Trusted CI is pleased to announce the publication of its Guide to Securing Scientific Software (GS3). The GS3 was produced over the course of 2021 by seven Trusted CI members with the goal of broadly improving the robustness of software used in scientific computing with respect to security. GS3 is the result of the 2021 Trusted CI Annual Challenge on Software Assurance and the interviews we conducted with seven prominent scientific software development projects, helping to shape the team’s ideas about the community’s needs in software assurance. The guide can be downloaded here:
Andrew Adams, Kay Avila, Elisa Heymann, Mark Krenz, Jason R. Lee, Barton Miller, and Sean Peisert. “Guide to Securing Scientific Software,” December 2021. DOI:10.5281/zenodo.5777646 https://doi.org/10.5281/zenodo.5777646
Note that this guide follows the publication of the team’s findings report from a few months ago:
Andrew Adams, Kay Avila, Elisa Heymann, Mark Krenz, Jason R. Lee, Barton Miller, and Sean Peisert. “The State of the Scientific Software World: Findings of the 2021 Trusted CI Software Assurance Annual Challenge Interviews,” September 2021. https://hdl.handle.net/2022/26799
It is intended that the GS3 will continue to evolve and be further integrated into Trusted CI’s array of activities, including training and engagements, and so we encourage those interested in the subject of software assurance to continue to watch this blog for more information, and to also feel free to reach out to authors of the GS3 with questions and feedback.
For those interested in hearing more about the GS3, please (virtually) join the Trusted CI webinar focused on the topic of software assurance scheduled for February 28, 2022 at 10am Pacific / 1pm Eastern. https://www.trustedci.org/webinars Register for the webinar.
Finally, Trusted CI gratefully acknowledges the contributions from the following teams to this effort: FABRIC, the Galaxy Project, High Performance SSH/SCP (HPN-SSH) by the Pittsburgh Supercomputing Center (PSC), Open OnDemand by the Ohio Supercomputer Center, Rolling Deck to Repository (R2R) by Columbia University, and the Vera C. Rubin Observatory, as well as to all those who provided feedback on early versions of this guide.
More information on Trusted CI’s work in software assurance can be found at https://www.trustedci.org/software-assurance