On Thursday, 30 January 2025, I’m giving a talk at Tilburg University on dependency management in R and Python. The slides are available here .
While preparing the slides, I realized how routinely using popular open source libraries such as pytorch or huggingface can introduce vulnerabilities for supply-chain or backdoor attacks. Fortunately, in both examples, the issues were found before by researchers before it was exploited by a malicious actor.
Despite this, I think that security needs more attention in research software development.
And no, closed-source is not better .