Open source projects play a significant role in software production. Most of
the software projects reuse and build upon the existing open source projects
and libraries. While reusing is a time and cost-saving strategy, some of the
key factors are often neglected that create vulnerability in the software
system. We look beyond the static code analysis and dependency chain tracing to
prevent vulnerabilities at the human factors level. The literature lacks a
comprehensive study of the human factors perspective on the issue of trust in
reusing open source projects. We performed an interview-based initial study
with software developers to get an understanding of the trust issue and
limitations among the practitioners. We outline some of the key trust issues in
this paper and lay out the first steps toward the trustworthy reuse of
software.Comment: To appear in Proceedings of 26th ACM International Systems and
Software Product Line Conference - Volume
