Open source projects face unique challenges: code submissions from unknown entities, limited developer-hours for commit or dependency reviews, and bringing new contributors up-to-date in projects’ best practices & processes.
Through the results from a semi-structured interview study with 27 owners, maintainers, and contributors, we will examine their security and trust practices. For this, we explore projects’ incident handling & previously encountered challenges, provided guidance & policies, as well as their trust considerations.
We will see how projects are highly diverse both in deployed security measures and trust processes and discuss implications for the open source software ecosystem and how the research community can better support open source projects in trust and security considerations.
Publication Website: Website for the publication this presentation is based on with further information and artifacts: https://publications.teamusec.de/2022-oakland-sec-oss/
This presentation is based on the following publication: