John Sadik, Parker Collier, Anthony Roman
There is ongoing research in the USER lab pertaining to the keys users use on github when they sign a commit or authenticate. This research has currently been focused on exploring what kinds of keys exist, their relative strength metrics, and how often they are used.
We want to explore how the type of signing key used correlates with the data being committed. We suspect that the higher strength signing keys will be used for projects that are carried out by large organizations, that might interface with sensitive data, or that generally have complex and intricate functionality. By understanding what ways signing keys are being used, we can then explore the benefits they might bring to the current use-cases and future use-cases.
Our workflow will consist of aggregating previously gathered user data regarding what users are using keys and what key they are using. Then, we will leverage WoC to search for those user’s commits. Taking those commits, we will analyze the signed commit data.