A group of programmers participate in the development of Open Source Software and its source code is publically made available for review, reporting, fixing bugs and enhancing its functionalities. The Open Source Software, its patches and new releases are made available to users through multiple hosts on the Internet and by distribution on media like on CD’s and DVD’s. A hacker may modify the software and incorporate virus, spyware, adware or other similar routines into it that may lead to manifold of security breaches. It is thus essential to ensure authenticity and integrity of the Open Source Software before compiling and installing it to avoid falling prey to any such possible security breach. This paper discusses methods for attaining authentication and integrity of Open Source Software for the purpose of its distribution.

1. Mohony and Naughton (2004). Open Source Software Monetized: Out of the Bazaar and into Big. The Computer & Internet Lawyer, vol. 21, no. 10, October 2004.
2. Mark Henley and Richard Kemp (2008). Open Source Software: An introduction, Computer Law & Security Report, Vol. 24, no. 1, 2008, pp. 77-85.
3. Free Software Foundation, http://www.fsf.org/.
4. Open Source Initiative, http://www.opensource.org/.
5. The Open Source Definition, http://www.opensource.org/osd.html.
6. John E. Canava, (2001), Fundamentals of Network Security, Artech House, London, ISBN 1-58053-176-8.
7. Subramanya, S.R.; Yi, B.K, (2006). Digital Signatures, Potentials, IEEE vol. 25, no. 2, 2006.
8. SHA, (1995). Federal Information Processing Standards Publication 180-1, available online at: http://www.itl.nist.gov/fipspubs/fip180-1.htm.
9. R. Rivest (1992).The MD5 Message-Digest Algorithm, IETF RFC 1321, available online at: http://www.ietf.org/rfc/rfc1321.txt.
10. RIPE (1995). Integrity Primitives for Secure Information Systems. Final Report of RACE Integrity Primitives Evaluation (RIPE-RACE 1040)," LNCS 1007, Springer-Verlag, 1995.
11. Ross Anderson and Eli Biham (1996). Tiger: A Fast New Hash Function, Fast Software Encryption, Third International Workshop Proceedings, Springer-Verlag, pp. 89—97.
12. FIPS (1996). Digital Signature Standard (DSS), FIPS PUB 186-3, Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899-890, available online at: http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf.
13. RSA (2002). RSA Cryptography Standard, RSA Security Inc, available online at: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf.
14. ANSI X9.62, (199). Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), 1999.
15. CrypTool, http://www.cryptool.org/.

Digital Signature Certificate Digital Signature Privacy Authentication Integrity Non-repudiation Open Source Software OSS