@article {157, title = {Security Hardening of Open Source Software}, journal = {Open Source Business Resource}, year = {2008}, month = {06/2008}, publisher = {Talent First Network}, type = {Articles}, address = {Ottawa}, abstract = {In today{\textquoteright}s computing world, security takes an increasingly predominant role. The industry is facing challenges in public confidence at the discovery of vulnerabilities and customers are expecting security to be delivered out of the box, even on programs that were not designed with security in mind. Software maintainers must face the challenge to improve the security of their programs and are often under-equipped to do so. Some are taking advantage of open source software (OSS) for their production systems as the availability of the source code facilitates their validation and answers their need for trustworthy programs. OSS are often implemented using the C programming language (26\% according to SourceForge.net), making it is necessary to investigate the security issues related to C. This paper summarizes key concepts related to security hardening, and demonstrates its applicability on the C language. We also propose a progressive approach to integrate security services and protection measures into existing software to ultimately make it more resistant against cyber-attacks. Given our ever increasing dependability on information technologies, it becomes critically important to provide tools to maintainers that will facilitate and accelerate the security hardening process, increasing the effectiveness of the effort and lowering the resources required to do so.}, issn = {1913-6102}, url = {http://timreview.ca/article/157}, author = {Robert Charpentier and Mourad Debbabi} }