Article: Software security assurance with an augmented software component analysis approach for open source component evaluation Journal: International Journal of Autonomous and Adaptive Communications Systems (IJAACS) 2025 Vol.18 No.5 pp.439 - 462 Abstract: Open source components are the foundation of modern software development, thereby making software component analysis (SCA) as an essential method to ensuring software security. However, existing SCA methods concentrate on identifying open source component's security issues, ignoring comprehensive analysis with components' maintenance and support posture. In this paper, we investigated the literature from industry and academia about secure software development process, software and component evaluation models, and evaluation methodologies. Then, we proposed advanced open source component analysis (AOSCA), an augmented SCA approach by additionally quantifying a set of attributes for evaluation, despite of the conventional detected issues. The experimental results demonstrate that AOSCA can effectively assessing open source components and provide the evaluation result to software development organisation based on requirements and preference. To sum up, AOSCA provides a comprehensive but effective mechanism for open source component evaluation. Applying AOSCA as a security practice during software development process is vital for software security assurance. Inderscience Publishers - linking academia, business and industry through research

Title: Software security assurance with an augmented software component analysis approach for open source component evaluation

Authors: Jian Hu; Linfei Li; Hailin Wang; Tao Chuan; Xiwei Dai; Yaodan Yu; Jie Wang

Addresses: Information Center of Yunnan Power Grid Co., Ltd., China Southern Power Grid Group, Kunming, 650217, China ' School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu, 610054, China ' Information Center of Yunnan Power Grid Co., Ltd., China Southern Power Grid Group, Kunming, 650217, China ' Information Center of Yunnan Power Grid Co., Ltd., China Southern Power Grid Group, Kunming, 650217, China ' School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu, 610054, China ' School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu, 610054, China ' College of Computer and Information Engineering, Xiamen University of Technology, Xiamen, 361024, China; Shenzhen Kaiyuan Internet Security Technology Co., Ltd., Shenzhen, 518000, China

Abstract: Open source components are the foundation of modern software development, thereby making software component analysis (SCA) as an essential method to ensuring software security. However, existing SCA methods concentrate on identifying open source component's security issues, ignoring comprehensive analysis with components' maintenance and support posture. In this paper, we investigated the literature from industry and academia about secure software development process, software and component evaluation models, and evaluation methodologies. Then, we proposed advanced open source component analysis (AOSCA), an augmented SCA approach by additionally quantifying a set of attributes for evaluation, despite of the conventional detected issues. The experimental results demonstrate that AOSCA can effectively assessing open source components and provide the evaluation result to software development organisation based on requirements and preference. To sum up, AOSCA provides a comprehensive but effective mechanism for open source component evaluation. Applying AOSCA as a security practice during software development process is vital for software security assurance.

Keywords: software security; SCA; software component analysis; open source component; security evaluation; augmented attribute.

DOI: 10.1504/IJAACS.2025.149808

International Journal of Autonomous and Adaptive Communications Systems, 2025 Vol.18 No.5, pp.439 - 462

Received: 11 May 2024
Accepted: 26 Jun 2024
Published online: 13 Nov 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Software security assurance with an augmented software component analysis approach for open source component evaluation

Keep up-to-date