Masters Theses

Date of Award

5-2024

Degree Type

Thesis

Degree Name

Master of Science

Major

Computer Science

Major Professor

Scott I Routi

Committee Members

Doowon Kim, Audris Mockus

Abstract

This thesis analyzes the use and impact of security and signing keys on Github, the foremost public code development platform. These keys are used for developer authentication and code commit signing, but little research has been done on the usage of these keys. We set out to collect every available key associated with a Github user and performed quantitative analysis on the gathered data. Our data was gathered using Github’s publicly available REST and GraphQl API’s. We found that very few users create keys for signing commits, and there are a number of keys on the database that could be considered weak by modern standards. Personal keys for user identification is not widely accepted. A better understanding of how developers interact with these systems is needed to develop software that is both usable and secure.

Comments

This work is based upon research supported by the National Science Foundation under award CNS-2238001.

Files over 3MB may be slow to open. For best results, right-click and select "save as..."

Share

COinS