{"id":"https://openalex.org/W4288057810","doi":"https://doi.org/10.1109/sp46214.2022.9833686","title":"Committed to Trust: A Qualitative Study on Security &amp; Trust in Open Source Software Projects","display_name":"Committed to Trust: A Qualitative Study on Security &amp; Trust in Open Source Software Projects","publication_year":2022,"publication_date":"2022-05-01","ids":{"openalex":"https://openalex.org/W4288057810","doi":"https://doi.org/10.1109/sp46214.2022.9833686"},"language":"en","primary_location":{"id":"doi:10.1109/sp46214.2022.9833686","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46214.2022.9833686","pdf_url":null,"source":{"id":"https://openalex.org/S4363606603","display_name":"2022 IEEE Symposium on Security and Privacy (SP)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5004650891","display_name":"Dominik Wermke","orcid":"https://orcid.org/0009-0008-2921-1254"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Dominik Wermke","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security,Germany","CISPA Helmholtz Center for Information Security, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security,Germany","institution_ids":["https://openalex.org/I4210128801"]},{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047899337","display_name":"Noah W\u00f6hler","orcid":"https://orcid.org/0000-0002-4172-9565"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Noah W\u00f6hler","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security,Germany","CISPA Helmholtz Center for Information Security, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security,Germany","institution_ids":["https://openalex.org/I4210128801"]},{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037107748","display_name":"Jan H. Klemmer","orcid":"https://orcid.org/0000-0002-6994-7206"},"institutions":[{"id":"https://openalex.org/I114112103","display_name":"Leibniz University Hannover","ror":"https://ror.org/0304hq317","country_code":"DE","type":"education","lineage":["https://openalex.org/I114112103"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Jan H. Klemmer","raw_affiliation_strings":["Leibniz University Hannover,Germany","Leibniz University Hannover, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Leibniz University Hannover,Germany","institution_ids":["https://openalex.org/I114112103"]},{"raw_affiliation_string":"Leibniz University Hannover, Germany","institution_ids":["https://openalex.org/I114112103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018571922","display_name":"Marcel Fourn\u00e9","orcid":"https://orcid.org/0000-0003-4442-0085"},"institutions":[{"id":"https://openalex.org/I4210096592","display_name":"Max Planck Institute for Security and Privacy","ror":"https://ror.org/00bj0r217","country_code":"DE","type":"facility","lineage":["https://openalex.org/I149899117","https://openalex.org/I4210096592"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Marcel Fourn\u00e9","raw_affiliation_strings":["Max Planck Institute for Security and Privacy,Germany","Max Planck Institute for Security and Privacy, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Max Planck Institute for Security and Privacy,Germany","institution_ids":["https://openalex.org/I4210096592"]},{"raw_affiliation_string":"Max Planck Institute for Security and Privacy, Germany","institution_ids":["https://openalex.org/I4210096592"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074668699","display_name":"Yasemin Acar","orcid":"https://orcid.org/0000-0001-7167-7383"},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yasemin Acar","raw_affiliation_strings":["George Washington University,United States","George Washington University, United States"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"George Washington University,United States","institution_ids":["https://openalex.org/I193531525"]},{"raw_affiliation_string":"George Washington University, United States","institution_ids":["https://openalex.org/I193531525"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5087356408","display_name":"Sascha Fahl","orcid":"https://orcid.org/0000-0002-5644-3316"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sascha Fahl","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security,Germany","CISPA Helmholtz Center for Information Security, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security,Germany","institution_ids":["https://openalex.org/I4210128801"]},{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Germany","institution_ids":["https://openalex.org/I4210128801"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":7.8838,"has_fulltext":false,"cited_by_count":36,"citation_normalized_percentile":{"value":0.9845679,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1880","last_page":"1896"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11675","display_name":"Open Source Software Innovations","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1706","display_name":"Computer Science Applications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11675","display_name":"Open Source Software Innovations","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1706","display_name":"Computer Science Applications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9919999837875366,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11704","display_name":"Mobile Crowdsensing and Crowdsourcing","score":0.9641000032424927,"subfield":{"id":"https://openalex.org/subfields/1706","display_name":"Computer Science Applications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/open-source-software","display_name":"Open source software","score":0.6950898766517639},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.6386686563491821},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6016422510147095},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5027587413787842},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.48281392455101013},{"id":"https://openalex.org/keywords/open-source-software-development","display_name":"Open-source software development","score":0.4825298488140106},{"id":"https://openalex.org/keywords/computational-trust","display_name":"Computational trust","score":0.44160526990890503},{"id":"https://openalex.org/keywords/qualitative-research","display_name":"Qualitative research","score":0.41938620805740356},{"id":"https://openalex.org/keywords/sociology","display_name":"Sociology","score":0.14319190382957458},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.13795578479766846},{"id":"https://openalex.org/keywords/social-science","display_name":"Social science","score":0.07073572278022766}],"concepts":[{"id":"https://openalex.org/C2988343187","wikidata":"https://www.wikidata.org/wiki/Q1130645","display_name":"Open source software","level":3,"score":0.6950898766517639},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.6386686563491821},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6016422510147095},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5027587413787842},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.48281392455101013},{"id":"https://openalex.org/C2778642129","wikidata":"https://www.wikidata.org/wiki/Q7096425","display_name":"Open-source software development","level":4,"score":0.4825298488140106},{"id":"https://openalex.org/C160521178","wikidata":"https://www.wikidata.org/wiki/Q5157345","display_name":"Computational trust","level":3,"score":0.44160526990890503},{"id":"https://openalex.org/C190248442","wikidata":"https://www.wikidata.org/wiki/Q839486","display_name":"Qualitative research","level":2,"score":0.41938620805740356},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.14319190382957458},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.13795578479766846},{"id":"https://openalex.org/C36289849","wikidata":"https://www.wikidata.org/wiki/Q34749","display_name":"Social science","level":1,"score":0.07073572278022766},{"id":"https://openalex.org/C48798503","wikidata":"https://www.wikidata.org/wiki/Q877546","display_name":"Reputation","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp46214.2022.9833686","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46214.2022.9833686","pdf_url":null,"source":{"id":"https://openalex.org/S4363606603","display_name":"2022 IEEE Symposium on Security and Privacy (SP)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/17","display_name":"Partnerships for the goals","score":0.4000000059604645}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":105,"referenced_works":["https://openalex.org/W205609712","https://openalex.org/W409344806","https://openalex.org/W606806371","https://openalex.org/W1447429957","https://openalex.org/W1511656335","https://openalex.org/W1966276021","https://openalex.org/W1967042038","https://openalex.org/W1975782063","https://openalex.org/W1979778970","https://openalex.org/W1986222079","https://openalex.org/W2006624349","https://openalex.org/W2018638699","https://openalex.org/W2028486686","https://openalex.org/W2035789063","https://openalex.org/W2062706277","https://openalex.org/W2069268700","https://openalex.org/W2073429012","https://openalex.org/W2098681705","https://openalex.org/W2107294940","https://openalex.org/W2109156518","https://openalex.org/W2121513440","https://openalex.org/W2123829847","https://openalex.org/W2124100711","https://openalex.org/W2128780139","https://openalex.org/W2130743551","https://openalex.org/W2138783984","https://openalex.org/W2139092060","https://openalex.org/W2141168725","https://openalex.org/W2146649871","https://openalex.org/W2150198410","https://openalex.org/W2157071571","https://openalex.org/W2157353183","https://openalex.org/W2166838101","https://openalex.org/W2168248828","https://openalex.org/W2170267084","https://openalex.org/W2186103202","https://openalex.org/W2194432963","https://openalex.org/W2243109068","https://openalex.org/W2292723020","https://openalex.org/W2344018727","https://openalex.org/W2354248936","https://openalex.org/W2368671040","https://openalex.org/W2394834103","https://openalex.org/W2412850938","https://openalex.org/W2506490502","https://openalex.org/W2526528247","https://openalex.org/W2534280618","https://openalex.org/W2557302400","https://openalex.org/W2605726584","https://openalex.org/W2615284185","https://openalex.org/W2646484260","https://openalex.org/W2735173242","https://openalex.org/W2739711672","https://openalex.org/W2740329368","https://openalex.org/W2752073028","https://openalex.org/W2763622888","https://openalex.org/W2766411424","https://openalex.org/W2781981343","https://openalex.org/W2782969241","https://openalex.org/W2783990487","https://openalex.org/W2800968634","https://openalex.org/W2884642766","https://openalex.org/W2903888314","https://openalex.org/W2946567467","https://openalex.org/W2951913189","https://openalex.org/W2953859928","https://openalex.org/W2954101292","https://openalex.org/W2954266827","https://openalex.org/W2964871369","https://openalex.org/W3028407954","https://openalex.org/W3029879311","https://openalex.org/W3032932651","https://openalex.org/W3044927412","https://openalex.org/W3088041916","https://openalex.org/W3090115945","https://openalex.org/W3090256551","https://openalex.org/W3090554539","https://openalex.org/W3097007871","https://openalex.org/W3105037104","https://openalex.org/W3108826526","https://openalex.org/W3140103367","https://openalex.org/W3141872514","https://openalex.org/W3159563414","https://openalex.org/W3160499023","https://openalex.org/W3161052308","https://openalex.org/W3162246821","https://openalex.org/W3208623264","https://openalex.org/W3211341298","https://openalex.org/W4233214837","https://openalex.org/W4251915282","https://openalex.org/W4288057734","https://openalex.org/W4288079288","https://openalex.org/W4288079339","https://openalex.org/W6628602181","https://openalex.org/W6636163719","https://openalex.org/W6697058161","https://openalex.org/W6715480035","https://openalex.org/W6742102062","https://openalex.org/W6743880665","https://openalex.org/W6757216085","https://openalex.org/W6765285382","https://openalex.org/W6766054592","https://openalex.org/W6781159446","https://openalex.org/W6786356917","https://openalex.org/W6803329020"],"related_works":["https://openalex.org/W2154443866","https://openalex.org/W1726218213","https://openalex.org/W653411734","https://openalex.org/W3143664952","https://openalex.org/W2512891830","https://openalex.org/W2105643718","https://openalex.org/W4206640248","https://openalex.org/W2108777707","https://openalex.org/W167327709","https://openalex.org/W4234266637"],"abstract_inverted_index":{"Open":[0],"Source":[1],"Software":[2],"plays":[3],"an":[4],"important":[5],"role":[6],"in":[7,12,40,64,123,160,173,183],"many":[8],"software":[9,22,147],"ecosystems.":[10],"Whether":[11],"operating":[13],"systems,":[14],"network":[15],"stacks,":[16],"or":[17,56],"as":[18,105,107,130,132],"low-level":[19],"system":[20],"drivers,":[21],"we":[23,87,96,140,166],"encounter":[24],"daily":[25],"is":[26],"permeated":[27],"with":[28,74,189],"code":[29,47],"contributions":[30],"from":[31,49,79],"open":[32,38,41,84,145,157,170],"source":[33,42,85,146,158,171],"projects.":[34],"Decentralized":[35],"development":[36],"and":[37,59,77,91,127,149,162,180,193],"collaboration":[39],"projects":[43,118,159,172,188],"introduce":[44],"unique":[45],"challenges:":[46],"submissions":[48],"unknown":[50],"entities,":[51],"limited":[52,194],"personpower":[53],"for":[54,143,168],"commit":[55],"dependency":[57],"reviews,":[58],"bringing":[60],"new":[61],"contributors":[62,78],"up-to-date":[63],"projects\u2019":[65,98],"best":[66],"practices":[67],"&":[68,103,110],"processes.In":[69],"27":[70],"in-depth,":[71],"semi-structured":[72],"interviews":[73],"owners,":[75],"maintainers,":[76],"a":[80],"diverse":[81,121],"set":[82],"of":[83,186],"projects,":[86],"investigate":[88],"their":[89,133,177],"security":[90,125,163],"trust":[92,128,161],"practices.":[93],"For":[94],"this,":[95],"explore":[97],"behind-the-scene":[99],"processes,":[100,129],"provided":[101],"guidance":[102],"policies,":[104],"well":[106,131],"incident":[108],"handling":[109],"encountered":[111],"challenges.":[112],"We":[113],"find":[114],"that":[115,175],"our":[116,138],"participants\u2019":[117],"are":[119],"highly":[120],"both":[122],"deployed":[124],"measures":[126],"underlying":[134],"motivations.":[135],"Based":[136],"on":[137],"findings,":[139],"discuss":[141],"implications":[142],"the":[144,151,184],"ecosystem":[148],"how":[150],"research":[152],"community":[153],"can":[154],"better":[155],"support":[156],"considerations.":[164],"Overall,":[165],"argue":[167],"supporting":[169],"ways":[174],"consider":[176],"individual":[178],"strengths":[179],"limitations,":[181],"especially":[182],"case":[185],"smaller":[187],"low":[190],"contributor":[191],"numbers":[192],"access":[195],"to":[196],"resources.":[197]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":11},{"year":2023,"cited_by_count":11},{"year":2022,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}