This work addresses the security assurance challenges of the open-source PON edge computing platform GENIO by proposing and implementing a “security-by-design” paradigm. We systematically integrate an open-source security toolchain to establish an end-to-end protection framework encompassing OS hardening, CVE vulnerability management, SAST/DAST static and dynamic application security testing, and digital signature verification—validated for the first time in an industrial-grade telecom edge environment. Through empirical evaluation, we identify the effectiveness boundaries and engineering integration bottlenecks of eight mainstream open-source security solutions within real-world PON deployments, distilling a reusable security practice framework and concrete improvement pathways. The study not only confirms the feasibility of deploying open-source security capabilities in telecom edge infrastructure but also fills a critical gap in systematic, production-ready security engineering experience for such environments. It provides both methodological guidance and technical reference for building lightweight, high-assurance edge computing infrastructure.

This paper presents our experience, in the context of an industrial R&D project, on securing GENIO, a platform for edge computing on Passive Optical Network (PON) infrastructures, and based on Open-Source Software (OSS). We identify threats and related mitigations through hardening, vulnerability management, digital signatures, and static and dynamic analysis. In particular, we report lessons learned in applying these mitigations using OSS, and share our findings about the maturity and limitations of these security solutions in an industrial context.