Related papers: Ethical Considerations Towards Protestware

Ethical Considerations Towards Protestware

URL: http://arxiv.org/abs/2306.10019v2
Date: Fri, 5 Jan 2024 01:15:25 GMT
Title: Ethical Considerations Towards Protestware
Authors: Marc Cheong, Raula Gaikovina Kula, Christoph Treude
Abstract summary: A key drawback to using a Open Source third-party library is the risk of introducing malicious attacks. In recently times, these threats have taken a new form, when maintainers turn their Open Source libraries into protestware. This is defined as software containing political messages delivered through these libraries, which can either be malicious or benign.
Score: 11.149764135999437
License: http://creativecommons.org/licenses/by/4.0/
Abstract: A key drawback to using a Open Source third-party library is the risk of introducing malicious attacks. In recently times, these threats have taken a new form, when maintainers turn their Open Source libraries into protestware. This is defined as software containing political messages delivered through these libraries, which can either be malicious or benign. Since developers are willing to freely open-up their software to these libraries, much trust and responsibility are placed on the maintainers to ensure that the library does what it promises to do. Using different frameworks commonly used in AI ethics, we illustrate how an open-source maintainer's decision to protest is influenced by different stakeholders (viz., their membership in the OSS community, their personal views, financial motivations, social status, and moral viewpoints), making protestware a multifaceted and intricate matter.

Related papers

The New Dynamics of Open Source: Relicensing, Forks, & Community Impact [0.0]
Vendors are relicensing popular open source projects to more restrictive licenses in the hopes of generating more revenue. This research compares organizational affiliation data from three case studies based on license changes that resulted in forks. Research indicates that the forks resulting from these relicensing events have more organizational diversity than the original projects.
arXiv Detail & Related papers (2024-11-07T14:21:45Z)
OML: Open, Monetizable, and Loyal AI [39.63122342758896]
We propose OML, which stands for Open, Monetizable, and Loyal AI. OML is an approach designed to democratize AI development. Key innovation of our work is introducing a new scientific field: AI-native cryptography.
arXiv Detail & Related papers (2024-11-01T18:46:03Z)
Probing the Safety Response Boundary of Large Language Models via Unsafe Decoding Path Generation [44.09578786678573]
Large Language Models (LLMs) are implicit troublemakers. LLMs could be used to gather harmful data or launch covert attacks. We name this decoding strategy: Jailbreak Value Decoding (JVD)
arXiv Detail & Related papers (2024-08-20T09:11:21Z)
Compromising Embodied Agents with Contextual Backdoor Attacks [69.71630408822767]
Large language models (LLMs) have transformed the development of embodied intelligence. This paper uncovers a significant backdoor security threat within this process. By poisoning just a few contextual demonstrations, attackers can covertly compromise the contextual environment of a black-box LLM.
arXiv Detail & Related papers (2024-08-06T01:20:12Z)
On the modification and revocation of open source licences [0.14843690728081999]
This paper argues for the creation of a subset of rights that allows open source contributors to force users to update to the most recent version of a model. Legal, reputational and moral risks related to open-sourcing AI models could justify contributors having more control over downstream uses.
arXiv Detail & Related papers (2024-05-29T00:00:25Z)
A Survey of Third-Party Library Security Research in Application Software [3.280510821619164]
With the widespread use of third-party libraries, associated security risks and potential vulnerabilities are increasingly apparent. Malicious attackers can exploit these vulnerabilities to infiltrate systems, execute unauthorized operations, or steal sensitive information. Research on third-party libraries in software becomes paramount to address this growing security challenge.
arXiv Detail & Related papers (2024-04-27T16:35:02Z)
DevPhish: Exploring Social Engineering in Software Supply Chain Attacks on Developers [0.3754193239793766]
adversaries utilize Social Engineering (SocE) techniques specifically aimed at software developers. This paper aims to comprehensively explore the existing and emerging SocE tactics employed by adversaries to trick Software Engineers (SWEs) into delivering malicious software.
arXiv Detail & Related papers (2024-02-28T15:24:43Z)
Are ChatGPT and Other Similar Systems the Modern Lernaean Hydras of AI? [1.3961068233384444]
Generative Artificial Intelligence systems ("AI systems") have created unprecedented social engagement. They allegedly steal the open-source code stored in virtual libraries, known as repositories. This Article focuses on how this happens and whether there is a solution that protects innovation and avoids years of litigation.
arXiv Detail & Related papers (2023-06-15T16:40:30Z)
Analyzing Maintenance Activities of Software Libraries [65.268245109828]
Industrial applications heavily integrate open-source software libraries nowadays. I want to introduce an automatic monitoring approach for industrial applications to identify open-source dependencies that show negative signs regarding their current or future maintenance activities.
arXiv Detail & Related papers (2023-06-09T16:51:25Z)
LibAUC: A Deep Learning Library for X-Risk Optimization [43.32145407575245]
This paper introduces the award-winning deep learning (DL) library called LibAUC. LibAUC implements state-of-the-art algorithms towards optimizing a family of risk functions named X-risks.
arXiv Detail & Related papers (2023-06-05T17:43:46Z)
Code Librarian: A Software Package Recommendation System [65.05559087332347]
We present a recommendation engine called Librarian for open source libraries. A candidate library package is recommended for a given context if: 1) it has been frequently used with the imported libraries in the program; 2) it has similar functionality to the imported libraries in the program; 3) it has similar functionality to the developer's implementation, and 4) it can be used efficiently in the context of the provided code.
arXiv Detail & Related papers (2022-10-11T12:30:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.