Show simple item record

dc.rights.licenseCC-BY-NC-ND
dc.contributor.advisorJansen, Slinger
dc.contributor.authorTemelko, Angel
dc.date.accessioned2024-01-09T00:00:49Z
dc.date.available2024-01-09T00:00:49Z
dc.date.issued2024
dc.identifier.urihttps://studenttheses.uu.nl/handle/20.500.12932/45788
dc.description.abstractThe landscape of open-source software development is significantly enhanced by tools that enable developers to evaluate the trustworthiness of software packages. A recent initiative in this realm focuses on providing trust assessments for software packages, thereby bolstering the security and reliability of open-source communities. This initiative has led to the creation of a command-line tool, designed to integrate seamlessly with popular package management systems. The tool is particularly innovative in its approach, offering both pre-installation and post-installation analysis, along with policy-based evaluations and comprehensive package research capabilities. Feedback from the interview study involving 20 developers has been predominantly positive, though there are suggestions for improvement regarding the data sources used. This development marks a significant step towards integrating enhanced security measures into everyday open-source software practices.
dc.description.sponsorshipUtrecht University
dc.language.isoEN
dc.subjectWe have generated a tool that will enhance the open source community of npm, to safeguard software engineers while installing thrid-party libraries.
dc.titleIntegrating Trust in the Worldwide Software Ecosystem: A Practical Tool for Enhanced Package Security
dc.type.contentMaster Thesis
dc.rights.accessrightsOpen Access
dc.subject.courseuuComputing Science
dc.thesis.id26909


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record