Learning Secure Programming in Open Source Software Communities: A Socio-Technical View

In open source software (OSS) communities, volunteers collaborate and integrate expertise to develop the software online via the Internet in a decentralized, highly interactive and knowledge-intensive process. Development of qualified and secured software products relies mainly on the ability of OSS participants to acquire, refine and use new aspects of secure programming knowledge. Many OSS proponents believe that the open source innovation offers significant learning opportunities from its best practices. However, studies that specifically explore learning of software security in the context of open source development are scarce. This paper aims to empirically assess present knowledge sharing and learning about secure programming knowledge in the context of OSS communities utilized a socio-technical approach on OSS projects based on an ethnographic observation. Our motivation is not only to evaluate the knowledge sharing and learning mechanisms and the extent to which they may be viable and successful but also to gain insight into the security culture and project factors that affect learning processes of secure programming in OSS communities.