Calling FOSS developers and maintainers:

The Tufts Security and Privacy Lab, Leibniz
University Hannover, and CISPA Helmholtz-Center for
Information Security are conducting interviews as part
of a study on security for open-source software. Our study focuses on the
processes OSS developers use to investigate what security threats exist,
what to do about these threats, and how these threats/mitigations are
communicated to users and other developers.

Through these interviews, we aim to make security easier and more efficient
for OSS projects. Anyone over the age of 18 who regularly contributes to at
least one OSS project, and has contributed to an OSS project for at least
one year, is eligible --- no security background or experience required.

Interview participants will receive a $40.00 Amazon or Tango gift card for
completing one 60-75 minute interview via Zoom. We will protect the privacy
and confidentiality of any information shared during the interviews to the
utmost of our abilities.

If you might be interested, please fill out this survey to answer some
initial questions. Contact Carson Powers or
Harjot Kaur with any questions about the study, or click here to learn more!

I had the opportunity to participate in an interview last week with Harjut and Carson and wish them success in furthering our collective insights into how we can improve security of our FOSS software projects. It is, in my own expirience, an often thank-less task, but important to do. So any way of making it more popular will help us all in the long run.

Also, as an aside, I look forward meeting some of you at the #37c3 very soon. 😷