A Supply Chain of Weak Links: Open Source Versus Proprietary Software Threat Analysis (2023)

By Brian A. Scriber, CableLabs

Research explores the assumptions, resourcing, and maintenance realities of software in both closed and open ecosystems. This work is an evaluation of the Software Lifecycle using a security lens to highlight advantages and disadvantages of each approach at different development stages. An aggregation of risks and threats is provided to build an overview of the myths and realities of ecosystem transparency, modifiability, and ownership while answering questions about forking, hybridization, and proprietization. With recent supply-chain attacks in the networking industry, and identification of malicious actors within the open-source ecosystems, these macro-threats are evaluated for applicability to each approach: monoculture vulnerability analysis, presumption of security review, motivation for feature additions, and software patching.

By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

Open Source, a Mindset and How it Has Transformed Common Platform Enumeration Stack Software Development using Reference Design Kit
By Khem Raj, Comcast
Open Radio Access Network (RAN): How Fast Can We Get There?
By Mark Poletti, CableLabs; Omkar Dharmadhikari, CableLabs; Srinivas Sriram, Delartech
Establishing a Strong Security Posture for Open RAN
By Scott Poretsky, Ericsson
Hidden Risk of Unpopularity in Open Source
By Chujiao Ma & Vaibhav Garg, Comcast Cable
Key Learnings from Comcast’s Use of Open Source Software in the Access Network
By Louis Donofrio & Qin Zang, Comcast Cable; Vignesh Ramamurthy, Infosys Consulting
The Architecture of the Open-Source Remote Phy Device
By Alon Bernstein and Anlu Yan, Cisco Systems
Changing the World: IoT Chaos as a Ladder to Improving Security
By Brian A. Scriber, CableLabs
Bitcode Obfuscation - Protecting Software Without Source Code Access
By Rafie Shamsaasef, Lex Aaron Anderson; CommScope
Security of Open Distributed Architectures: Yet Another SDN and NFV Security Paper
By Steve Goeringer, CableLabs; Dr. Indrajit Ray, Colorado State University
Designing Privacy Tracking for Consumer Confidentiality & Cryptographic Assurance for Enterprises
By Brian A. Scriber, CableLabs
More Results >>