Contents I. Security Head-Scratchers
In the last decade, three major forces radically changed software development projects. First , the trends of DevOps as well as continuous integration and delivery have led to a fast-paced development with faster product changes [1] , [2] . Second , the adoption of agile practices has lead to a democratised process where the development is carried out by self-organizing and cross-functional teams that have limited central oversight [3] . Third , after advocating the benefits of commercial off-the-shelf (COTS) and software reuse for years, we have finally come to the era of multi-stakeholder development and software ecosystems, where developers focus on differentiating features in their products and rely on 3rd parties for everything else (e.g, cloud deployment, use of open frameworks, and so on) [4] . We observe that the key issue is not that it is Free (albeit this is useful), but that it is in a state of constant changes and such changes are done by different people belonging to different organizations. To capture this phenomenon, we introduce the notion of Multi-party Open Software and Services – or MOSS 1 – and to reflect the dual nature of modern software developer roles, we introduce the notion of MOSS Prosumer : to produce MOSS components, software developers not only develop their own code, but also consume the code from other projects. From a security perspective, the new situation, brings the two major challenges.
