Committed to Trust
Dominik Wermke

Slides #

Version presented at IEEE S&P 2022 (Youtube).

Abstract #

Open source projects face unique challenges: code submissions from unknown entities, limited developer-hours for commit or dependency reviews, and bringing new contributors up-to-date in projects’ best practices & processes.

Through the results from a semi-structured interview study with 27 owners, maintainers, and contributors, we will examine their security and trust practices. For this, we explore projects’ incident handling & previously encountered challenges, provided guidance & policies, as well as their trust considerations.

We will see how projects are highly diverse both in deployed security measures and trust processes and discuss implications for the open source software ecosystem and how the research community can better support open source projects in trust and security considerations.

Publication #

Publication Website: Website for the publication this presentation is based on with further information and artifacts:

This presentation is based on the following publication:

Dominik Wermke, Noah Wöhler, Jan H. Klemmer, Marcel Fourné, Yasemin Acar, and Sascha Fahl.
IEEE S&P '22, In Proceedings of the 43rd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 23-26, 2022.
Distinguished Paper Award (4 out of 147 papers)

Static site generated in Hugo with custom theme, deployed on vercel.