TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem

Fang Hou, Siamak Farshidi, Slinger Jansen*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

The software ecosystem is a trust-rich part of the world. Collaboratively, software engineers trust major hubs in the ecosystem, such as package managers, repository services, and programming language ecosystems. However, trust entails the assumption of risks. In this paper, we lay out the risks we are taking by blindly trusting these hubs when using information systems. Secondly, we present a vision for a trust-recording mechanism in the software ecosystem that mitigates the presented risks. This vision is realized in TrustSECO: a distributed infrastructure that collects, stores, and discloses trust facts about information systems. If our community manages to implement this mechanism, we can create an urgently needed healthy and secure software ecosystem. Finally, we report on the current status of the project.

Original languageEnglish
Title of host publicationAdvanced Information Systems Engineering Workshops - CAiSE 2021 International Workshops, Proceedings
EditorsArtem Polyvyanyy, Stefanie Rinderle-Ma
PublisherSpringer
Pages121-133
Number of pages13
ISBN (Print)9783030790219
DOIs
Publication statusPublished - 2021
EventInternational Workshops associated with 33rd International Conference on Advanced Information Systems Engineering, CAiSE 2021 - Virtual, Online
Duration: 28 Jun 20212 Jul 2021

Publication series

NameLecture Notes in Business Information Processing
Volume423 LNBIP
ISSN (Print)1865-1348
ISSN (Electronic)1865-1356

Conference

ConferenceInternational Workshops associated with 33rd International Conference on Advanced Information Systems Engineering, CAiSE 2021
CityVirtual, Online
Period28/06/212/07/21

Keywords

  • Distributed ledger
  • Repository mining
  • Software ecosystems
  • Software security
  • Software trust

Fingerprint

Dive into the research topics of 'TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem'. Together they form a unique fingerprint.

Cite this