Skip to main content
RISE logo
Health and Security Management of Open Source Software.
Photo: Alexander Sinn

Health and Security Management in Open Source Software

Open Source Software (OSS) provides an important tool in the digitalization of the Swedish industry. A big challenge, however, is the risk of vulnerabilities being introduced. Through HASMOSS, we aim to enable the Swedish industry to analyze and manage this risk, and thereby create conditions for sustainable consumption and collaboration on OSS.

(For research outputs and activity, see bottom of page)

Open Source Software (OSS) makes up a pivotal part of our common digital infrastructure, both considering industry, and society at large. As with our physical infrastructure, like roads and bridges, the digital infrastructure requires continuous maintenance to stay secure and robust. In terms of OSS, this maintenance is carried out openly in communities by its users under a common vision.

If this maintenance is not kept to a high standard or would be disrupted, there is a risk that vulnerabilities can be introduced (consciously or not) that in the worst case can be exploited by a third party. A commonly referred to example is Heartbleed, a vulnerability that was discovered in the crypto library OpenSSL in 2014 but introduced already in 2012. The vulnerability enabled access to personal crypto-keys, and by extension the information it was meant to protect.

Through the HASMOSS project, we aim to enable Swedish industry, but also society at large, to analyze and manage the risk of vulnerabilities being introduced in OSS. More specifically, we will look at the health of the OSS projects, i.e., their ability to stay viable long-term and maintain the OSS to a high standard without interruptions. By analyzing the health, (potential) users of the OSS can evaluate whether to use or continue using the OSS. It can further enable them to proactively improve the health of an OSS project and thereby lowering the risk of vulnerabilities being introduced. As a second deliverable, we, therefore, aim to develop guidelines for such activities.

The main goal is to enable the Swedish industry to use and collaborate on OSS in a secure and sustainable manner. Sharing maintenance, open innovation, and new business models are some of the positive effects that can follow and help to improve the competitiveness and digitalization of the Swedish industry.

Research outputs and activity:

For slides and paper, see files below.

Summary

Project name

HASMOSS

Status

Active

RISE role in project

Project manager

Project start

Duration

2 years

Total budget

4 275 000

Partner

Scania, Debricked, Addalot

Funders

Vinnova

Project members

Supports the UN sustainability goals

9. Industry, innovation and infrastructure
Johan Linåker

Contact person

Johan Linåker

Forskare

Read more about Johan

Contact Johan
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

* Mandatory By submitting the form, RISE will process your personal data.