%0 Journal Article %J Open Source Business Resource %D 2008 %T Security Hardening of Open Source Software %A Robert Charpentier %A Mourad Debbabi %X In today's computing world, security takes an increasingly predominant role. The industry is facing challenges in public confidence at the discovery of vulnerabilities and customers are expecting security to be delivered out of the box, even on programs that were not designed with security in mind. Software maintainers must face the challenge to improve the security of their programs and are often under-equipped to do so. Some are taking advantage of open source software (OSS) for their production systems as the availability of the source code facilitates their validation and answers their need for trustworthy programs. OSS are often implemented using the C programming language (26% according to SourceForge.net), making it is necessary to investigate the security issues related to C. This paper summarizes key concepts related to security hardening, and demonstrates its applicability on the C language. We also propose a progressive approach to integrate security services and protection measures into existing software to ultimately make it more resistant against cyber-attacks. Given our ever increasing dependability on information technologies, it becomes critically important to provide tools to maintainers that will facilitate and accelerate the security hardening process, increasing the effectiveness of the effort and lowering the resources required to do so. %B Open Source Business Resource %I Talent First Network %C Ottawa %8 06/2008 %G eng %U http://timreview.ca/article/157 %N June 2008 %9 Articles %1 Defence Research Establishment Robert Charpentier completed his degree in engineering physics at l'Ecole Polytechnique de Montreal in 1979. After working at CAE Electronics on flight simulators, he joined Defence Research Establishment Valcartier, where he specialized in infrared imagery and space-based surveillance. His current research domain is software security design and attack resistance of information systems operated in hostile environment. He has been deeply involved in F/LOSS studies since 2003. %2 Concordia University Mourad Debbabi is full professor and acting director at the Concordia Institute for Information Systems Engineering. He is Concordia University Research Chair Tier I and Specification Lead for four Java Specification Standards. He received his Ph.D. in Computer Science from Paris XI Orsay University and worked as senior scientist for PINTL Laboratory and General Electric Corporate Research before joining Concordia University in Montreal.