AWARENESS OF OPEN-SOURCE SOFTWARE VULNERABILITIES AMONG PROGRAMMERS: A SURVEY-BASED STUDY OF UNDERGRADUATE COMPUTER SCIENCE STUDENTS

Abstract

Open-source software (OSS) has become a foundational pillar of modern software development, with over 90% of contemporary applications incorporating open-source components. Despite its widespread adoption, open-source software frequently harbors critical security vulnerabilities that can expose systems to severe cyber threats, including data breaches, unauthorized access, and supply-chain attacks. The rapid growth of open-source ecosystems such as npm, PyPI, and Maven has amplified the attack surface, making vulnerability awareness among programmers a critical concern. However, limited empirical evidence exists regarding the actual level of awareness that programmers—particularly undergraduate computer science students possess about these vulnerabilities. This study aims to measure the awareness of open-source software vulnerabilities among undergraduate BSCS programmers at Air University Multan Campus. A quantitative, descriptive, cross-sectional survey design was employed, utilizing a structured questionnaire based on a 5-point Likert scale administered to a sample of 120 students. The questionnaire assessed demographics, frequency of open-source usage, vulnerability awareness levels, secure coding practices, and attitudinal measures toward software security. Data were analyzed using descriptive statistics, Pearson correlation, independent samples t-test, and one-way ANOVA through SPSS version 26. The results revealed a moderate overall awareness level, with significant positive correlations found between formal security education and vulnerability awareness. The findings suggest that current curricula inadequately address open-source security, and recommend the integration of dedicated security modules, vulnerability scanning workshops, and secure coding practices into undergraduate programs.