Anyone interesting in securing repo's or build systems should start with Wheeler's landmark collection on the topic:<p><a href="http://www.dwheeler.com/essays/scm-security.html" rel="nofollow">http://www.dwheeler.com/essays/scm-security.html</a><p>Has basics in English, CompSci work, high-assurance considerations, and some example projects. A bright, security researcher that's very familiar with DVCS's should redo this in light of them with similar recommendations. More like a team of bright researchers but it needs to be done. I'm interested in any papers people already have on this that have similarly-thorough treatment of threat model and proposed mitigations.<p>Once you know builds, you might want to address subversion, design, implementations, covert channels, and other things if you're trying to stop Five Eyes, Russia, or China. That requires "high-assurance" security methods... when it's even possible... Got a small list here to get people started on how deep the issue goes just at high-level and subversion aspects:<p><a href="https://news.ycombinator.com/item?id=10478742" rel="nofollow">https://news.ycombinator.com/item?id=10478742</a>