Paper - A Supply Chain of Weak Links: Open Source Versus Proprietary Software Threat Analysis

A Supply Chain of Weak Links: Open Source Versus Proprietary Software Threat Analysis (2023)

By Brian A. Scriber, CableLabs

Research explores the assumptions, resourcing, and maintenance realities of software in both closed and open ecosystems. This work is an evaluation of the Software Lifecycle using a security lens to highlight advantages and disadvantages of each approach at different development stages. An aggregation of risks and threats is provided to build an overview of the myths and realities of ecosystem transparency, modifiability, and ownership while answering questions about forking, hybridization, and proprietization. With recent supply-chain attacks in the networking industry, and identification of malicious actors within the open-source ecosystems, these macro-threats are evaluated for applicability to each approach: monoculture vulnerability analysis, presumption of security review, motivation for feature additions, and software patching.

Download Paper

By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

Open Source, a Mindset and How it Has Transformed Common Platform Enumeration Stack Software Development using Reference Design Kit By Khem Raj, Comcast	2022
Open Radio Access Network (RAN): How Fast Can We Get There? By Mark Poletti, CableLabs; Omkar Dharmadhikari, CableLabs; Srinivas Sriram, Delartech	2023
Establishing a Strong Security Posture for Open RAN By Scott Poretsky, Ericsson	2022
Hidden Risk of Unpopularity in Open Source By Chujiao Ma & Vaibhav Garg, Comcast Cable	2021
Key Learnings from Comcast’s Use of Open Source Software in the Access Network By Louis Donofrio & Qin Zang, Comcast Cable; Vignesh Ramamurthy, Infosys Consulting	2020
The Architecture of the Open-Source Remote Phy Device By Alon Bernstein and Anlu Yan, Cisco Systems	2016
Changing the World: IoT Chaos as a Ladder to Improving Security By Brian A. Scriber, CableLabs	2019
Bitcode Obfuscation - Protecting Software Without Source Code Access By Rafie Shamsaasef, Lex Aaron Anderson; CommScope	2022
Security of Open Distributed Architectures: Yet Another SDN and NFV Security Paper By Steve Goeringer, CableLabs; Dr. Indrajit Ray, Colorado State University	2017
Designing Privacy Tracking for Consumer Confidentiality & Cryptographic Assurance for Enterprises By Brian A. Scriber, CableLabs	2019
More Results >>