Enhancing OSS Ecosystem Security through Incentives

behavioral economic incentives to secure l.w
1 / 45
Embed
Share

Explore strategies for bolstering Open Source Software (OSS) security practices through behavioral and economic incentives, featuring expert insights and discussions on incentivizing developers, leveraging external support, and prioritizing security in OSS selection.

  • OSS Security
  • Software Development
  • Behavioral Incentives
  • Economic Incentives
  • Expert Panel
rayaanacharya
forestd Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Behavioral & Economic Incentives to Secure the OSS Ecosystem 2022-08-24 14:30-16:00 ET

  2. Software Development What incentive structures would encourage OSS developers to incorporate better software security practices? Paid Development/Assistance How can we leverage the limited amounts of government, industry, and professional assistance to maximize our overall security posture? Report Recap Informed choice How do we make security a priority in choosing OSS software? 2

  3. Agenda Problem questions from Phoenix Audience Questions Panel Introductions 1 3 5 2 4 6 Status Quo and needed background foundational knowledge from panel s domain. Plan questions from Phoenix Wrap up 3

  4. Feel free to put questions in chat as they occur to you. We will make sure to ask them during the discussion section. Chat is awesome! 4

  5. Panel of Experts 5

  6. Academic Expert Yasemin Acar George Washington University Prof. Acar is an expert in human factors within security and privacy, with a major focus on secure software development. She has performed extensive in-depth studies into security and trust practices within OSS. 6

  7. Python Community Expert Dustin Ingram Python Software Foundation and Google Mr. Ingram is the director of the Python Software Foundation, maintainer of PyPI, which is the canonical software repository for the Python ecosystem with over 350,000 Python packages, and a software engineer on Google s Open Source Security Team. 7

  8. Neuroscientist and Business Expert Uma Karmarkar UCSD Rady School of Management | School of Global Policy and Strategy Prof. Karmarkar combines consumer psychology, behavioral economics and neuroscience to develop theory-driven frameworks about how people use information make consequential decisions. She is an expert in Neuroeconomics, Marketplace Behavior, and Survey Methods. 8

  9. Security of Complex Systems Expert Deborah Shands SRI International Dr. Shands is an expert in security architecture and design for large, mission-critical systems. She models relationships among organizations and system components to simplify authorization and trust management. She is a security technical advisor for U.S. government-funded research and development programs. 9

  10. OSS Supply Chain Expert David Wheeler Linux Foundation Dr. Wheeler is the Director of Open Source Supply Chain Security at the Linux Foundation, and an expert on open source software (OSS) and on developing secure software. 10

  11. The Status Quo 11

  12. You were part of a large study at the Linux foundation on OSS Contributors What did you see as major findings? Who are the important players in the problem? 12

  13. You have PhDs in neuroscience and marketing, with a speciality in consumer behavior. That s a pretty deep background. What do we know about incentives, behavior, and markets? And how does trust apply to something like software? 13

  14. You had a very remarkable paper on how OSS developers learn and apply cybersecurity practices. Can you tell us a little about what you ve learned from those interviews on incentives and behaviors? 14

  15. Actually writing code is actually only one part of the security equation. You ve studied team dynamics. Can you tell us about other types of attacks, and how team dynamics plays a role? 15

  16. You manage one of the largest OSS package managers in the world. How do people choose which OSS packages to install in the Python world? 16

  17. The Problem 17

  18. Who are the we in solving the problem, and what is their interest? (Government? Developer? Industry?) 18

  19. What incentive models do you see today? 19

  20. How would you articulate the problem we should focus on? 20

  21. Where does economics and behavior rank compared to other things we could work on? 21

  22. What is the most important unknown to figure out, and why? 22

  23. What is not the problem in current incentive models? 23

  24. Are there specific examples of things current incentive models are doing wrong? Right? 24

  25. What are the best, worst, and most probable cases for incentives to affect cybersecurity in OSS in the next 5 years? 25

  26. The Plan 26

  27. Using just what is known today, what do you think public policy can address and cannot address? 27

  28. Can you characterize solutions in phases or breaking off pieces of the larger problem? 28

  29. Ive heard grumbling that security investment has increased significantly, but it s unclear what has changed. What are measurements that can be performed to show things are better or worse? 29

  30. What is the minimum we (or specific sectors in public/private) need to do to maximize cybersecurity incentives? Behavioral and/or economical? 30

  31. Audience Questions 31

  32. Parting Thoughts 32

  33. Academic Expert Yasemin Acar George Washington University 33

  34. Python Community Expert Dustin Ingram Python Software Foundation and Google 34

  35. Neuroscientist and Business Expert Uma Karmarkar UCSD School of Business 35

  36. Security of Complex Systems Expert Deborah Shands SRI International 36

  37. OSS Supply Chain Expert David Wheeler Linux Foundation 37

  38. Thanks! 38

  39. Panel! Please use the following pages to put any other thoughts or questions that were not convenient to put in google comments. I will delete these slides before the panel! 39

  40. Academic Expert Yasemin Acar George Washington University 40

  41. Python Community Expert Dustin Ingram Python Software Foundation and Google 41

  42. Neuroscientist and Business Expert Uma Karmarkar UCSD School of Business 42

  43. Security of Complex Systems Expert Deborah Shands SRI International 43

  44. OSS Supply Chain Expert David Wheeler Linux Foundation 44

  45. Did you take my red vines? 45

Related


Updating ERC Panel Structure for 2024 Calls: Rationale and Main Changes

Updating ERC Panel Structure for 2024 Calls: Rationale and Main Changes

neveah
Impact of Pillar Two on Corporate Tax Incentives Post-Pillar Two

Impact of Pillar Two on Corporate Tax Incentives Post-Pillar Two

indie
Investment Incentives in Katsina: Federal and State Offerings

Investment Incentives in Katsina: Federal and State Offerings

zaynab
Investment Incentives in Katsina State for Investors

Investment Incentives in Katsina State for Investors

oisin
Navigating NSF Proposal Submission Process

Navigating NSF Proposal Submission Process

kashton
Compensation and Incentives in the Workplace

Compensation and Incentives in the Workplace

amal
NSF Civic Innovation Challenge - Empowering Community-driven Solutions in Greater Cleveland

NSF Civic Innovation Challenge - Empowering Community-driven Solutions in Greater Cleveland

taytum
Exciting Incentives for Popcorn Sales 2019

Exciting Incentives for Popcorn Sales 2019

xochitl
Student Incentives and Guidelines for Effective Implementation

Student Incentives and Guidelines for Effective Implementation

demi33
Incentives in Organizational Management

Incentives in Organizational Management

mast_ien
NSF Programs Supporting Undergraduate Research Overview

NSF Programs Supporting Undergraduate Research Overview

wcro
Insights from a Season at NSF: Program Director's Perspective

Insights from a Season at NSF: Program Director's Perspective

makenz
NSF Budget Updates and Funding Overview

NSF Budget Updates and Funding Overview

lung766
Incentive Programs and Strategies for Behavioral Change

Incentive Programs and Strategies for Behavioral Change

jir_nor
Practical Application of Incentives and Sanctions for Behavior Change in the Court System

Practical Application of Incentives and Sanctions for Behavior Change in the Court System

adalinn
NSF CAREER Development Program Overview at University of Mississippi

NSF CAREER Development Program Overview at University of Mississippi

blackburn_j
National Science Foundation Directorate for Engineering Overview

National Science Foundation Directorate for Engineering Overview

fabi_3
NSF Rejections in Banner System

NSF Rejections in Banner System

aalee
NSF Atmospheric Chemistry Program Overview

NSF Atmospheric Chemistry Program Overview

rhol
NSF Policy Update: Safe and Inclusive Research Environments for Off-Site Projects

NSF Policy Update: Safe and Inclusive Research Environments for Off-Site Projects

mas_iha
Expert Advice for Building Strong NSF Research Proposals

Expert Advice for Building Strong NSF Research Proposals

mcir
Transforming Towards an Inclusive Green Economy: Economic Instruments Expert Group Meeting in Africa

Transforming Towards an Inclusive Green Economy: Economic Instruments Expert Group Meeting in Africa

laki_ior

More Related Content