Measuring Software Diversity, with Applications to Security
Julio Hernandez-Castro, Jeremy Rossman
TL;DR
This paper adapts ecological diversity measures, especially the Shannon-Weiner index, to quantify software diversity, revealing security-related monopolies and providing insights into software ecosystem security.
Contribution
It introduces the application of ecological diversity indices to software ecosystems, highlighting the Shannon-Weiner index as the most effective measure for security analysis.
Findings
Identification of a software monopoly with security implications
Effective assessment of software ecosystem diversity
Insights into security vulnerabilities related to low diversity
Abstract
In this work, we briefly introduce and discuss some of the diversity measures used in Ecology. After a succinct description and analysis of the most relevant ones, we single out the Shannon-Weiner index. We justify why it is the most informative and relevant one for measuring software diversity. Then, we show how it can be used for effectively assessing the diversity of various real software ecosystems. We discover in the process a frequently overlooked software monopoly, and its key security implications. We finally extract some conclusions from the results obtained, focusing mostly on their security implications.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Network Security and Intrusion Detection · Software Engineering Research