TOPIC- VeriOSS: A Blockchain for Open Source Software Verification
The Software Supply Chain (SSC) is a cornerstone of the industrial society on which many other Supply Chains (SCs) depend. The continuous demand/integration of the computing systems into SCs is pushing the development and distribution of software. To cope with this growing request many companies are including open source software (OSS) in their software products. OSS has many advantages, for example, it prevents that the software producer does not acquires a strong bargaining position on the consumer. However, the flip side is that the producer of a OSS has no obligation to maintain, improve or fix her software. All in all, the OSS ranges from small scale projects, with limited or even no security plan, to community projects that release periodic security updates. Such heterogeneity makes it difficult to understand the actual risks when one wants to integrate a OSS in his project. From a methodological point of view, the project aims at answering the following questions: (i) what are the conditions to make the formal verification a valuable asset in the SSC? (ii) can we design a mechanism based on economic rewards that push participant to find and fix bugs in OSS software? (iii) can the blockchain technology be used to implement a decentralized framework for the formal verification of security properties of OSS? From a practical point of view, the project aims at designing and implementing a blockchain service for the security analysis and patching of the OSS, where developers and security analysts cooperate efficiently.
Formal methods, software verification, blockchain, DLT, contract-driven development, mobile code security
no more than 10,000 characters
14 freelancers estão ofertando em média $219 para esse trabalho
Hello. I myself is a research writer since 4 years and written over 20+ published papers for phD and Masters students. Although, i can share my samples and previous work. You can contact me for further discussion.