10.5281/zenodo.5777646
https://zenodo.org/records/5777646
oai:zenodo.org:5777646
Adams, Andrew
Andrew
Adams
0000-0002-8276-1334
Pittsburgh Supercomputing Center
Avila, Kay
Kay
Avila
0000-0003-1138-0996
National Center for Supercomputing Applications
Heymann, Elisa
Elisa
Heymann
0000-0003-4833-9057
University of Wisconsin-Madison
Krenz , Mark
Mark
Krenz
0000-0002-7750-8318
Indiana University
Lee, Jason R.
Jason R.
Lee
0000-0001-5290-1861
Lawrence Berkeley National Laboratory
Miller, Barton P.
Barton P.
Miller
0000-0002-9435-8315
University of Wisconsin-Madison
Peisert, Sean
Sean
Peisert
0000-0003-3566-9719
Lawrence Berkeley National Laboratory
Guide to Securing Scientific Software
Zenodo
2021
software assurance
secure software
scientific software
software development
Trusted CI
National Science Foundation
NSF Cybersecurity Center of Excellence
2021-12-14
eng
10.5281/zenodo.5777645
https://zenodo.org/communities/trustedci
1.0
Creative Commons Attribution Non Commercial 3.0 Unported
In 2021, Trusted CI is conducting our focused "annual challenge" on the security (sometimes called "assurance") of software used by scientific computing and cyberinfrastructure. The goal of this year-long project, involving seven Trusted CI members, is to broadly improve the robustness of software used in scientific computing with respect to security.
During the first part of the year, Trusted CI interviewed creators of scientific software and released a findings report based on those conversations. Part of that effort focused on identifying gaps in the software security of the projects and analyzing what barriers prevented them from being addressed.
This guide is a direct result of those findings and attempts to begin bridging those gaps by providing concrete advice for anyone involved in developing or managing software for scientific projects.
It is our hope that this effort will help scientific software projects better understand and ameliorate some of the most important gaps in the security of scientific software, and also to help policymakers understand those gaps so they can better understand the need for committing resources to improving the state of scientific software security. Ultimately, we hope that the effort will support scientific discovery itself by shedding light on the risks incurred in creating and using scientific software.
This document is a product of Trusted CI. Trusted CI is supported by the National Science Foundation under Grant #1920430. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.