Do we trust it too much? On the hidden fragility of open-source software

In early 2024, a hidden backdoor in a small piece of open-source software called xz-utils nearly compromised countless computers worldwide. Its source code had been publicly available for years, maintained by a handful of volunteers, and trusted by millions of users. No one noticed the attacker's careful manipulation until it was almost too late.

This incident highlights a deeper problem: we place enormous trust in open-source software simply because it is open. As part of the thirteenth Science in Perspective Talk, Professor Sascha Fahl from the CISPA Helmholtz Centre for Information Security examines why this trust often exceeds what open-source software can guarantee. In his presentation, he highlights how social dynamics, limited resources, and false assumptions make even our most ¡®open¡¯ software surprisingly vulnerable and how we can hopefully increase its trustworthiness.

SiP Talk #13 on 25 November 2025

As part of the Science-In-Perspective (SiP) Talks, researchers from the Department of Humanities, Social and Political Sciences invite their colleagues from other departments to discuss current social issues from an interdisciplinary perspective.

SiP Talk #13 is organised by the ¡°Security, Privacy & Society¡± research group led by Professor Verena Zimmermann and will open with a lecture by Sascha Fahl. Following the lecture titled ¡°Do we trust it too much? On the hidden fragility of open-source software¡±, human-computer interaction expert April Wang (professor in the Department of Computer Science), head of the Secure and Trustworthy Systems group Shweta Shinde (also a professor in the Department of Computer Science) and Sascha Fahl will discuss trust in open-source software.