Skip to main content
SpringerLink
Log in

TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem

  • Conference paper
  • First Online:
Advanced Information Systems Engineering Workshops (CAiSE 2021)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 423))

Included in the following conference series:

Abstract

The software ecosystem is a trust-rich part of the world. Collaboratively, software engineers trust major hubs in the ecosystem, such as package managers, repository services, and programming language ecosystems. However, trust entails the assumption of risks. In this paper, we lay out the risks we are taking by blindly trusting these hubs when using information systems. Secondly, we present a vision for a trust-recording mechanism in the software ecosystem that mitigates the presented risks. This vision is realized in TrustSECO: a distributed infrastructure that collects, stores, and discloses trust facts about information systems. If our community manages to implement this mechanism, we can create an urgently needed healthy and secure software ecosystem. Finally, we report on the current status of the project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://secureseco.org/secureseco-introduction/trustseco/.

  2. 2.

    https://reproducible-builds.org/.

  3. 3.

    https://github.com/SecureSECO/TrustSECO.

  4. 4.

    https://daocanvas.webflow.io/.

References

  1. Cadariu, M., Bouwers, E., Visser, J., van Deursen, A.: Tracking known security vulnerabilities in proprietary software systems. In: 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering, pp. 516–519. IEEE (2015)

    Google Scholar 

  2. Cho, J.H., Chan, K., Adali, S.: A survey on trust modeling. ACM Comput. Surv. (CSUR) 48(2), 1–40 (2015)

    Article  Google Scholar 

  3. Farshidi, S., Jansen, S., España, S., Verkleij, J.: Decision support for blockchain platform selection: three industry case studies. IEEE TEM 67, 1109–1128 (2020)

    Google Scholar 

  4. Hassan, S., Filippi, P.D.: Decentralized autonomous organization. Internet Policy Rev. 10(2) (2021). https://doi.org/10.14763/2021.2.1556

  5. Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28, 75–105 (2004)

    Article  Google Scholar 

  6. Howard, H.: Arc: analysis of raft consensus. Tech. rep., University of Cambridge, Computer Laboratory (2014)

    Google Scholar 

  7. Iqbal, M., Matulevičius, R.: Blockchain-based application security risks: a systematic literature review. In: Proper, H., Stirna, J. (eds.) Advanced Information Systems Engineering Workshops. CAiSE 2019. Lecture Notes in Business Information Processing, vol. 349. Springer, Cham. https://doi.org/10.1007/978-3-030-20948-3_16

  8. Jansen, F., Jansen, S., Hou, F.: TrustSECO: an interview survey into software trust. arXiv:2101.06138 (2021)

  9. Jansen, S., Cusumano, M.A., Brinkkemper, S.: Software Ecosystems: Analyzing and Managing Business Networks in the Software Industry. Edward Elgar, Cheltenham (2013)

    Book  Google Scholar 

  10. Larios Vargas, E., Aniche, M., Treude, C., Bruntink, M., Gousios, G.: Selecting third-party libraries: the practitioners’ perspective. In: Proceedings of ESEC/FSE, pp. 245–256 (2020)

    Google Scholar 

  11. Lo, S.K., Xu, X., Staples, M., Yao, L.: Reliability analysis for blockchain oracles. Comput. Electr. Eng. 83, 106582 (2020)

    Article  Google Scholar 

  12. Paulus, S., Mohammadi, N.G., Weyer, T.: Trustworthy software development. In: De Decker, B., Dittmann, J., Kraetzer, C., Vielhauer, C. (eds.) CMS 2013. LNCS, vol. 8099, pp. 233–247. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40779-6_23

    Chapter  Google Scholar 

  13. Peffers, K., Rothenberger, M., Tuunanen, T., Vaezi, R.: Design science research evaluation. In: Peffers, K., Rothenberger, M., Kuechler, B. (eds.) DESRIST 2012. LNCS, vol. 7286, pp. 398–410. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29863-9_29

    Chapter  Google Scholar 

  14. Wang, S., Ding, W., Li, J., Yuan, Y., Ouyang, L., Wang, F.Y.: Decentralized autonomous organizations: concept, model, and applications. IEEE Trans. Comput. Soc. Syst. 6(5), 870–878 (2019)

    Article  Google Scholar 

  15. Zhu, M.X., Luo, X.X., Chen, X.H., Wu, D.D.: A non-functional requirements tradeoff model in trustworthy software. Inf. Sci. 191, 61–75 (2012)

    Article  Google Scholar 

Download references

Acknowledgements

We thank the TrustSECO team that participated in the Odyssey Momentum Hackathon for their conceptual contributions to this paper. Specifically, we want to thank Tom Peirs, Jozef Siu, Venja Beck, Floris Jansen, and Elena Baninemeh for their inspirational ideas and their code on https://github.com/SecureSECO/TrustSECO. We also thank Swayam Shah for constructive criticism and ideas.

Author information

Authors and Affiliations

  1. Utrecht University, Utrecht, The Netherlands

    Fang Hou & Slinger Jansen

  2. University of Amsterdam, Amsterdam, The Netherlands

    Siamak Farshidi

  3. Lappeenranta University of Technoly, Lappeenranta, Finland

    Slinger Jansen

Authors
  1. Fang Hou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Siamak Farshidi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Slinger Jansen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Slinger Jansen .

Editor information

Editors and Affiliations

  1. The University of Melbourne, Carlton, VIC, Australia

    Artem Polyvyanyy

  2. Technical University of Munich, Garching, Germany

    Stefanie Rinderle-Ma

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hou, F., Farshidi, S., Jansen, S. (2021). TrustSECO: A Distributed Infrastructure for Providing Trust in the Software Ecosystem. In: Polyvyanyy, A., Rinderle-Ma, S. (eds) Advanced Information Systems Engineering Workshops. CAiSE 2021. Lecture Notes in Business Information Processing, vol 423. Springer, Cham. https://doi.org/10.1007/978-3-030-79022-6_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-79022-6_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-79021-9

  • Online ISBN: 978-3-030-79022-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation