🐙 Call for Papers
First-ever #FSE #AIware Joint Competition Track

To participate:

Choose a task 🛻 → conquer it ⚔️ → submit by Feb 26, 2026 📜→ present at #AIware2026 during #FSE in Montreal!

Details: 2026.aiwareconf.org

Software as Fast Fashion Clothes have never been cheaper. These days a t-shirt is often cheaper that a decent cup of tea in a cafe. The wonders of capitalism. At least that is how it is often described. And when you point at ...

"Software is no longer seen as an asset, as something to care for, to maybe even take pride in. It’s a throw-away product. Like a napkin. Just get one quick, wipe your mouth and throw it away. Like a novelty t-shirt."

tante.cc/2026/01/15/s...

And of course amazing food

Some semi recent photos from my visit to Salerno, Napoli and Pompeii for PROFES 2025

Attention software engineering researchers. Submissions for the FSE-AIWare Joint Competition 2026 are open!

'This competition aims to address challenges arising from software ecosystem dependencies by introducing a novel approach: On-Demand Library Generation (ODAI-LIB).'

odai-lib.github.io

"Using a ... dataset of 100 real and 100 fake CVE-IDs, we manually analyzed the credibility ... of [ChatGPT's] outputs. ChatGPT generated plausible security advisories for 96% of given real CVE-IDs and 97% of fake CVE-IDs, demonstrating a limitation in differentiating between real and fake IDs."

Congratulations to intern student Bayu Fedra Abdullah for Student Best Paper award at the 2025 International Conference on Smart Computing, IoT, and Machine Learning (SIML) for our paper "Using LLMs for Security Advisory Investigations: How Far Are We?" ieeexplore.ieee.org/document/110...

The GitHub logo centered among various geometric shapes.

You can't secure what you don't know about. 👀

GitHub's dependency graph can help. ✅ Use it to get a project's entire software supply chain, including both direct and indirect dependencies.

Enable this feature and improve your project's security.👇
github.blog/security/sup...

"For our initial analysis, we look at a sample of heavily-depended upon NPM packages, and identify that such end-of-chain packages make up a significant portion of these critical dependency chain (over 50%)."

"For a long time, the dominant philosophy [within package networks like NPM] has been to ‘reuse as much as possible [...]'. In this vision paper, we investigate packages that challenge the typical concepts of reuse–that is, packages with no dependencies [...]...."

Rethinking Reuse in Dependency Supply Chains: Initial Analysis of NPM packages at the End of the Chain The success of modern software development can be largely attributed to the concept of code reuse, such as the ability to reuse existing functionality via third-party package dependencies, evident wit...

This month I will attend FSE 2025 in Norway to present our vision paper "Rethinking Reuse in Dependency Supply Chains: Initial Analysis of NPM packages at the End of the Chain" at the 2030 SE Workshop. arxiv.org/abs/2503.02804

All @acm.org publications will be 100% Open Access as of January 2026. When we announced this at POPL and CHI this year, conference participants spontaneously erupted in applause. The CS community is excited about ACM's move to OA!

@plago.bsky.social defines software sustainability as follows: “the preservation of the long term and beneficial use of software, and its appropriate evolution, in a context that continuously changes.”

#ICSE2025
@icseconf.bsky.social

'Analyzing a dataset of 2,763 NPM libraries, we found that 39.49% are self-contained. Of these ... 40.42% previously had dependencies that were later removed. This analysis revealed a significant trend of dependency reduction within the NPM ecosystem.'

A Preliminary Study on Self-contained Libraries in the NPM Ecosystem The widespread of libraries within modern software ecosystems creates complex networks of dependencies. These dependencies are fragile to breakage, outdated, or redundancy, potentially leading to casc...

PhD student Pongchai Jaisri's paper 'A Preliminary Study on Self-contained Libraries in the NPM Ecosystem', presented at SERA 2024, has now been published as a chapter in Springer's Studies in Computational Intelligence (SCI). doi.org/10.1007/978-...

Uncle Sam abruptly turns off funding for CVE program. Yes, that CVE program Because vulnerability management has nothing to do with national security, right? US government funding for the world's CVE program – the centralized Common Vulnerabilities and Exposures database of product security flaws – ends Wednesday.…

Uncle Sam abruptly turns off funding for CVE program. Yes, that CVE program

Today I start my new position as Assistant Professor at the Nara Institute of Science and Technology Software Design Lab. 🥳

We found some instances of vulnerabilities being discussed in GitHub issues instead of being disclosed through secure channels. Primarily, these issues were made by users external to the project.

Presented undergrad intern @ NAIST Sushawapak's ERA paper 'On Categorizing Open Source Software Security Vulnerability Reporting Mechanisms on GitHub' at SANER 2025, Montreal, Canada this month. Paper Link: arxiv.org/abs/2502.07395 Slides: brittany-reid.github.io/talks/saner-...