all InfoSec news
Trusting code in the wild: A social network-based centrality rating for developers in the Rust ecosystem. (arXiv:2306.00240v1 [cs.SE])
cs.CR updates on arXiv.org arxiv.org
As modern software extensively uses open source packages, developers
regularly pull in new upstream code through frequent updates. While a manual
review of all upstream changes may not be practical, developers may rely on the
authors' and reviewers' identities, among other factors, to decide what level
of review the new code may require. The goal of this study is to help
downstream project developers prioritize review efforts for upstream code by
providing a social network-based centrality rating for the authors …
authors code developers ecosystem identities may network open source open source packages packages review rust social social network software updates upstream