Designing attestations UI: The Security and Safety of OSS package supply chain
MCLD 2002 | Sun 09 Aug 3 p.m.–3:20 p.m.
Presented by
-
Eriol Fox
@https://hachyderm.io/@erioldoesdesign
@https://bsky.ap
https://erioldoesdesign.github.io/
Eriol has been working as a designer for 15+ years working in for-profits and then NGO’s and open-source software organisations, working on complex problems like sustainable food systems, peace-building, censorship circumvention OSS, Human Rights OSS tools and crisis response technology. Eriol now works at The Open Home Foundation on OSS first smart home technology.
Eriol is part of the core teams at Open Source Design (http://opensourcedesign.net/) Sustain UX & Design working group (https://sustainoss.org/working-groups/design-and-ux/) and help hosts podcast about open source and design (https://sosdesign.sustainoss.org/)
Eriol is a non-binary, queer person who uses they/them pronouns.
Eriol was studying a Comp Sci PhD looking at how designers participate in humanitarian and human rights focussed open-source software projects and is looking for a new home for this research.
Eriol Fox
@https://hachyderm.io/@erioldoesdesign
@https://bsky.ap
https://erioldoesdesign.github.io/
Eriol has been working as a designer for 15+ years working in for-profits and then NGO’s and open-source software organisations, working on complex problems like sustainable food systems, peace-building, censorship circumvention OSS, Human Rights OSS tools and crisis response technology. Eriol now works at The Open Home Foundation on OSS first smart home technology.
Eriol is part of the core teams at Open Source Design (http://opensourcedesign.net/) Sustain UX & Design working group (https://sustainoss.org/working-groups/design-and-ux/) and help hosts podcast about open source and design (https://sosdesign.sustainoss.org/)
Eriol is a non-binary, queer person who uses they/them pronouns.
Eriol was studying a Comp Sci PhD looking at how designers participate in humanitarian and human rights focussed open-source software projects and is looking for a new home for this research.
Abstract
After working on a 12+ week project looking at how to express in the varied UI's of three package repositories (npm, pypi and RubyGems) we can now see more clearly what developers, across skill and knowledge levels, use in package repository pages to make a decision on the security of an OSS located on a registry. These decisions are critical for better understanding trust, value, social proof and the knowledge of secure practices across developers and helps answer the question: how much do developers know about the security of their software supply chain?
This talk will cover: 1. The essential user research findings from the project, 2. How user research informed the UI style guide design build 3. What gaps and opportunities are here to continue design in the SBOM, Attestations and securing software repositories topics.
https://github.com/ossf/wg-securing-software-repos/tree/main/docs/attestations-style-guide
After working on a 12+ week project looking at how to express in the varied UI's of three package repositories (npm, pypi and RubyGems) we can now see more clearly what developers, across skill and knowledge levels, use in package repository pages to make a decision on the security of an OSS located on a registry. These decisions are critical for better understanding trust, value, social proof and the knowledge of secure practices across developers and helps answer the question: how much do developers know about the security of their software supply chain?
This talk will cover: 1. The essential user research findings from the project, 2. How user research informed the UI style guide design build 3. What gaps and opportunities are here to continue design in the SBOM, Attestations and securing software repositories topics.
https://github.com/ossf/wg-securing-software-repos/tree/main/docs/attestations-style-guide