2023

  • Courtney Miller, Christian Kästner, and Bogdan Vasilescu, "We Feel Like We’re Winging It:" A Study on Navigating Open-Source Dependency Abandonment, in Proceedings of the European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), Dec. 2023.
    [PDF]
  • William Enck, Yasemin Acar, Michel Cukier, Alexandros Kapravelos, Christian Kästner, and Laurie Williams, S3C2 Summit 2023-06: Government Secure Supply Chain Summit. Aug-2023. arXiv:2308.06850.
    [PDF]
  • Tadayoshi Kohno, Yasemin Acar, and Wulf Loh, Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations, in Proceedings of the USENIX Security Symposium, Aug. 2023. (distinguished paper).
    [PDF]
  • Siddharth Muralee, Igibek Koishybayev, Aleksandr Nahapetyan, Greg Tystahl, Brad Reaves, Antonio Bianchi, William Enck, Alexandros Kapravelos, and Aravind Machiry, ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions, in Proceedings of the USENIX Security Symposium, Aug. 2023.
    [PDF]
  • Alexander Krause, Jan H. Klemmer, Nicolas Huaman, Dominik Wermke, Yasemin Acar, and Sascha Fahl, Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories, in Proceedings of the USENIX Security Symposium, Aug. 2023.
    [PDF]
  • Trevor Dunlap, Yasemin Acar, Michel Cucker, William Enck, Alexandros Kapravelos, Christian Kastner, and Laurie Williams, S3C2 Summit 2023-02: Industry Secure Supply Chain Summit. Jul-2023. arXiv:2307.16557.
    [PDF]
  • Mindy Tran, Yasemin Acar, Michel Cucker, William Enck, Alexandros Kapravelos, Christian Kastner, and Laurie Williams, S3C2 Summit 2022-09: Industry Secure Suppy Chain Summit. Jul-2023. arXiv:2307.15642.
    [PDF]
  • Trevor Dunlap, Seaver Thorn, William Enck, and Bradley Reaves, Finding Fixed Vulnerabilities with Off-the-Shelf Static Analysis, in Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P), Jul. 2023.
  • Marcel Fourné, Dominik Wermke, William Enck, Sascha Fahl, and Yasemin Acar, It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security, in Proceedings of the IEEE Symposium on Security and Privacy (S&P), May 2023.
    [PDF]
  • Dominik Wermke, Jan H. Klemmer, Noah Wöhler, Juliane Schmüser, Harshini Sri Ramulu, Yasemin Acar, and Sascha Fahl, “Always Contribute Back”: A Qualitative Study on Security Challenges of the Open Source Supply Chain, in Proceedings of the IEEE Symposium on Security and Privacy (S&P), May 2023.
    [PDF]