CS Table 12/4/18: Open Source and Security

This week's discussion topic was suggested by an alumna, who writes:

Recently an NPM package author handed over control of his open source project to a stranger who promised to maintain the package for future users. The stranger added malicious code to the package, which was then downloaded by millions of users. This raises questions about responsibility in the open source world. What responsibilities does the owner of an open source project hold? What responsibilities are up to the user? What can developers do to utilize open source projects in a safe and secure manner?
There are two recommended readings for the CS Table discussion; the first is an account of the recent event we’ll discuss, and the second is a perspective on security and open source from Bruce Schneier, written in 1999.

You may also find these resources helpful or informative as you prepare for our discussion:

Computer science table (CS Table) is a weekly meeting of Grinnell College community members (students, faculty, staff, etc.) interested in discussing topics related to computing and computer science. CS Table meets Tuesdays from 12:00–12:50pm in JRC 224C (inside the Marketplace). Contact the CS faculty for the weekly reading. Students on meal plans, faculty, and staff are expected to cover the cost of their meals. Visitors to the College and students not on meal plans can charge their meals to the department (sign in at the Marketplace front desk).