Rethinking Trust in Forge-Based Git Security
Aditya Sirish A Yelgundhalli
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · Github + OSN Security
In the realm of software supply chain security, the integrity of source code stands as a foundational pillar. This talk, delivered by Aditya Sirish A Yelgundhalli, a PhD student at New York University and a leading contributor to projects like in-toto and GitOp, delves into a critical vulnerability inherent in the prevailing centralized trust model of Git-based development. While Git itself is a distributed version control system, the security controls governing code contribution often reside solely within centralized platforms like GitHub, GitLab, and Bitbucket – commonly referred to as "forges." This centralization creates a single point of failure, where a compromise of the forge, an insider threat, or even a software bug can undermine the very policies designed to protect the source code.
AI review
Solid academic research that correctly identifies a real, underappreciated problem — the security controls in Git-based development are centralized on forges while Git itself is distributed — and proposes a technically coherent solution in GitOp. The Reference State Log and threshold-based attestation model are well-reasoned, the threat model is honest, and the Bloomberg pilot gives it real-world grounding. Doesn't quite hit five stars because the artifact evaluation badges substitute for a live demo, the cross-repository scaling story is unfinished, and the core insight (TUF-style…