TrustSECO: An Interview Survey into Software Trust
This research addresses the problem of understanding trust in software ecosystems for software engineers, but it is incremental as it builds on existing literature with new empirical insights.
The study investigated how software engineers perceive trust in their daily work through twelve interviews, finding that they distinguish between adoption and trust factors, prioritize organizational over technical factors, and require varied views on trust rather than a unified perception.
The software ecosystem is a trust-rich part of the world. Collaboratively, software engineers trust major hubs in the ecosystem, such as package managers, repository services, and programming language ecosystems. This trust, however, is often broken by vulnerabilities, ransomware, and abuse from malignant actors. But what is trust? In this paper we explore, through twelve in-depth interviews with software engineers, how they perceive trust in their daily work. From the interviews we conclude three things. First, software engineers make a distinction between an adoption factor and a trust factor when selecting a package. Secondly, while in literature mostly technical factors are considered as the main trust factors, the software engineers in this study conclude that organizational factors are more important. Finally, we find that different kinds of software engineers require different views on trust, and that it is impossible to create one unified perception of trust. Keywords: software ecosystem trust, empirical software engineering, TrustSECO, external software adoption, cross-sectional exploratory interview analysis, trust perception.