TeamUSEC

Open Source Contributor Security

Nowadays, open source software is well-established and ever-present, and has long found its way into various commercial tools. Due to this, anything that removes or (maliciously) modifies these projects can have a vast and often disastrous impact on the digital world, which has been illustrated by various recent incidents. This includes not only developer choices such as protestware, but also supply-chain-attacks.

Furthermore, open source projects are highly dependent on the security choices of motivated individuals. Other than companies, who have developers under contract and provide security and safety policies, open source projects need to create and maintain policies themselves, or trust their contributors. However, this can majorly influence the security of the overall project.

In this interview study, we are interested in the individual security and safety practices of open source contributors. We aim to speak with developers who are part of popular open source projects, and talk with them about their practices regarding, e. g., device usage, authentication, or data safety.

More details and ways to participate are described on our website.

Researchers

Institutions

CISPA Helmholtz-Center for Information Security
https://www.cispa.de/

Leibniz University Hannover
https://www.uni-hannover.de/en/

Ruhr-Universität Bochum
https://casa.rub.de/