Evaluating Software Supply Chain Security in Research Software
By: Richard Hegewald, Rebecca Beyer
Potential Business Impact:
Makes science software safer from hackers.
The security of research software is essential for ensuring the integrity and reproducibility of scientific results. However, research software security is still largely unexplored. Due to its dependence on open source components and distributed development practices, research software is particularly vulnerable to supply chain attacks. This study analyses 3,248 high-quality, largely peer-reviewed research software repositories using the OpenSSF Scorecard. We find a generally weak security posture with an average score of 3.5/10. Important practices, such as signed releases and branch protection, are rarely implemented. Finally, we present actionable, low-effort recommendations that can help research teams improve software security and mitigate potential threats to scientific integrity.
Similar Papers
An LLM-based Quantitative Framework for Evaluating High-Stealthy Backdoor Risks in OSS Supply Chains
Software Engineering
Finds hidden dangers in shared computer code.
An Empirical Validation of Open Source Repository Stability Metrics
Software Engineering
Measures how stable and healthy open-source software is.
A Comprehensive Study on the Impact of Vulnerable Dependencies on Open-Source Software
Software Engineering
Finds and fixes hidden computer program dangers.