Speaker
Description
Open source software (OSS) is popular used and underpins critical infrastructure, which is often defaultly installed or runs transparently without end users consciously recognizing dependencies. Ensuring the security and stability of these OSS components is therefore essential for systemic trust and resilience. Existing methods for evaluating the security of OSS, such as OpenSSF Scorecard, which provide automated, project-based assessments, but such approaches remain coarse-grained and fail to capture nuanced aspects of a project’s developer context.
In this talk, we introduce a novel OSS Security Evaluation Metrics framework that integrates developer‑centered behaviors, community dynamics by combining human‑centric observations, and the help of thriving large language models. The framework yields richer, contextualized insights into OSS security posture. We validate this approach via a comprehensive benchmark across a diverse set of OSS ecosystems, revealing key gaps in current tooling and providing a stronger foundation for trustworthy open‑source ecosystems.
Session author's bio
Jiongchi Yu is a Ph.D. candidate in Computer Science at Singapore Management University. He has published over ten research papers in top-tier academic venues and has served as a program committee member and reviewer for several international conferences and journals. He is also a member of the software testing team at OpenPrinting and has been a speaker at major open-source summits, including Ubuntu Summit 2024. For more details, please visit: https://ttfish.cc
| In Person Attendance | Remote |
|---|---|
| Level of Difficulty | Intermediate |
| Social Media | https://x.com/ttfishfish |
| Please confirm that there are included headshots of all speakers in their profiles | Yes |
| Agree to Privacy Policy and Notice | I agree |