TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem.

Fang Hou, Siamak Farshidi, Slinger Jansen: TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem.. 2021.

Abstract

The software ecosystem is a trust-rich part of the world. Collaboratively, software engineers trust major hubs in the ecosystem, such as package managers, repository services, and programming language ecosystems. However, trust entails the assumption of risks. In this paper, we lay out the risks we are taking by blindly trusting these hubs when using information systems. Secondly, we present a vision for a trust-recording mechanism in the software ecosystem that mitigates the presented risks. This vision is realized in TrustSECO: a distributed infrastructure that collects, stores, and discloses trust facts about information systems. If our community manages to implement this mechanism, we can create an urgently needed healthy and secure software ecosystem. Finally, we report on the current status of the project.

BibTeX (Download)

@workshop{nokey,
title = {TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem.},
author = {Fang Hou and Siamak Farshidi and Slinger Jansen},
url = {https://secureseco.org/wp-content/uploads/2022/02/TrustSECO_Intro___BC4IS-draft.pdf},
year  = {2021},
date = {2021-01-01},
urldate = {2021-01-01},
abstract = {The software ecosystem is a trust-rich part of the world. Collaboratively, software engineers trust major hubs in the ecosystem, such as package managers, repository services, and programming language ecosystems. However, trust entails the assumption of risks. In this paper, we lay out the risks we are taking by blindly trusting these hubs when using information systems. Secondly, we present a vision for a trust-recording mechanism in the software ecosystem that mitigates the presented risks. This vision is realized in TrustSECO: a distributed infrastructure that collects, stores, and discloses trust facts about information systems. If our community manages to implement this mechanism, we can create an urgently needed healthy and secure software ecosystem. Finally, we report on the current status of the project.},
howpublished = {Proceedings of the Workshop on Blockchain for Information Systems Workshop},
keywords = {trustSECO},
pubstate = {published},
tppubtype = {workshop}
}