Explore the security challenges and trust processes within the open source software ecosystem in this 16-minute conference talk from USENIX Enigma 2023. Delve into the unique security considerations arising from the openness of the ecosystem, including code submissions from unknown entities, limited resources for review, and the need to vet dependencies. Gain insights from interview studies conducted with open source contributors, companies using open source components, package maintainers, and developers creating reproducible software. Learn about the security and trust processes in the open source supply chain, particularly those not immediately visible at the data level. Discover a collaborative approach to open source research through interviews, and obtain practical advice on improving security in the software supply chain by empowering stakeholders such as maintainers and contributors.
Understanding Trust and Security Processes in the Open Source Software Ecosystem
USENIX Enigma Conference via YouTube
Overview
Syllabus
USENIX Enigma 2023 - Understanding Trust & Security Processes in the Open Source Software Ecosystem
Taught by
USENIX Enigma Conference
Related Courses
-
Securing the Open Source Software Supply Chain
-
Open Source Software Supply Chain Security - Understanding Threats and Best Practices
-
GitHub Supply Chain Security Using GitGat
-
Protecting the World's Greatest Open Source Ecosystem with Sigstore
-
Introduction to Open Source Operating Systems - Bachelor's
-
Securing the Software Supply Chain: From Threats to Best Practices
