Security Evaluation Criteria of Open-Source Libraries

The use of freely available, open-source code to reduce the time needed to create new software or add functionality to existing software is a common practice. With analysis of recent high-profile cases of open-source software packages being corrupted by the original developer, or the introduction of remote back-door functionality by malicious actors, it has been shown that there is much that can be done to help with simplifying the decision-making process of using any open-source code. This paper provides the basis for a simple-to-use checklist that can be used to quickly analyze open-source libraries for its suitability within an individual’s or organization’s code base. Fourteen projects were selected at random from a popular code hosting site that made use of specific biometric security libraries. The conclusions derived from the use of the checklist and the analysis of the selected projects will help with simplifying the decision-making process of using open-source code for software projects.