The Use of Security Tactics in Open Source Software Projects

Jungwoo Ryoo, Bryan Malone, Phillip A. Laplante, Priya Anand

Research output: Contribution to journalArticlepeer-review

15 Scopus citations


Despite the best intentions of software architects, it is often the case that individual developers do not faithfully implement the original security design decisions. Such a scenario sometimes leads to a situation in which while an architect claims the use of a secure architecture in the form of some tactic, the corresponding source code does not support the claim. To bridge this gap, the first critical step is to verify whether the source code reflects at least some of the structural or behavioral features required for a tactic. In this study, we examine the extent of this discrepancy between an architect's vision of what security tactics need to be adopted in the software and the actual implementation. We accomplish this research goal by 1) exploring an architect's intention to use security tactics, 2) checking whether the tactic is manifested in the design, and finally 3) recovering the evidence of efforts to implement the design in the source code. To avoid limitations to accessing documentation and source code, we use open source projects to conduct our research.

Original languageEnglish (US)
Article number7362260
Pages (from-to)1195-1204
Number of pages10
JournalIEEE Transactions on Reliability
Issue number3
StatePublished - Sep 2016

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Electrical and Electronic Engineering


Dive into the research topics of 'The Use of Security Tactics in Open Source Software Projects'. Together they form a unique fingerprint.

Cite this