CHALLENGES IN SECURITY AUDITS IN OPEN SOURCE SYSTEMS

Sammanfattning: Today there is a heavy integration of information technology in almost every aspect of our lives and there is an increase in computer security that goes with it. To ensure this security, and that policies and procedures within an organisations related to this security are enforced; security audits are conducted. At the same time, use of open source software is also becoming increasingly common, becoming more a fact of life rather than an option. With these two trends in mind, this study analyses a selection of scientific literature on the topic and identifies the unique challenges a security audit in an open source environment faces, and aims to contribute on how to help alleviate the challenges. The study was performed in the form of a literature review, where the comparison and analysis revealed interesting information regarding the open source specific challenges, including both technical issues as well as challenges stemming from people’s perception and handling of open source software today. The answer to the question “What are the challenges when conducting security audits for open source systems and how can they be alleviated?” shows the main challenges to be too much trust is put in unverified binaries. The report offers suggestions and ideas on how to implement solutions in order to help diminish this challenge through the use and integration of Reproducible Builds, answering the second part of the question.