Security by documentation? characterizing GitHub SECURITY.md policy and their adoption in Python libraries
| dc.contributor.author | Choetkiertikul M. | |
| dc.contributor.author | Kancharoendee S. | |
| dc.contributor.author | Jongyingyos C. | |
| dc.contributor.author | Phichitphanphong T. | |
| dc.contributor.author | Ragkhitwetsagul C. | |
| dc.contributor.author | Reid B. | |
| dc.contributor.author | Kula R.G. | |
| dc.contributor.author | Sunetnanta T. | |
| dc.contributor.correspondence | Choetkiertikul M. | |
| dc.contributor.other | Mahidol University | |
| dc.date.accessioned | 2026-02-15T18:14:17Z | |
| dc.date.available | 2026-02-15T18:14:17Z | |
| dc.date.issued | 2026-05-01 | |
| dc.description.abstract | With security in open-source software development increasingly becoming crucial, security policies are one way to manage vulnerabilities and guide users toward safe practices. To support secure development, platforms like GitHub provide a dedicated section for security policies within repositories. Existing studies focus on the adoption of security policies. However, the detailed content of the security policies has not been examined. Our study aims to fill this gap by analyzing the security policies of 679 PyPI Python libraries hosted on GitHub. We examine the characteristics and content of existing policies and investigate the relationship with project characteristics and recommended security practices by comparing security practice assessments between projects with and without established security policies. The result indicates that projects with security.md shows stronger recommended security practices. This study highlights the importance of adopting a clear and comprehensive security policy to enhance the overall security practices of open-source projects. | |
| dc.identifier.citation | Empirical Software Engineering Vol.31 No.3 (2026) | |
| dc.identifier.doi | 10.1007/s10664-025-10794-z | |
| dc.identifier.eissn | 15737616 | |
| dc.identifier.issn | 13823256 | |
| dc.identifier.scopus | 2-s2.0-105029557787 | |
| dc.identifier.uri | https://repository.li.mahidol.ac.th/handle/123456789/115060 | |
| dc.rights.holder | SCOPUS | |
| dc.subject | Computer Science | |
| dc.title | Security by documentation? characterizing GitHub SECURITY.md policy and their adoption in Python libraries | |
| dc.type | Article | |
| mu.datasource.scopus | https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=105029557787&origin=inward | |
| oaire.citation.issue | 3 | |
| oaire.citation.title | Empirical Software Engineering | |
| oaire.citation.volume | 31 | |
| oairecerif.author.affiliation | The University of Osaka | |
| oairecerif.author.affiliation | Mahidol University | |
| oairecerif.author.affiliation | Nara Institute of Science and Technology |