Secure Package Manager / Deian Stefan

Deian Stefan primarily works on building secure systems by employing programming languages and program analysis techniques.  Here is one of several projects Deian, his students, and his collaborators are working on.

We are building a secure package manager that allow developers to
publish and retrieve packages, much like the node package manager (npm). Unlike
existing package managers, SPAM uses a global ledger and social identities to
provide transparency, key continuity, back-door protection, and package
contracts (e.g., to disallow the installation of a package that has a
vulnerable dependency or incompatible license).

Email for more information