Team Semester Project

You might ask why have a team project? To that I have to say that today we build and analyze things that are so complex that no one person can fully make or comprehend them —naturally, engineering activities to manage complexity are team-based—for example, open-source software development. Team members could be in different time zones, have competing priorities, and different skill levels. Experiencing such teamwork is essential for a course on software assurance. So, we will form five-person teams that will work together on a class project.

This class strives to encourage learning by doing and making a real difference in the practice of building software. To turn this spirit into reality, you will work on a semester-long project with an open-source software project. Each team will select a unique open-source software project and examine opportunities for security-related improvements.

The project will have the following major deliverables. Not surprisingly, they coincide with the major topics in the course.

1. Project Proposal
2. Requirements for Software Security Engineering
3. Assurance Cases Software Security Engineering
4. Designing for Software Security Engineering
5. Code analysis for Software Security Engineering
6. Recorded Presentation

Project Inspiration

If you have never worked with open source project communities, your heart is probably racing at this time. Don’t worry. They are not that scary. Also, we will have the right preparation in the course that will allow you to have purposeful interactions with these communities. For now, I want you to read through these blogs to understand what it is like to engage with an open source project: blog 1, blog 2, blog 3.

These blogs probably helped address some of your anxiety. Another source of anxiety can be related to what open source project to select. As you think about joining a team, use the links below to explore impactful open source projects and have some ideas about the projects you want to engage with.

• Github Guide for finding an Open Source Project to work on

Openhub has a lot of meta-information about open source projects that can help you better explore and understand your selection. Github search and Code Triage are also good resources to find projects.

• Openhub by Synopsys/Black Duck Software
• Github trends.
• Code Triage. Open source projects on GitHub that need your help.

Projects to Avoid

The software assurance methods in this course apply quite broadly. Codebases based on C, C++, Python and Java generally have a better support of free tools for security analysis. But just the language used in the codebase should not limit your choices. What you should avoid are projects that fall into the categories below:

• In-active projects (no recent contributions, no activity on forums, lack of wiki or documentation)
• Old vulnerable project versions
• Mobile Apps. We have other classes that do that.
• Projects with less-widely used languages that lack tool support for automated analysis
• Project with little or no security requirements. As surprising as it may sound, not all software has security needs!
• Projects not accepting contributions

As you form your teams, prior familiarity with languages or platforms may play in to your choice. But keep in mind that Software Security Assessors are often called in to analyze the security of software that is built using languages that they are not familiar with. ChatGPT can also explain code or syntax that you are unfamilar with.

Project Hall of Fame

To give you some motivation, here are teams from prior semesters that have engaged with the communities of their selected open source projects. Your team should aspire to get listed in this repo. After all, this course made it to the Arctic Code Vault!

• List of successful contributions to OSS projects from student teams

Past Teams Project Repositories

The deliverables from the class project are posted in a public repository. You can find the artifacts from prior semester teams below. While these can act as examples, there is no guarantee that they did it right! They may also be following different assignment instructions.

• Teams 2022
• Teams 2021
• Teams 2020
• Teams 2019
• Teams 2018
• Teams 2017
• Teams 2016

Teams Project for Fall 2023

• Teams 2023

Project Grading

• The project accounts for 40% of the total course grade.
• 20% of your project grade will be based on peer feedback throughout the semester and attendance at weekly project meetings. So strive to be an active contributor and volunteer for project tasks in your teams. Avoid being a social loafer at all costs!