Security Perspective of Open-Source Serverless Platforms: An Empirical Investigation

Abstract

Serverless architecture has gained significant traction due to its scal- ability, cost efficiency, and reduced operational overhead. However, despite its advantages, serverless architectures introduce unique security issues that developers encounter when developing applica- tions with open-source serverless platforms. While prior research has explored security concerns in proprietary serverless platforms, there is limited empirical analysis of security issues in open-source serverless platforms based on real-world developer discussions. This study systematically examines 88 security-related issues from GitHub repositories of 10 open-source serverless platforms to iden- tify common security issues, their underlying causes, and potential solutions. Our findings reveal that certificate & encryption, permis- sions & role management, and security & authentication are the most frequently reported issues in the developers’ discussion. The primary causes of these issues include misconfigurations, inade- quate access controls, and dependency-related failures. To address these issues, we identified mitigation strategies such as enhanced security configurations, improved IAM policies, and automated certificate management. The study offers valuable insights for both researchers and practitioners by providing an empirical foundation for improving security practices when developing applications with these open-source serverless platforms.