOSS projects and communities.
The goal of this research was to document the history of FOSS projects, illustrate how organizations use FOSS projects, and determine effective FOSS security practices. The research highlights the importance of FOSS in cybersecurity, including things like documentation, collaboration, and human rights. Research methods include an extensive reading of published research, journal articles, statistics, CVEs, and press articles on security threats and mitigations.
This research began as an independent study approved by RIT’s Honors Program. Then, I was paid by Open@RIT to continue the project. You can read about some of my research in Open@RIT: The Birth of an Academic OSPO.
The initial project outline—Summaries and Annotated Bibliographies of Successful Free & Open Source Projects—is available here or as a PDF. The final Zotero Collection is also publicly available.
This is research I did at Open@RIT, not Apple.
Awards and presentations
Gallucci received a full conference scholarship to present her research at the Women in Cybersecurity International Conference in Cleveland, Ohio, in March 2022. A forty-minute version of this presentation was displayed twice: RITSEC on 3 September 2021 and RITLUG on 8 October 2021.
What are project outlines
Research proposals (known as “project outlines” in RIT’s Honors Program) are written to outline a plan for a research study and to convince others that the study is worth conducting. They serve as a roadmap for the research process, detailing the research problem, objectives, methods, and expected outcomes. Research proposals are made to obtain funding, seek approval from a research ethics committee, or to persuade potential collaborators or sponsors to invest their time and resources in the study. Moreover, research proposals help researchers to refine their ideas, identify potential challenges, and make adjustments to the study design before initiating the research. Overall, research proposals are an essential tool for ensuring that a research project is well-conceived, feasible, and worthwhile. I included mine below.
Project outline
Course description
Humanitarian Free & Open Source Software Development (IGME-582) provides students with exposure to the design, creation and production of Open Source Software projects. Students are introduced to the historic intersections of technology and intellectual property rights. Students also will become familiar with Open Source development processes, tools and practices. They become contributing members of humanitarian software, game and interactive media development communities. Students will actively document their efforts on Humanitarian Free and Open Source Software community hubs. The lecture instructor and advisor for this project is Professor Stephen Jacobs.
Background
Free and Open Source Software (FOSS) is software that allows the user to use, read, edit, and redistribute the software’s source code. The concept of FOSS was popularized in the 1980s by Richard M. Stallman, a professor at Massachusetts Institute of Technology.
Many organizations and projects use different definitions of Free Software, or use the ambiguous term, “Open Source,” which creates inconsistency and interferes with the productivity in FOSS and Open Source communities. Additionally, controversy shrouds FOSS because of infighting and politically motivated licensing practices. Despite these obstacles, many FOSS communities are vibrant and thriving.
Notable FOSS projects include the Linux kernel, many BSD and Linux operating systems, the MySQL database and the Apache web server. The FOSS community is relevant today because of libre and privacy activists, passionate software developers, and a growing need for information transparency.
🌸👋🏻 Let’s take this to your inbox. You’ll receive occasional emails about whatever’s on my mind—offensive security, open source, academics, boats, software freedom, you get the idea.
Overview
In this Honors option, I will use the readings in this course to create a collection of professional development resources for faculty in the Open@RIT community. The collection will highlight the importance of FOSS, and explain the elements of FOSS programming, like documentation and collaboration. In addition, the collection will examine the social workings and economic development behind successful FOSS projects and communities.
To create the summaries and annotated bibliographies, I will analyze weekly readings, references, and other resources in IGME-582 to create summaries and an annotated bibliography. My goal is to provide future students and faculty with professional development materials. These materials are to improve the development of FOSS at Rochester Institute of Technology.
The development of this project will enhance my understanding of the social and economic traits of FOSS projects. I will learn about the historical and cultural context of FOSS issues, and highlight their relevance in my research. Additionally, this independent research project will help me become a better FOSS developer and help future students interested in FOSS. Lastly, it will assist the faculty involved with Open@RIT collect FOSS professional development materials.
Deliverables
I will use the course’s weekly readings, references and writings to create a summary on Google Docs and an annotated bibliography on Zotero. The summary and annotated bibliography will be posted on the class’ WordPress blog.
The class requires that each student find an article that is relevant to a topic outlined in Professor Jacobs’ weekly lesson plan. After the students have found their articles, the students divide themselves into groups of three or four. They share their articles with their groups. Each group will vote on the best article in their group, and paste the winning article’s link into a shared document. I will use the shared document to access the best article for each group. Then, I will create a summary, and annotated bibliography for each article. I expect to summarize and create annotated bibliographies of three or four articles per week. The summary and bibliography are due by the following Tuesday; Professor Stephen Jacobs will review my work by that Friday.
On April 29th, 2021, I will present the summary and annotated bibliography at one of Open@RIT’s weekly faculty meetings. The presentation will be around fifty minutes and will include a question and answer session.
Faculty advisor
Stephen Jacobs is a professor within the School of Interactive Games and Media and an interdisciplinary scholar. He works in several areas that often overlap, including FOSS, Free Culture, Digital Humanities, Game Design, History, and Interactive Narrative. The Ford Foundation, UNICEF Innovation, Red Hat Inc, Northern Telecom, and AT&T fund his work. Professor Jacobs received the Provost’s Award for Excellence in Faculty Mentoring for 2019-2020. He has held the position of Visiting Scholar at The Strong National Museum of Play since 2009.
Conclusion
If you enjoyed this post on FOSS security, checkout my other projects.
You must be logged in to post a comment.