Continuous Integration (CI) significantly reduces integration problems, speeds up
development time, and shortens release time. However, it also introduces new challenges …

Background: Modern software uses many third-party libraries and frameworks as
dependencies. Known vulnerabilities in these dependencies are a potential security risk …

Java (de) serialization is prone to causing security-critical vulnerabilities that attackers can
invoke existing methods (gadgets) on the application's classpath to construct a gadget chain …

Constructing a static call graph requires trade-offs between soundness and precision.
Program analysis techniques for constructing call graphs are unfortunately usually …

The long-standing aspiration for software reuse has made astonishing strides in the past few
years. Many modern software development ecosystems now come with rich sets of publicly …

WebAssembly is a low-level bytecode format that powers applications and libraries running
in browsers, on the server side, and in standalone runtimes. Call graphs are at the core of …

Modern code generation tools use AI models, particularly Large Language Models (LLMs),
to generate functional and complete code. While such tools are becoming popular and …

Serialisation related security vulnerabilities have recently been reported for numerous Java
applications. Since serialisation presents both soundness and precision challenges for static …

Dependency extraction based on static analysis lays the groundwork for a wide range of
applications. However, dynamic language features in Python make code behaviors obscure …

Large-scale code reuse significantly reduces both development costs and time. However,
the massive share of third-party code in software projects poses new challenges, especially …