Security vulnerabilities in open source projects: An India perspective

Educational and governmental organizations are heavy users of Free and Open Source Software (FOSS) due to the numerous economic advantages it offers. But because of the lack of formal notification of vulnerabilities in them these users are left with exploitable risks in their systems with known vulnerabilities which could completely offset the economic gains and lead to unrecoverable losses. India is one of the largest consumers of Free and Open Source Software (FOSS) though in the last few years there has been concerted effort to contribute to the movement as well as create its own FOSS to support local languages. This paper compares and analyses the public disclosure of vulnerabilities in Free and Open Source Software (FOSS) to those of non-open source systems. Our case study with (N=218) Information Technology (IT) professionals working in computer systems, networks and application development areas indicates an urgent need to enhance vulnerability handling practices for Free and Open Source Software based applications. This study has interesting implications for Information and Communications Technology (ICT) policy makers in the government as well as private sector who are increasingly advocating the use of FOSS.