All Blogs
- 90% of respondents work in companies with a dedicated team responsible for the security of software. 80% of them do not carry out any further security checks on an OSS once it has been approved for use by their security teams.
- 80% of respondents see comprehensive documentation as an important factor when selecting an OSS for use.
- 70% of respondents report validating dependencies in their selected open-source software component.
- 50% of respondents consider how actively an open-source software is maintained before selecting it for their projects.
- 40% of respondents do not anticipate accidental exploitation of vulnerabilities or expect malice from bad actors when they create software.
- 30% of respondents report not doing any post-release maintenance on the OSS component used and deployed.
Security of Open Source Software : A Survey of Technical Stakeholders’ Perceptions and Actions
Open-source software (OSS) components are largely assumed to be secure due to their open nature. However, that is not always the case. Of late, there has been an increased incidence of software supply-chain issues, with some industry reports estimating a 300% increase in attacks that exploit existing vulnerabilities between 2020 and 2021.
This report by Centre for Internet and Society surveys technical stakeholders to determine how they select OSS components to use in their projects and how they think broadly about the security of the projects they create.
Highlights:
Click to download the full report
Securing Our Dependence on Code Reuse in Software
Dividing and breaking up a software project into smaller modules with functionality that can be reused to build other software is an increasingly common practice in software development today. We examine our infrastructural dependence on reuse of open-source software (OSS) components, examine the unique security risks posed by the widespread reuse of code, and survey systemic solutions to securing code reuse.
CIS Statement in WIPO SCCR 43
Shweta Mohandas delivered a statement on behalf of CIS, on day 1 of the 43rd WIPO SCCR session on the Broadcast Treaty.
CensorWatch: On the Implementation of Online Censorship in India
Results from a nation-wide empirical study on web censorship
Civil Society’s second opinion on a UHI prescription
On January 13, Pallavi Bedi and Shweta Mohandas from CIS participated in an online collaboration organised by Internet Freedom Foundation for a joint submission to the Consultation Paper on Operationalising Unified Health Interface (UHI) in India released by the National Health Authority.
Comments to the proposed amendments to The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
This note presents comments by the Centre for Internet and Society (CIS), India, on the proposed amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“proposed amendments”). We thank Isha Suri for her review of this submission.
The Centre for Internet and Society’s comments and recommendations to the: The Digital Data Protection Bill 2022
The Centre for Internet & Society (CIS) published its comments and recommendations to the Digital Personal Data Protection Bill, 2022, on December 17, 2022.
CIS’ Comments to the (Draft) Indian Telecommunication Bill 2022
The Department of Telecommunications, Government of India invited comments on the Draft Indian Telecommunication Bill, 2022. The Centre for Internet & Society (CIS) submitted its comments.
Why spectrum needs a change in approach
Rajat Kathuria and Isha Suri write: It must be recognised that spectrum needs to be combined with other infrastructure to enable service delivery.
‘Techplomacy’ and the negotiation of AI standards for the Indo-Pacific
Researchers at the Australian Strategic Policy Institute have partnered with the Centre for Internet and Society (Bengaluru) to produce a ‘techplomacy guide’ on negotiating AI standards for stakeholders in the Indo-Pacific.
Exploring Knowledge Repositories on Water Resources in India
This research study explores knowledge repositories on water resources in India, with a focus on how the digital transition has impacted the process of creation & access to these resources and possible collaborations to build open digital repositories around water. The research was undertaken by Subodh Kulkarni, with editorial inputs by Puthiya Purayil Sneha, and Chiara Furtado. This is part of a series of short-term studies undertaken by the CIS-A2K team in 2021–2022.
Infrastructural Needs of Indian Language Wikisource Projects
This is a short study on identifying the infrastructural gaps on Indian language Wikisource projects, and potential strategies to address the same. The study was undertaken by Jayantha Nath, Puthiya Purayil Sneha and Satdeep Gill, with writing and editorial oversight by Puthiya Purayil Sneha and an external review by Divyank Katira. This is part of a series of short-term studies undertaken by the CIS-A2K team in 2021-22.
Mapping Content on Gender and Sexuality in Indian Languages
This research study explores content production processes on gender and sexuality in Indian languages, its digital documentation and factors that affect its availability and use on open access platforms. The research was undertaken by Yashashwini Srinivas, with editorial inputs by Puthiya Purayil Sneha, and Torsha Sarkar. This research was part of short-term studies undertaken at the CIS-A2K programme 2021-22.
Demystifying Data Breaches in India
Despite the rate at which data breaches occur and are reported in the media, there seems to be little information about how and when they are resolved. This post examines the discourse on data breaches in India with respect to their historical forms, with a focus on how the specific terminology to describe data security incidents has evolved in mainstream news media reportage.
Digitisation of O Bharat, a bilingual biweekly published in Goa from 1912 to 1949
The digitization project of O Bharat, a historic biweekly published between 1912 to 1949 in Goa was completed through collaboration of different organizations. The trustees of Bharatkar Hegde Desai Trust initiated the project in collaboration with Marathi department of Goa University, Bhakti Dnyan Marg Sanstha and Goa Central Library. The Centre for Internet and Society's Access to Knowledge Programme facilitated the project with technical and financial assistance. Two local students scanned 12000 pages in 8 days. The year wise volumes of O Bharat are now freely available on Wikimedia Commons in the form of archive.
Digitisation of O Bharat, a bilingual biweekly published in Goa from 1912 to 1949
It all started like this. During the Wikimedia session at Goa University in October 2021, it was realised that there is very little documentation about the ‘Goa Liberation Struggle’ on Wikimedia projects. So, in the meeting Prof. Vinay Madgaonkar from the Marathi language department took the lead to develop a project around this theme.
Getting the (Digital) Indo-Pacific Economic Framework Right
On the eve of the Tokyo Quad Summit in May 2022, President Biden unveiled the Indo-Pacific Economic Framework (IPEF), visualising cooperation across the Indo-Pacific based on four pillars: trade; supply chains; clean energy, decarbonisation and infrastructure; and tax and anti-corruption. Galvanised by the US, the other 13 founding members of the IPEF are Australia, Brunei Darussalam, India, Indonesia, Japan, Republic of Korea, Malaysia, New Zealand, Philippines, Singapore, Thailand and Vietnam. The first official in-person Ministerial meeting was held in Los Angeles on 9 September 2022.
NHA Data Sharing Guidelines – Yet Another Policy in the Absence of a Data Protection Act
In July this year, the National Health Authority (NHA) released the NHA Data Sharing Guidelines for the Pradhan Mantri Jan Aarogya Yojana (PM-JAY) just two months after publishing the draft Health Data Management Policy.
Designing Domestic Work Platforms
This research was conducted by The Center for Internet and Society (CIS) with funding from Association for Progressive Communication (APC) through the Feminist Internet Research Network (FIRN), supported by International Development Research Centre (IDRC). The authors are deeply grateful to the platform workers who talked to us and shared their experiences of finding work through Urban Company. Their responses shaped our research and their insights guided the creation of this final report.
Surveillance Enabling Identity Systems in Africa: Tracing the Fingerprints of Aadhaar
Biometric identity systems are being introduced around the world with a focus on promoting human development and social and economic inclusion, rather than previous goals of security. As a result, these systems being encouraged in developing countries, particularly in Africa and Asia, sometimes with disastrous consequences.
