Table of Contents

Open Source Security Economics and Ethics

RITSEC presentation/presenting. Used on a post titled, Open Source Security Economics and Ethics. Formal research title: Economics and Ethics Behind Successful Free & Open Source Security Projects.

Economics and Ethics Behind Successful Free & Open Source Security Projects

Formal research duration: 2021 Spring and Summer semesters.

Abstract

Many organizations use Free and Open Source Software (FOSS) to build products and implement procedures. Yet, there is a lack of understanding, acknowledgment, and support of the FOSS community in the cybersecurity industry, creating gaps in security knowledge.

This project explores the relationship between FOSS and closed-source vulnerabilities, FOSS lifecycles, and FOSS security trends in projects including and excluding Freedom 3 (i.e., the ability to redistribute modified programs). Furthermore, it examines the social workings and economic development behind successful FOSS projects and communities.

The goal of this research was to document the history of FOSS projects, illustrate how organizations use FOSS projects, and determine effective FOSS security practices. The research highlights the importance of FOSS in cybersecurity, including things like documentation, collaboration, and human rights. Research methods include an extensive reading of published research, journal articles, statistics, CVEs, and press articles on security threats and mitigations.

This research began as an independent study approved by RIT’s Honors Program. Then, I was paid by Open@RIT to continue the project. You can read about some of my research in Open@RIT: The Birth of an Academic OSPO

The initial project outline—Summaries and Annotated Bibliographies of Successful Free & Open Source Projects—is available here or as a PDF. The final Zotero Collection is also publicly available.

This is research I did at Open@RIT… not Apple!

WiCyS 2022 Lightning Talk - Economics and Ethics Behind Successful Free and Open Source Security Projects by Olivia Gallucci
WiCyS 2022 Lightning Talk – Economics and Ethics Behind Successful Free and Open Source Security Projects by Olivia Gallucci

Awards and presentations

Gallucci received a full conference scholarship to present her research at the Women in Cybersecurity International Conference in Cleveland, Ohio, in March 2022. A forty-minute version of this presentation was displayed twice: RITSEC on 3 September 2021 and RITLUG on 8 October 2021.

Project outline

Course description

Humanitarian Free & Open Source Software Development (IGME-582) provides students with exposure to the design, creation and production of Open Source Software projects. Students are introduced to the historic intersections of technology and intellectual property rights. Students also will become familiar with Open Source development processes, tools and practices. They become contributing members of humanitarian software, game and interactive media development communities. Students will actively document their efforts on Humanitarian Free and Open Source Software community hubs. The lecture instructor and advisor for this project is Professor Stephen Jacobs.

Background

Free and Open Source Software (FOSS) is software that allows the user to use, read, edit, and redistribute the software’s source code. The concept of FOSS was popularized in the 1980s by Richard M. Stallman, a professor at Massachusetts Institute of Technology. 

Many organizations and projects use different definitions of Free Software, or use the ambiguous term, “Open Source,” which creates inconsistency and interferes with the productivity in FOSS and Open Source communities. Additionally, controversy shrouds FOSS because of infighting and politically motivated licensing practices. Despite these obstacles, many FOSS communities are vibrant and thriving. 

Notable FOSS projects include the Linux kernel, many BSD and Linux operating systems, the MySQL database and the Apache web server. The FOSS community is relevant today because of libre and privacy activists, passionate software developers, and a growing need for information transparency. 


🌸👋🏻 Let’s take this to your inbox. You’ll receive occasional emails about whatever’s on my mind—offensive security, open source, academics, boats, kittens, software freedom, you get the idea.


Overview

In this Honors option, I will use the readings in this course to create a collection of professional development resources for faculty in the Open@RIT community. The collection will highlight the importance of FOSS, and explain the elements of FOSS programming, like documentation and collaboration. In addition, the collection will examine the social workings and economic development behind successful FOSS projects and communities. 

To create the summaries and annotated bibliographies, I will analyze weekly readings, references, and other resources in IGME-582 to create summaries and an annotated bibliography. My goal is to provide future students and faculty with professional development materials. These materials are to improve the development of FOSS at Rochester Institute of Technology.

The development of this project will enhance my understanding of FOSS, the FOSS community, and the social and economic traits of FOSS projects. I will learn about the historical and social context of FOSS issues, and highlight their relevance in my research. This independent research project will help me become a better FOSS developer and help future students interested in FOSS. It will also assist the faculty involved with Open@RIT collect FOSS professional development materials. 

Deliverables

I will use the course’s weekly readings, references and writings to create a summary and an annotated bibliography. The summary will be written in Google Docs, and the annotated bibliography will be made using Zotero. The summary and annotated bibliography will be posted on the class’ WordPress blog. 

The class requires that each student find an article that is relevant to a topic outlined in Professor Jacobs’ weekly lesson plan. After the students have found their articles, the students divide themselves into groups of three or four. They share their articles with their groups. Each group will vote on the best article in their group, and paste the winning article’s link into a shared Google Doc. I will use the shared Google Doc to access the best article for each group. Then, I will create a summary, and annotated bibliography for each article. I expect to summarize and create annotated bibliographies of three or four articles per week. The summary and bibliography are due by the following Tuesday; Professor Stephen Jacobs will review my work by that Friday. 

On April 29th, 2021, I will present the summary and annotated bibliography at one of Open@RIT’s weekly faculty meetings. The presentation will be around fifty minutes and will include a question and answer session. 

Faculty Advisor

Stephen Jacobs is a professor within the School of Interactive Games and Media and an interdisciplinary scholar. He works in several areas that often overlap, including FOSS, Free Culture, Digital Humanities, Game Design, History, and Interactive Narrative. His Open Work has been funded by The Ford Foundation, UNICEF Innovation, Red Hat Inc, Northern Telecom, and AT&T. Professor Jacobs received the Provost’s Award for Excellence in Faculty Mentoring for 2019-2020. He has held the position of Visiting Scholar at The Strong National Museum of Play since 2009.

Conclusion

If you enjoyed this post on FOSS security, checkout my other projects.

Portrait of Olivia Gallucci in garden, used in LNP article.

Written by Olivia Gallucci

Olivia is an honors student at the Rochester Institute of Technology. She writes about security, open source software, and professional development.