TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem

Fang Hou; Siamak Farshidi; Slinger Jansen

doi:10.1007/978-3-030-79022-6_11

TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem

Fang Hou, Siamak Farshidi, Slinger Jansen^*

^*Corresponding author for this work

Sub Software Production

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

Abstract

The software ecosystem is a trust-rich part of the world. Collaboratively, software engineers trust major hubs in the ecosystem, such as package managers, repository services, and programming language ecosystems. However, trust entails the assumption of risks. In this paper, we lay out the risks we are taking by blindly trusting these hubs when using information systems. Secondly, we present a vision for a trust-recording mechanism in the software ecosystem that mitigates the presented risks. This vision is realized in TrustSECO: a distributed infrastructure that collects, stores, and discloses trust facts about information systems. If our community manages to implement this mechanism, we can create an urgently needed healthy and secure software ecosystem. Finally, we report on the current status of the project.

Original language	English
Title of host publication	Advanced Information Systems Engineering Workshops - CAiSE 2021 International Workshops, Proceedings
Editors	Artem Polyvyanyy, Stefanie Rinderle-Ma
Publisher	Springer
Pages	121-133
Number of pages	13
ISBN (Print)	9783030790219
DOIs	https://doi.org/10.1007/978-3-030-79022-6_11
Publication status	Published - 2021
Event	International Workshops associated with 33rd International Conference on Advanced Information Systems Engineering, CAiSE 2021 - Virtual, Online Duration: 28 Jun 2021 → 2 Jul 2021

Publication series

Name	Lecture Notes in Business Information Processing
Volume	423 LNBIP
ISSN (Print)	1865-1348
ISSN (Electronic)	1865-1356

Conference

Conference	International Workshops associated with 33rd International Conference on Advanced Information Systems Engineering, CAiSE 2021
City	Virtual, Online
Period	28/06/21 → 2/07/21

Bibliographical note

Funding Information:
We thank the TrustSECO team that participated in the Odyssey Momentum Hackathon for their conceptual contributions to this paper. Specifically, we want to thank Tom Peirs, Jozef Siu, Venja Beck, Floris Jansen, and Elena Banine-meh for their inspirational ideas and their code on https://github.com/SecureSECO/ TrustSECO. We also thank Swayam Shah for constructive criticism and ideas.

Publisher Copyright:
© 2021, Springer Nature Switzerland AG.

Funding

We thank the TrustSECO team that participated in the Odyssey Momentum Hackathon for their conceptual contributions to this paper. Specifically, we want to thank Tom Peirs, Jozef Siu, Venja Beck, Floris Jansen, and Elena Banine-meh for their inspirational ideas and their code on https://github.com/SecureSECO/ TrustSECO. We also thank Swayam Shah for constructive criticism and ideas.

Keywords

Distributed ledger
Repository mining
Software ecosystems
Software security
Software trust

Access to Document

10.1007/978-3-030-79022-6_11

978-3-030-79022-6_11Final published version, 583 KBLicence: Taverne

Cite this

Hou, F., Farshidi, S., & Jansen, S. (2021). TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem. In A. Polyvyanyy, & S. Rinderle-Ma (Eds.), Advanced Information Systems Engineering Workshops - CAiSE 2021 International Workshops, Proceedings (pp. 121-133). (Lecture Notes in Business Information Processing; Vol. 423 LNBIP). Springer. https://doi.org/10.1007/978-3-030-79022-6_11

Hou, Fang ; Farshidi, Siamak ; Jansen, Slinger. / TrustSECO : A Distributed Infrastructure for Providing Trust in the Software Ecosystem. Advanced Information Systems Engineering Workshops - CAiSE 2021 International Workshops, Proceedings. editor / Artem Polyvyanyy ; Stefanie Rinderle-Ma. Springer, 2021. pp. 121-133 (Lecture Notes in Business Information Processing).

@inproceedings{8475fd59c0c6495c8d3515fff7b6a02a,

title = "TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem",

abstract = "The software ecosystem is a trust-rich part of the world. Collaboratively, software engineers trust major hubs in the ecosystem, such as package managers, repository services, and programming language ecosystems. However, trust entails the assumption of risks. In this paper, we lay out the risks we are taking by blindly trusting these hubs when using information systems. Secondly, we present a vision for a trust-recording mechanism in the software ecosystem that mitigates the presented risks. This vision is realized in TrustSECO: a distributed infrastructure that collects, stores, and discloses trust facts about information systems. If our community manages to implement this mechanism, we can create an urgently needed healthy and secure software ecosystem. Finally, we report on the current status of the project.",

keywords = "Distributed ledger, Repository mining, Software ecosystems, Software security, Software trust",

author = "Fang Hou and Siamak Farshidi and Slinger Jansen",

note = "Funding Information: We thank the TrustSECO team that participated in the Odyssey Momentum Hackathon for their conceptual contributions to this paper. Specifically, we want to thank Tom Peirs, Jozef Siu, Venja Beck, Floris Jansen, and Elena Banine-meh for their inspirational ideas and their code on https://github.com/SecureSECO/ TrustSECO. We also thank Swayam Shah for constructive criticism and ideas. Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; International Workshops associated with 33rd International Conference on Advanced Information Systems Engineering, CAiSE 2021 ; Conference date: 28-06-2021 Through 02-07-2021",

year = "2021",

doi = "10.1007/978-3-030-79022-6_11",

language = "English",

isbn = "9783030790219",

series = "Lecture Notes in Business Information Processing",

publisher = "Springer",

pages = "121--133",

editor = "Artem Polyvyanyy and Stefanie Rinderle-Ma",

booktitle = "Advanced Information Systems Engineering Workshops - CAiSE 2021 International Workshops, Proceedings",

}

Hou, F, Farshidi, S & Jansen, S 2021, TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem. in A Polyvyanyy & S Rinderle-Ma (eds), Advanced Information Systems Engineering Workshops - CAiSE 2021 International Workshops, Proceedings. Lecture Notes in Business Information Processing, vol. 423 LNBIP, Springer, pp. 121-133, International Workshops associated with 33rd International Conference on Advanced Information Systems Engineering, CAiSE 2021, Virtual, Online, 28/06/21. https://doi.org/10.1007/978-3-030-79022-6_11

TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem. / Hou, Fang; Farshidi, Siamak; Jansen, Slinger.
Advanced Information Systems Engineering Workshops - CAiSE 2021 International Workshops, Proceedings. ed. / Artem Polyvyanyy; Stefanie Rinderle-Ma. Springer, 2021. p. 121-133 (Lecture Notes in Business Information Processing; Vol. 423 LNBIP).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - TrustSECO

T2 - International Workshops associated with 33rd International Conference on Advanced Information Systems Engineering, CAiSE 2021

AU - Hou, Fang

AU - Farshidi, Siamak

AU - Jansen, Slinger

N1 - Funding Information: We thank the TrustSECO team that participated in the Odyssey Momentum Hackathon for their conceptual contributions to this paper. Specifically, we want to thank Tom Peirs, Jozef Siu, Venja Beck, Floris Jansen, and Elena Banine-meh for their inspirational ideas and their code on https://github.com/SecureSECO/ TrustSECO. We also thank Swayam Shah for constructive criticism and ideas. Publisher Copyright: © 2021, Springer Nature Switzerland AG.

PY - 2021

Y1 - 2021

N2 - The software ecosystem is a trust-rich part of the world. Collaboratively, software engineers trust major hubs in the ecosystem, such as package managers, repository services, and programming language ecosystems. However, trust entails the assumption of risks. In this paper, we lay out the risks we are taking by blindly trusting these hubs when using information systems. Secondly, we present a vision for a trust-recording mechanism in the software ecosystem that mitigates the presented risks. This vision is realized in TrustSECO: a distributed infrastructure that collects, stores, and discloses trust facts about information systems. If our community manages to implement this mechanism, we can create an urgently needed healthy and secure software ecosystem. Finally, we report on the current status of the project.

AB - The software ecosystem is a trust-rich part of the world. Collaboratively, software engineers trust major hubs in the ecosystem, such as package managers, repository services, and programming language ecosystems. However, trust entails the assumption of risks. In this paper, we lay out the risks we are taking by blindly trusting these hubs when using information systems. Secondly, we present a vision for a trust-recording mechanism in the software ecosystem that mitigates the presented risks. This vision is realized in TrustSECO: a distributed infrastructure that collects, stores, and discloses trust facts about information systems. If our community manages to implement this mechanism, we can create an urgently needed healthy and secure software ecosystem. Finally, we report on the current status of the project.

KW - Distributed ledger

KW - Repository mining

KW - Software ecosystems

KW - Software security

KW - Software trust

UR - http://www.scopus.com/inward/record.url?scp=85111307668&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-79022-6_11

DO - 10.1007/978-3-030-79022-6_11

M3 - Conference contribution

AN - SCOPUS:85111307668

SN - 9783030790219

T3 - Lecture Notes in Business Information Processing

SP - 121

EP - 133

BT - Advanced Information Systems Engineering Workshops - CAiSE 2021 International Workshops, Proceedings

A2 - Polyvyanyy, Artem

A2 - Rinderle-Ma, Stefanie

PB - Springer

Y2 - 28 June 2021 through 2 July 2021

ER -

Hou F, Farshidi S, Jansen S. TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem. In Polyvyanyy A, Rinderle-Ma S, editors, Advanced Information Systems Engineering Workshops - CAiSE 2021 International Workshops, Proceedings. Springer. 2021. p. 121-133. (Lecture Notes in Business Information Processing). doi: 10.1007/978-3-030-79022-6_11

TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem

Abstract

Publication series

Conference

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this