Decomposing and Measuring Trust in Open-Source Software Supply Chains
Trust is integral for the successful and secure functioning of software supply chains, making it important to measure the state and evolution of trust in open source communities. However, existing security and supply chain research often studies the concept of trust without a clear definition and relies on obvious and easily available signals like GitHub stars without deeper grounding. In this paper, we explore how to measure trust in open source supply chains with the goal of developing robust measures for trust based on the behaviors of developers in the community. To this end, we contribute a process for decomposing trust in a complex large-scale system into key trust relationships, systematically identifying behavior-based indicators for the components of trust for a given relationship, and in turn operationalizing data-driven metrics for those indicators, allowing for the wide-scale measurement of trust in practice.
Thu 18 AprDisplayed time zone: Lisbon change
14:00 - 15:30 | Human and Social 5Software Engineering in Society / Journal-first Papers / New Ideas and Emerging Results / Software Engineering Education and Training / Research Track at Almada Negreiros Chair(s): Alexander Serebrenik Eindhoven University of Technology | ||
14:00 15mTalk | High Expectations: An Observational Study of Programming and Cannabis Intoxication Research Track Wenxin He University of Michigan, Manasvi Parikh University of Michigan, Westley Weimer University of Michigan, Madeline Endres University of Michgain DOI Pre-print | ||
14:15 15mTalk | Mining Pull Requests to Detect Process Anomalies in Open Source Software Development Research Track Bohan Liu Nanjing University, He Zhang Nanjing University, Weigang Ma Nanjing University, Hongyu Kuang Nanjing University, Yi Yang National University of Defense Technology, Jinwei Xu Nanjing University, Shan Gao Huawei, Jian Gao Huawei | ||
14:30 15mTalk | Video-based Training for Meeting Communication Skills Software Engineering Education and Training Matthias Galster University of Canterbury, Antonija Mitrovic University of Canterbury, Sanna Malinen University of Canterbury, Sreedevi Sankara Iyer University of Canterbury, Ja'afaru Musa University of Canterbury, Jay Holland University of Canterbury | ||
14:45 15mTalk | Impostor Phenomenon in Software Engineers Software Engineering in Society Paloma Guenes Pontifical Catholic University of Rio de Janeiro (PUC-Rio), Rafael Tomaz Pontifical Catholic University of Rio de Janeiro (PUC-Rio), Marcos Kalinowski Pontifical Catholic University of Rio de Janeiro (PUC-Rio), Maria Teresa Baldassarre Department of Computer Science, University of Bari , Margaret-Anne Storey University of Victoria DOI Pre-print Media Attached | ||
15:00 7mTalk | An Empirical Comparison of Ethnic and Gender Diversity of DevOps and non-DevOps Contributions to Open-Source Projects Journal-first Papers Nimmi Rashinika Weeraddana University of Waterloo, Xiaoyan Xu University of Waterloo, Mahmoud Alfadel University of Waterloo, Shane McIntosh University of Waterloo, Mei Nagappan University of Waterloo Link to publication Pre-print | ||
15:07 7mTalk | Understanding Developers Well-Being and Productivity: a 2-year Longitudinal Analysis during the COVID-19 Pandemic Journal-first Papers Daniel Russo Department of Computer Science, Aalborg University, Paul Hanel University of Essex, Niels van Berkel Aalborg University DOI Pre-print | ||
15:14 7mTalk | Decomposing and Measuring Trust in Open-Source Software Supply Chains New Ideas and Emerging Results Lina Boughton The College of Wooster, Courtney Miller Carnegie Mellon University, Yasemin Acar Max Planck Institute for Security and Privacy, Dominik Wermke North Carolina State University, Christian Kästner Carnegie Mellon University | ||