Abstract
The software ecosystem is a trust-rich part of the world. Collaboratively, software engineers trust major hubs in the ecosystem, such as package managers, repository services, and programming language ecosystems. However, trust entails the assumption of risks. In this paper, we lay out the risks we are taking by blindly trusting these hubs when using information systems. Secondly, we present a vision for a trust-recording mechanism in the software ecosystem that mitigates the presented risks. This vision is realized in TrustSECO: a distributed infrastructure that collects, stores, and discloses trust facts about information systems. If our community manages to implement this mechanism, we can create an urgently needed healthy and secure software ecosystem. Finally, we report on the current status of the project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cadariu, M., Bouwers, E., Visser, J., van Deursen, A.: Tracking known security vulnerabilities in proprietary software systems. In: 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering, pp. 516–519. IEEE (2015)
Cho, J.H., Chan, K., Adali, S.: A survey on trust modeling. ACM Comput. Surv. (CSUR) 48(2), 1–40 (2015)
Farshidi, S., Jansen, S., España, S., Verkleij, J.: Decision support for blockchain platform selection: three industry case studies. IEEE TEM 67, 1109–1128 (2020)
Hassan, S., Filippi, P.D.: Decentralized autonomous organization. Internet Policy Rev. 10(2) (2021). https://doi.org/10.14763/2021.2.1556
Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28, 75–105 (2004)
Howard, H.: Arc: analysis of raft consensus. Tech. rep., University of Cambridge, Computer Laboratory (2014)
Iqbal, M., Matulevičius, R.: Blockchain-based application security risks: a systematic literature review. In: Proper, H., Stirna, J. (eds.) Advanced Information Systems Engineering Workshops. CAiSE 2019. Lecture Notes in Business Information Processing, vol. 349. Springer, Cham. https://doi.org/10.1007/978-3-030-20948-3_16
Jansen, F., Jansen, S., Hou, F.: TrustSECO: an interview survey into software trust. arXiv:2101.06138 (2021)
Jansen, S., Cusumano, M.A., Brinkkemper, S.: Software Ecosystems: Analyzing and Managing Business Networks in the Software Industry. Edward Elgar, Cheltenham (2013)
Larios Vargas, E., Aniche, M., Treude, C., Bruntink, M., Gousios, G.: Selecting third-party libraries: the practitioners’ perspective. In: Proceedings of ESEC/FSE, pp. 245–256 (2020)
Lo, S.K., Xu, X., Staples, M., Yao, L.: Reliability analysis for blockchain oracles. Comput. Electr. Eng. 83, 106582 (2020)
Paulus, S., Mohammadi, N.G., Weyer, T.: Trustworthy software development. In: De Decker, B., Dittmann, J., Kraetzer, C., Vielhauer, C. (eds.) CMS 2013. LNCS, vol. 8099, pp. 233–247. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40779-6_23
Peffers, K., Rothenberger, M., Tuunanen, T., Vaezi, R.: Design science research evaluation. In: Peffers, K., Rothenberger, M., Kuechler, B. (eds.) DESRIST 2012. LNCS, vol. 7286, pp. 398–410. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29863-9_29
Wang, S., Ding, W., Li, J., Yuan, Y., Ouyang, L., Wang, F.Y.: Decentralized autonomous organizations: concept, model, and applications. IEEE Trans. Comput. Soc. Syst. 6(5), 870–878 (2019)
Zhu, M.X., Luo, X.X., Chen, X.H., Wu, D.D.: A non-functional requirements tradeoff model in trustworthy software. Inf. Sci. 191, 61–75 (2012)
Acknowledgements
We thank the TrustSECO team that participated in the Odyssey Momentum Hackathon for their conceptual contributions to this paper. Specifically, we want to thank Tom Peirs, Jozef Siu, Venja Beck, Floris Jansen, and Elena Baninemeh for their inspirational ideas and their code on https://github.com/SecureSECO/TrustSECO. We also thank Swayam Shah for constructive criticism and ideas.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Hou, F., Farshidi, S., Jansen, S. (2021). TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem. In: Polyvyanyy, A., Rinderle-Ma, S. (eds) Advanced Information Systems Engineering Workshops. CAiSE 2021. Lecture Notes in Business Information Processing, vol 423. Springer, Cham. https://doi.org/10.1007/978-3-030-79022-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-79022-6_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-79021-9
Online ISBN: 978-3-030-79022-6
eBook Packages: Computer ScienceComputer Science (R0)