"Protecting Open-Source Software by Analyzing Community Behavior"

The Defense Advanced Research Projects Agency (DARPA) wants to develop a dynamic and continuously updated open-source software (OSS) situational awareness capability to preserve the security of the US Defense Department's OSS supply chain. The SocialCyber program will maintain the integrity and security of an OSS project by providing early warnings about weaknesses. DARPA is looking to develop an overall security assessment of an OSS project's complex cyber-socio-technical ecosystem by gathering data pertaining to the security of a project's architecture, participants' social behaviors, attack surfaces, and security economics. The program will explore hybrid methods that can help analyze source code, communication artifacts in relation to development, and social media activity. The analysis of these factors will help detect and combat malicious cyber-social operations as well as safeguard the security and privacy of the Defense Department's open-source infrastructure. This article continues to discuss the aim of the SocialCyber program. 

GCN reports "Protecting Open-Source Software by Analyzing Community Behavior"