Identifying prototypical trust signals in open-source software libraries: A think aloud study

A huge (and increasing) amount of veracity neutral information is available to online information seekers in today’s digital world. However, knowing which information to trust is difficult for users because of the existence of disinformation. Consequently, understanding which information to trust can have serious security implications for users. As an example, Open-source software (OSS) libraries are a useful resource for both experienced and inexperienced coders. However, the open nature of the OSS libraries allows malicious actors to hide numerous types of harmful code within scripts. This has ramifications for users because malicious code can be difficult to detect. For instance, inexperienced users may not have the know how to detect harmful code. Whereas experienced users may not correctly evaluate the trustworthiness of the code due to time constraints. Consequently, it is important to understand the digital trust signals that are being utilised by users to make credibility judgements about code within OSS libraries. This poster presents research on prototypical digital trust signals using a think aloud methodology. We recruited computer science students from the two UK Universities. Participants were asked to think aloud their credibility judgements, whilst interacting with a prototypical OSS library. The collected data will be analysed to identify prototypical trust signals for OSS users. The potential implications of helping to secure OSS libraries will be discussed.