Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

weiss

757 views

Published on

  • Be the first to comment

  • Be the first to like this

weiss

  1. 1. weiss@sce.carleton.ca Licensed under a CC BY-SA license Value of open source projects: 
 A case for open source cybersecurity 2015 ICE Conference, Belfast June 22-24, 2014 Michael Weiss, Tony Bailetti Carleton University, Ottawa www.timprogram.ca www.carleton.ca 1
  2. 2. weiss@sce.carleton.ca Licensed under a CC BY-SA license Objective • Companies understand they need to engage with open source projects as part of their business strategy • No good framework for assessing the (ex-ante) value stakeholders assign to an open source project
 
 
 Goal • Develop tool to assess value of open source projects based on recent advances in resource-based theory • Apply framework to argue that cybersecurity threats are better addressed through open source projects 2
  3. 3. weiss@sce.carleton.ca Licensed under a CC BY-SA license Ex-ante value of resources • Schmidt & Keil (2013) identify the ex-ante conditions under which firms attribute value to a resource:
 1. Firm’s ex-ante market position 2. Its ex-ante resource base, which allows for complementarities 3. Its position in inter-organizational networks 4. Prior knowledge and experience of its managers 3
  4. 4. weiss@sce.carleton.ca Licensed under a CC BY-SA license Open source value drivers 4 Spread (1a) How much engaging in an open source project helps reduce the cost of product development Demand (1b) How many units of a stakeholder's product are sold as a result of engaging in the open source project Complemen- tarity (2) Number of units sold due to the company's product complementing other products Privileged information (3) Volume, variety, velocity, and veracity of privileged information that is accessible Judgement (4) Number of individuals with requisite experience and knowledge to create value attracted
  5. 5. weiss@sce.carleton.ca Licensed under a CC BY-SA license Open source engagement levels 5
  6. 6. weiss@sce.carleton.ca Licensed under a CC BY-SA license Method • We examined six open source projects that we had studied in detail in our previous research, and drew on open source literature to complement findings • For each project, we inferred the actions that were taken to create value from the open source project and classified them by engagement level and value driver • Collapsed classifications for the projects into a single classification to produce the assessment tool • Examined cybersecurity literature and case studies through the lens of the value assessment tool 6
  7. 7. weiss@sce.carleton.ca Licensed under a CC BY-SA license Open source value assessment tool 7 Level of
 engagement Value driver Increase spread Increase demand Increase complemen- tarity Increase privileged information Increase judgement Use Reduce cost of development Develop new features quickly to attract customers Monitor technological trends Contribute Reduce cost of providing standard features Make company's product more attractive by including standard features Create plug-ins into other products Allocate developers to subprojects Champion Attract community contributions to project Reduce cost of acquisition for customers Trial products Attract third party features Define ownership contributions Nurture the community Attract third party features and services Access to a pool of talented developers Collaborate Reduce cost of creating shared assets Create a common platform for products Jointly create new markets Learn from one another Access to a diversity of skills
  8. 8. weiss@sce.carleton.ca Licensed under a CC BY-SA license Open source value assessment tool 8 Level of
 engagement Value driver Increase spread Increase demand Increase complemen- tarity Increase privileged information Increase judgement Use Reduce cost of development Develop new features quickly to attract customers Monitor technological trends Contribute Reduce cost of providing standard features Make company's product more attractive by including standard features Create plug-ins into other products Allocate developers to subprojects Champion Attract community contributions to project Reduce cost of acquisition for customers Trial products Attract third party features Define ownership contributions Nurture the community Attract third party features and services Access to a pool of talented developers Collaborate Reduce cost of creating shared assets Create a common platform for products Jointly create new markets Learn from one another Access to a diversity of skills Monitor technological trends
  9. 9. weiss@sce.carleton.ca Licensed under a CC BY-SA license Open source value assessment tool 9 Level of
 engagement Value driver Increase spread Increase demand Increase complemen- tarity Increase privileged information Increase judgement Use Reduce cost of development Develop new features quickly to attract customers Monitor technological trends Contribute Reduce cost of providing standard features Make company's product more attractive by including standard features Create plug-ins into other products Allocate developers to subprojects Champion Attract community contributions to project Reduce cost of acquisition for customers Trial products Attract third party features Define ownership contributions Nurture the community Attract third party features and services Access to a pool of talented developers Collaborate Reduce cost of creating shared assets Create a common platform for products Jointly create new markets Learn from one another Access to a diversity of skills Create plug- ins into other products
  10. 10. weiss@sce.carleton.ca Licensed under a CC BY-SA license Open source value assessment tool 10 Level of
 engagement Value driver Increase spread Increase demand Increase complemen- tarity Increase privileged information Increase judgement Use Reduce cost of development Develop new features quickly to attract customers Monitor technological trends Contribute Reduce cost of providing standard features Make company's product more attractive by including standard features Create plug-ins into other products Allocate developers to subprojects Champion Attract community contributions to project Reduce cost of acquisition for customers Trial products Attract third party features Define ownership contributions Nurture the community Attract third party features and services Access to a pool of talented developers Collaborate Reduce cost of creating shared assets Create a common platform for products Jointly create new markets Learn from one another Access to a diversity of skills Access to a pool of talented developers
  11. 11. weiss@sce.carleton.ca Licensed under a CC BY-SA license Open source value assessment tool 11 Level of
 engagement Value driver Increase spread Increase demand Increase complemen- tarity Increase privileged information Increase judgement Use Reduce cost of development Develop new features quickly to attract customers Monitor technological trends Contribute Reduce cost of providing standard features Make company's product more attractive by including standard features Create plug-ins into other products Allocate developers to subprojects Champion Attract community contributions to project Reduce cost of acquisition for customers Trial products Attract third party features Define ownership contributions Nurture the community Attract third party features and services Access to a pool of talented developers Collaborate Reduce cost of creating shared assets Create a common platform for products Jointly create new markets Learn from one another Access to a diversity of skills Reduce cost of creating shared assets
  12. 12. weiss@sce.carleton.ca Licensed under a CC BY-SA license Application to Eclipse project 12 Level of
 engagement Value driver Increase spread Increase demand Increase complemen- tarity Increase privileged information Increase judgement Use Contribute Reduce cost of providing standard features Make company's product more attractive by including standard features Allocate developers to subprojects Champion Attract community contributions to project Reduce cost of acquisition for customers Trial products Define ownership Donate initial project code Nurture the community Access to a pool of talented developers Collaborate Reduce cost of creating shared assets Create a common platform for products Jointly create new markets Learn from one another Access to a diversity of skills
  13. 13. weiss@sce.carleton.ca Licensed under a CC BY-SA license Cybersecurity and open source • Open source approaches have not yet been widely applied in cybersecurity — mantra of “security through obscurity” leads to a siloed approach to security • However, there have been calls for more transparency and collaboration such as the “collaborative approach” (Ackerman), “cyber commons” (Schiffman & Gupta), “open security” (Schmidt), and “disclosure” (Swire) • BTW — attackers already know about the benefits of collaboration, so here our focus is on defenders • Example of collaboration in averting cybersecurity threats: Conficker Working Group 13
  14. 14. weiss@sce.carleton.ca Licensed under a CC BY-SA license Tool applied to cybersecurity 14 Level of
 engagement Value driver Increase spread Increase demand Increase complemen- tarity Increase privileged information Increase judgement Use Reduce cost of development Increase security for their products and services Monitor technological trends Contribute Share security expertise Champion Create a platform for sharing intelligence security Nurture the community Attract third party features and services Access to a pool of talented developers Collaborate Reduce cost of creating shared assets Share threat intelligence Access to a diversity of security expertise
  15. 15. weiss@sce.carleton.ca Licensed under a CC BY-SA license Tool applied to cybersecurity 15 Level of
 engagement Value driver Increase spread Increase demand Increase complemen- tarity Increase privileged information Increase judgement Use Reduce cost of development Increase security for their products and services Monitor technological trends Contribute Share security expertise Champion Create a platform for sharing intelligence security Nurture the community Attract third party features and services Access to a pool of talented developers Collaborate Reduce cost of creating shared assets Share threat intelligence Access to a diversity of security expertise Create a plat- form for sharing intelligence
  16. 16. weiss@sce.carleton.ca Licensed under a CC BY-SA license Tool applied to cybersecurity 16 Level of
 engagement Value driver Increase spread Increase demand Increase complemen- tarity Increase privileged information Increase judgement Use Reduce cost of development Increase security for their products and services Monitor technological trends Contribute Share security expertise Champion Create a platform for sharing intelligence security Nurture the community Attract third party features and services Access to a pool of talented developers Collaborate Reduce cost of creating shared assets Share threat intelligence Access to a diversity of security expertise Reduce cost of creating shared assets
  17. 17. weiss@sce.carleton.ca Licensed under a CC BY-SA license Tool applied to cybersecurity 17 Level of
 engagement Value driver Increase spread Increase demand Increase complemen- tarity Increase privileged information Increase judgement Use Reduce cost of development Increase security for their products and services Monitor technological trends Contribute Share security expertise Champion Create a platform for sharing intelligence security Nurture the community Attract third party features and services Access to a pool of talented developers Collaborate Reduce cost of creating shared assets Share threat intelligence Access to a diversity of security expertise Access to a diversity of security expertise
  18. 18. weiss@sce.carleton.ca Licensed under a CC BY-SA license Conclusion • Purpose of tool: help companies increase value they gain from engaging with open source projects • Foundation for the tool was provided by a recent theoretical advance in resource-based theory • Tool helps describe actions to be taken at a given level of engagement to drive value in specific ways • Applied tool to argue for an open source approach to cybersecurity: more transparent & collaborative • Future work is to examine current projects in the still nascent field of open source cybersecurity 18

×