Open Source Software (OSS) provides an important tool in the digitalization of the Swedish industry. A big challenge, however, is the risk of vulnerabilities being introduced. Through HASMOSS, we aim to enable the Swedish industry to analyze and manage this risk, and thereby create conditions for sustainable consumption and collaboration on OSS.
(For research outputs and activity, see bottom of page)
Open Source Software (OSS) makes up a pivotal part of our common digital infrastructure, both considering industry, and society at large. As with our physical infrastructure, like roads and bridges, the digital infrastructure requires continuous maintenance to stay secure and robust. In terms of OSS, this maintenance is carried out openly in communities by its users under a common vision.
If this maintenance is not kept to a high standard or would be disrupted, there is a risk that vulnerabilities can be introduced (consciously or not) that in the worst case can be exploited by a third party. A commonly referred to example is Heartbleed, a vulnerability that was discovered in the crypto library OpenSSL in 2014 but introduced already in 2012. The vulnerability enabled access to personal crypto-keys, and by extension the information it was meant to protect.
Through the HASMOSS project, we aim to enable Swedish industry, but also society at large, to analyze and manage the risk of vulnerabilities being introduced in OSS. More specifically, we will look at the health of the OSS projects, i.e., their ability to stay viable long-term and maintain the OSS to a high standard without interruptions. By analyzing the health, (potential) users of the OSS can evaluate whether to use or continue using the OSS. It can further enable them to proactively improve the health of an OSS project and thereby lowering the risk of vulnerabilities being introduced. As a second deliverable, we, therefore, aim to develop guidelines for such activities.
The main goal is to enable the Swedish industry to use and collaborate on OSS in a secure and sustainable manner. Sharing maintenance, open innovation, and new business models are some of the positive effects that can follow and help to improve the competitiveness and digitalization of the Swedish industry.
For slides and paper, see files below.
Presentation slides - LF Open Source Summit Europe 2022 (pdf, 2.02 MB)