Harjot Kaur, CISPA Helmholtz Center for Information Security; Carson Powers and Ronald E. Thompson III, Tufts University; Sascha Fahl, CISPA Helmholtz Center for Information Security; Daniel Votipka, Tufts University
Vulnerabilities in open-source software (OSS) projects can potentially impact millions of users and large parts of the software supply chain. Rigorous secure design practices, such as threat modeling (TM), can help identify threats and determine and prioritize mitigations early in the development lifecycle. However, there is limited evidence regarding how OSS developers consider threats and mitigations and whether they use established TM methods.
Our research is the first to fill this gap by investigating OSS developers' TM practices and experiences. Using semi-structured interviews with 25 OSS developers, we explore participants' threat finding and mitigation practices, their challenges and reasons for adopting their practices, as well as desired support for implementing TM in their open-source projects. Because OSS development is often a volunteer effort, decentralized, and lacking security expertise, more structured TM methods introduce additional costs and are perceived as having limited benefit. Instead, we find almost all OSS developers conduct TM practices in an ad hoc manner due to the ease-of-use, flexibility, and low overhead of this approach. Based on our findings, we provide recommendations for the OSS community to better support TM processes in OSS.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
