Understanding Trust and Security Processes in the Open Source Software Ecosystem

Explore the security challenges and trust processes within the open source software ecosystem in this 16-minute conference talk from USENIX Enigma 2023. Delve into the unique security considerations arising from the openness of the ecosystem, including code submissions from unknown entities, limited resources for review, and the need to vet dependencies. Gain insights from interview studies conducted with open source contributors, companies using open source components, package maintainers, and developers creating reproducible software. Learn about the security and trust processes in the open source supply chain, particularly those not immediately visible at the data level. Discover a collaborative approach to open source research through interviews, and obtain practical advice on improving security in the software supply chain by empowering stakeholders such as maintainers and contributors.

USENIX Enigma 2023 - Understanding Trust & Security Processes in the Open Source Software Ecosystem