In August we received the visit of Prof. Dr. José Alexandre D’Abruzzo Pereira, from the University of Coimbra. His research interests include security and vulnerability detection, static code analysis, software project management, databases, software quality, cloud computing, and self-adaptive systems.

Lecture information:

Title: “Software Security Characterization through Static Data Analysis – Results and Future Research Direction”

Abstract:

Modern enterprises rely on software systems to run their business: financial, healthcare, government, and e-commerce, among many others. However, many systems are deployed with vulnerabilities caused by a design flaw or an implementation bug. The malicious exploitation of those security vulnerabilities may lead to various problems with financial or legal implications. Static Code Analysis (SCA) is a vulnerability detection technique that reports potential problems (alerts) without requiring the execution of the code. This is done through the use of Static Analysis Tools (SATs). However, such tools are frequently too expensive for most organizations, and they either report many false positives or false negatives. Consequently, developers are required to spend a considerable amount of time analyzing the reported cases without being sure that all vulnerabilities have been detected. 

In this talk, I will present techniques to characterize of software code units (e.g., functions) from a security vulnerability perspective, making use of static data from the source code. The used dataset contains vulnerabilities from five open-source C/C++ projects (Linux Kernel, Mozilla, Xen, Apache httpd, and glibc), and static data (Software Metrics (SMs) and alerts from SATs) extracted from the vulnerable and neutral versions of the code. Vulnerabilities are organized into categories, devised based on the improper or lack of use of the OWASP best practices. Additionally, I will present the future research direction using static data to characterize software code units.

Short Bio:

José D’Abruzzo Pereira holds a Ph.D. in Informatics Engineering from the University of Coimbra (UC), is currently an Invited Assistant Professor at the University of Coimbra, and a member of the Software and System Engineering (SSE) group at CISUC. His research interests include security and vulnerability detection, static code analysis, software project management, databases, software quality, cloud computing, and self-adaptive systems. He received a MSc in Information Technology and Software Engineering from the University of Coimbra and Carnegie Mellon University and a B.Sc. in Computer Science from the State University of Campinas – Brazil (Unicamp). He is also acting as a professor in the Specialization in Software Engineering at the State University of Campinas – Brazil (Unicamp).

SBQS – XXII Simpósio Brasileiro de Qualidade de Software

Laser had the privilege of having two works accepted at the SBQS conference hosted by the University of Brasília (UNB) on November 23rd. 

Technical track 

Sara das Mercês, a doctoral student, present one paper entitled "A Case Study on Data Science Processes in an Academia-Industry Collaboration".


WTDQS - XXI WORKSHOP DE TESES E DISSERTAÇÕES EM QUALIDADE DE SOFTWARE

Milene Rigolin, a doctoral student, present online his work entitled "Ethical issues in continuous experimentation".

Sara das Mercês at conference

CIbSE – Iberoamerican Conference on Software Engine.

Participation of Professor Breno de França at CIbSe in Montevideo as program chair in May/23.

As a great collaborative effort involving several software engineering researchers, Prof. Paul Ralph (Dalhousie University) organized this ACM SIGSOFT Paper and Peer Review Quality Initiative to define empirical standards for research methods commonly used in software engineering.

The idea is to have the empirical standards as living documents, which should be continuously revised to reflect evolving consensus around research best practices, promoting research quality, and making peer review more effective, reliable, transparent, and fair.

Prof. Breno de França (LASER/IC-UNICAMP) contributed with the standards on quantitative simulation together with Prof. Nauman Bin Ali (BTH/Sweden) and Prof. Dietmar Pfahl (University of Tartu/Estonia).

Other contributions include standards for controlled experiments, case studies, surveys, and others.

Link for the report explaining the motivation and methodology for generating the standards: https://arxiv.org/abs/2010.03525

Github repo with the standards: https://github.com/acmsigsoft/EmpiricalStandards

We are glad to announce the most complete book on Empirical Software Engineering has been recently launched in printed and electronic formats.

So far, it has received very positive feedback on the book from the software engineering community. And, it will be presented in this year’s International Software Engineering Research Network (ISERN) meeting.

The book includes several chapters on topics like design science, research synthesis, open science, experiments, and gray literature. These are contributions of international researchers dedicated to investigating how to improve research in software engineering.

Breno (LASER member) contributes with a chapter on the role of simulation-based studies in software engineering research, in collaboration with Nauman Bin Ali from the Blekinge Institute of Technology (Sweden).

Take a look and enjoy!