Moderator: Secure Software Development
The goal is that you make your own choice. However, you may, for example, check e-commerce software. See examples from:
https://en.wikipedia.org/wiki/Compariso ... frameworks
You may focus, in your work, on only a set of modules of the software you choose. Your should specify the information in your project proposal, though.
Could you please give me some hints about the size of a suitable open source project (e.g. lines of code or a specific set of modules from the mentioned list)? Thank you.
The size of the software is not an indicator. You will do a threat modeling of the software you select, run a testing/analysis tool, and analyse manually the findings. You are not going to analyze all the source code of the software manually in the context of the project--it takes long time to do so. As a rule of thumb this is should be around few hundreds of line of code for each team member. I evaluate the proposals and would let you know if the project is too big or too small.