Authentication in public open-source repositories

This project focused on user authentication in public repositories containing open-source projects, which may then be used by commercial companies (e.g., Red Hat) as a source for their internally maintained repositories.

The aim was to identify if users take advantage of more secure authentication methods in these projects to mitigate common risks and what key users (contributors) perceive as the benefits of more secure authentication. A mapping of the methods these platforms provide to their users and which methods are used was also included. These goals were achieved via quantitative surveys with open-source contributors.

Two studies were conducted. The main output from the first survey was the contributors’ perception of authentication methods (predominantly positive) and self-reported authentication behavior (primarily using 2FA on an open-source platform). The second study found that participants perceived 2FA as similarly important to other security measures (e.g., reporting security vulnerabilities). The 2FA usage of the project owner was perceived as one of the most important mechanisms.

Results are described in a Red Hat Research Quarterly article and two conference articles (see the Publications section for more details).

Status

Research Area(s)

Project Resources

RIG(s)

Affiliations