International Journal For Multidisciplinary Research

E-ISSN: 2582-2160     Impact Factor: 9.24

A Widely Indexed Open Access Peer Reviewed Multidisciplinary Bi-monthly Scholarly International Journal

Call for Paper Volume 6 Issue 5 September-October 2024 Submit your research before last 3 days of October to publish your research paper in the issue of September-October.

Evaluating Security and Community Health Metrics of FOSS Repositories

Author(s) Niraj Salvi, Amal Thundiyil, Seema Supe, Nataasha Raul
Country India
Abstract The extensive use of open-source packages in software development has greatly increased output and effectiveness. However, this development presents a challenging security environment in which vulnerabilities found in these packages can spread to other projects. To address this challenge, we suggest creating an open-source security assessment tool that has been painstakingly designed. The purpose of this tool is to assess security risks related to third-party dependencies and packages that are available on npm and GitHub. Concerns are raised by the lack of a thorough assessment because seemingly innocuous packages could be hiding vulnerabilities that could lead to significant financial losses, service interruptions, and data breaches. Within the dynamic realm of open-source packages, developers often struggle to stay up to date with the ever changing security landscape. The main difficulty with this problem is figuring out which secure packages are kept up to date and which are either showing signs of poor maintenance or contain latent vulnerabilities. Therefore, it becomes necessary to have a methodical, data-driven security evaluation tool so that developers can make informed choices about which packages to install. This project uses a wide range of parameters in an attempt to meet this requirement. These parameters allow for a quantitative evaluation of a package's security posture. They include metrics like stars, forks, resolved issues, and community engagement. Our project aims to strengthen software security measures and mitigate potential risks associated with using third-party packages by giving developers actionable insights into the security status of their dependencies.
Field Computer > Network / Security
Published In Volume 6, Issue 2, March-April 2024
Published On 2024-04-18
Cite This Evaluating Security and Community Health Metrics of FOSS Repositories - Niraj Salvi, Amal Thundiyil, Seema Supe, Nataasha Raul - IJFMR Volume 6, Issue 2, March-April 2024. DOI 10.36948/ijfmr.2024.v06i02.16980
DOI https://doi.org/10.36948/ijfmr.2024.v06i02.16980
Short DOI https://doi.org/gtrfpm

Share this