SecureSECO
What is SecureSECO?
SecureSECO (opens in a new tab) is a cyber security project that seeks to create a safer software ecosystem through the use of distributed ledger technology and empirical software engineering research. The data that is collected and maintained in the ledger can be used to prevent vulnerabilities in a software configuration from being abused by malicious attackers.
The software ecosystem is a trust-rich part of the world. Collaboratively, software engineers put their trust in major hubs in the ecosystem, such as package managers, repository services, and programming language ecosystems. However, there are many parts of the chain in which this trust can be broken.
The aim of SecureSECO is to find software vulnerabilities and propose methods to eliminate them, by collecting and analyzing data on why software is or isn't trustworthy. The project researches, designs and builds prototype systems that use trust data to provide trustworthy, reliable systems for consumers and industry.
Several reasons motivate the need for SecureSECO:
- To enable software engineers to achieve their goals
- To allow software engineers to work with secure software
- To provide a layer of trust under the worldwide software ecosystem
- To enable full provenance of source code to the place where it is used
- To use the data about this provenance to find and warn about software vulnerabilities
SearchSECO
SearchSECO, a project under the umbrella of the SecureSECO initiative, is a catalog of source code methods, focusing on call graphs and dependencies between projects. This information is stored in a database, which supports the identification of vulnerabilities and malware in software code. The database is built by extracting code from Git-based sources (currently only GitHub), parsing it, and storing its abstract representations in the database. The intention is for this project and its database to be built and maintained by the community. However, an incentive is required for people to want to participate in this ecosystem. This is where the SecureSECO DAO comes in.
More on SearchSECO
Learn more about running the SearchSECO miner and how you can earn money doing this.
Find out how to run queries against the SearchSECO database to check if your repository contains known vulnerabilities.