Open source software plays a crucial role in many software systems, serving as a foundation, glue, or tooling for a significant portion of the software supply chain. However, the open nature of open source projects also presents unique challenges in terms of security and trust.
In this talk, we will explore past and ongoing research that involves stakeholders in the open source ecosystem, including contributors, maintainers, industry experts, and developers of reproducible software. The goal of this line of research is to strengthen the security and trust of the software supply chain by exploring considerations, decisions, and processes not immediately visible in the code itself. To achieve this, we use a combination of code and repository measurements, as well as qualitative methods such as interviews and surveys, to collaborate with the open source community in improving the overall security of the software supply chain.
Short Bio #
Dominik Wermke is a Usable Security & Privacy researcher at CISPA Helmholtz Center for Information Security, a Computer Science PhD student at the Leibniz University Hannover, and a visiting scholar at the GWUSEC lab at George Washington University.
His research enables developers and administrators to deploy secure, privacy-respecting, and trust-worthy software that benefits the security of hundreds of dependent code bases, thousands of real-world deployments, and millions of end users. His research leverages this multiplicative effect by supporting open source maintainers, developers, and system administrators in the shared endeavor towards a more secure and trustworthy software ecosystem.
Wermke’s work has appeared in the top-tier security venues such as IEEE S&P (including a Distinguished Paper Award in 2022), USENIX Security, and ACM CCS, as well as field-specific venues such as SOUPS and ACSAC.