Reliability and Security Analysis of Open Source Software

Existing reliability prediction and security assessment of open source software systems seem to focus on analysis based primarily on the number of faults reported against the software. Since information like problem reports, software usage level, and project’s behavior in terms of time taken to fix a problem report are publicly available, it is advantageous to also consider these factors in analyzing open source projects. We study the characteristics of FEDORA (a popular open source project) problem reports for different releases and show that traditional reliability models can be utilized for prediction of problem rates across releases. Also, we estimate the risk exposure due to security problem reports, a subset of the total problem reports. We discuss metrics that could help end-users assess the trustworthiness of open source projects.