Software Institute | The website of the Software Institute, a center of excellence committed to the teaching, the research and the development of software. The SI is part of the Università della Svizzera italiana (USI).

Seminari

Da febbraio 2019, l’Istituto del Software ha iniziato una serie di seminari. Ogni giovedì pomeriggio, un ricercatore dell’Istituto terrà un breve discorso su un argomento di ingegneria del software a sua scelta, come ad esempio articoli interessanti pubblicati di recente, articoli seminali nel proprio campo di ricerca, discussioni su idee preliminari, tutorial e piccoli esperimenti.

Sulla nostra playlist YouTube potete riguardare alcuni dei seminari precedenti. Di seguito trovate ulteriori dettagli sul prossimo seminario, su quelli a venire e un archivio dei relatori precedenti.

Tutti sono invitati a partecipare ai seminari organizzati dall’Istituto del Software.

Prossimo Relatore: Edoardo Riggio

Data: 8 Maggio 2025 @ 16:30
Luogo: D0.02
The SUNBURST Wake-Up Call: Why CI/CD Security Matters Now More Than Ever

Modern CI/CD pipelines have become central in how we automatically build, test, and deliver software. However, such pipeline automatizations have also become prime targets for sophisticated supply chain attacks. The SUNBURST attack on SolarWinds demonstrates how malicious actors can use trusted build systems to distribute tainted updates to thousands of organizations. We will start by dissecting the anatomy of SUNBURST, revealing how the Russian cyber espionage group known as Nobelium managed to successfully execute such a large-scale attack. We will then analyze its fallout, which called for major legislative efforts, such as the US Executive Order 14067 and the EU Cyber Resilience Act. Finally, we will also be introducing the research we are carrying out towards evaluating and securing the software supply chain of CI/CD environments. In particular, we will present Soteria, a tool we developed to automatically detect security misconfigurations in GitHub workflow files.

Biografia

Edoardo Riggio is currently a PhD researcher in the DESIGN research group under the supervision of Prof. Cesare Pautasso. He graduated at USI in Informatics and later in Software and Data Engineering. Edoardo’s research focuses on the security of software supply chains in CI/CD environments.

Programma

  • Srdjan Krstic
    22 Maggio 2025

Archivio

  • Nargiz Humbatova - Real Faults in Deep Learning Fault Benchmarks: How Real Are They? (17 Aprile 2025)
  • Giuseppe Crupi - Cost-Efficient Software Automation with Cooperative Small Language Models (10 Aprile 2025)
  • Joe Gibbs Politz & Robby Findler - Double Talk: (1) Teaching JITs/incremental compilers + (2) Esterel in Racket (4 Aprile 2025)
  • Marco Paganoni - Reasoning about Substitutability at the Level of JVM Bytecode (3 Aprile 2025)
  • Tommi Mikkonen & Kari Systä - LiquidAI: Orchestrating Cloud-Edge Continuum with Isomorphic Software (20 Marzo 2025)
  • Andrea Mocci - Eternal Sunshine of the Spotless Macros (13 Marzo 2025)
  • Masoud Jamshidiyan Tehrani - Adversarial Attacks on Deep Learning-Based Perception in Autonomous Vehicles: Designing and Evaluating System-Level Failures (6 Marzo 2025)
  • Dominik Winterer - Formal Methods Engineering (FME): Towards More Mature Formal Methods (27 Febbraio 2025)
  • Angelo Gargantini - A formal approach to software engineering for the Validation and Verification of safety critical systems (28 Gennaio 2025)
  • Alessio Gambi - Beyond Scenario-based Testing of Single Ego Vehicles (27 Gennaio 2025)
  • Akshatha Shenoy - Verification of Concurrency Properties for JVM based Programming Languages (5 Dicembre 2024)
  • Rosalia Tufano - Deep Learning-based Code Reviews: A Paradigm Shift or a Double-Edged Sword? (28 Novembre 2024)
  • Gianmarco De Vita - Topographical Deep Learning Testing (21 Novembre 2024)
  • Jesper Findahl - From Pandas to Polars: Achieving 50x Speedups and Scaling Beyond Memory Limits (14 Novembre 2024)
  • Cesare Pautasso - Unethical Software Engineering in 8 Easy Dark Patterns (7 Novembre 2024)
  • Samuele Pasini - Evaluating and Improving the Robustness of Security Attack Detectors Generated by LLMs (24 Ottobre 2024)
  • Mathieu Nassif - On-Demand Documentation via Code Examples (17 Ottobre 2024)
  • Luca Chiodini - What Does It Mean To Learn? (10 Ottobre 2024)
  • Hassan Atwi - Transparent Transaction Ordering in Blockchain-based Collaborative Processes (3 Ottobre 2024)
  • Jinhan Kim - When Simple is Better than Complex: Coverage and Mutation for DL Testing (26 Settembre 2024)
  • Guadalupe Ortiz - Context Aware Collaborative IoT Services in a Smart World (22 Luglio 2024)
  • Domenico Bianculli - Signal-based temporal properties for cyber-physical systems: specification, monitoring, and diagnostics (13 Giugno 2024)
  • Tahereh Zohdinasab - Exposing and Explaining Misbehaviours of Deep Learning Systems – A Summary (23 Maggio 2024)
  • Paolo Falcarin - Software Systems Compliance with the AI Act (21 Maggio 2024)
  • Joey Bevilacqua - Assessing the Understanding of Expressions: A Qualitative Study of Notional-Machine-Based Exam Questions (16 Maggio 2024)
  • Stefano Campanella - Developers Developers Developers (2 Maggio 2024)
  • Alberto Martín López - Neuro-Symbolic AI for Developing, Testing and Consuming Web APIs: An AMBIZIONE Project Proposal (25 Aprile 2024)
  • Alessandro Giagnorio - Customizing deep learning models for code completion tasks (11 Aprile 2024)
  • Francesco Bresciani - Abusing GitLab CI/CD to build a data engineering pipeline (14 Marzo 2024)
  • Andréa Doreste - Adversarial Testing with Reinforcement Learning: A Case Study on Autonomous Driving (7 Marzo 2024)
  • Carlo Ghezzi - Rethinking software engineering research and education in the light of digital humanism (29 Febbraio 2024)
  • Diana Carolina Muñoz Hurtado - Exploring Security Practices in OpenAPIs (7 Dicembre 2023)
  • Carmen Armenti - Data Sonification - A Survey (30 Novembre 2023)
  • Mauricio Aniche - Effective developer testing: lessons I learned over time (23 Novembre 2023)
  • Antonio Mastropaolo - Evaluating Code Summarization Techniques: A New Metric and an Empirical Characterization (16 Novembre 2023)
  • Michele Lanza - Bibliometrics, the Great Beyond of Science? (9 Novembre 2023)
  • Carlo Alberto Furia - Don't Jam the LHC: A causal analysis of Code Jam data (26 Ottobre 2023)
  • Rosalia Tufano - Code Review Automation: Strengths and Weaknesses of the State of the Art (12 Ottobre 2023)
  • Agnese Zamboni & Matthias Hauswirth - 'Program Your Own Castle' - Developing a Self-Guided Tutorial for the Hour of Code (5 Ottobre 2023)
  • Roberto Pietrantuono - Causal reasoning for software quality engineering (15 Giugno 2023)
  • Vincenzo Orrei - Contribution-based Firing of Developers? (25 Maggio 2023)
  • Patric Genfer - On the Understandability of Security Tactics for Microservice APIs (16 Maggio 2023)
  • Marco Paganoni - ByteBack: Deductive Functional Verification of Bytecode programs (11 Maggio 2023)
  • Marco Raglianti - Research Code as Infrastructure (RCaI) (4 Maggio 2023)
  • Souhaila Serbout - What about Web APIs versioning? (27 Aprile 2023)
  • Paolo Tonella - Mind, consciousness and ChatGPT: can ChatGPT impute unobservable mental states to others? (6 Aprile 2023)
  • Alberto Bacchelli - Exploring the Dual Nature of Code Review: Implications for Investigative Methods and Tool Development (30 Marzo 2023)
  • Gabriele Bavota - On Reviewers' Regrets and Negative Results (23 Marzo 2023)
  • Magnus O. Myreen - The CakeML Project: Chasing End-to-End Correctness, Verified Compilation and Applications (16 Marzo 2023)
  • Luca Chiodini - Teaching problem decomposition with graphics (9 Marzo 2023)
  • Dimi Racordon - The bright future between immutability and aliasing restrictions (2 Marzo 2023)
  • Hassan Atwi - Toward Decentralized Process Execution (1 Dicembre 2022)
  • Sajad Mazraehkhatiri - Testing Drones in Simulation: Let's Be Realistic! (24 Novembre 2022)
  • Csaba Nagy - Perils and Pitfalls of the Application-Database Gap (17 Novembre 2022)
  • Marco D'Ambros - CodeLounge: a roller-coaster ride (10 Novembre 2022)
  • Matteo Biagiola - Reinforcement Learning for Software Testing (3 Novembre 2022)
  • Matthias Hauswirth - Pitfalls in Teaching Programming (20 Ottobre 2022)
  • Davide Paolo Tua - An ECS Primer (13 Ottobre 2022)
  • Nargiz Humbatova - DeepCrime: Mutation Testing of Deep Learning Systems Based on Real Faults (6 Ottobre 2022)
  • Mohammad Rezaalipour - FauxPy: A Fault Localization Tool for Python Programs (29 Settembre 2022)
  • Crista Lopes - Exercises in Programming Style (9 Settembre 2022)
  • Michele Tufano - Unit Test Case Generation with Transformers and Focal Context (20 Giugno 2022)
  • Valerie Burgener - React 101 (19 Maggio 2022)
  • Diego Venâncio Marcílio - Towards Untangling Java Exceptions (12 Maggio 2022)
  • Bin Lin - Academic Job Search: An Experience Report (28 Aprile 2022)
  • Michael Weiss - Uncertainty-Wizard: Fast and User-Friendly Neural Network Uncertainty Quantification (7 Aprile 2022)
  • Matteo Ciniselli - On automatically generating source code (31 Marzo 2022)
  • Aron Fiechter - Creating a Domain Specific Language in Kotlin Using Type-Safe Builders (24 Marzo 2022)
  • Emad Aghajani - 5 Years of Research: Lessons Learned (17 Marzo 2022)
  • Andrea Stocco - Testing and Evaluation of Autonomous Driving Systems: From Simulated to Real-world Test Environments (10 Marzo 2022)
  • Luca Pascarella - Fine-Grained Code Summarization (3 Marzo 2022)
  • Alessio Merlo - Mobile Apps: The Dark Side of the Droid (6 Dicembre 2021)
  • Vincenzo Riccio - Automated Test Input Generation to Check if the Machine Actually Learned (2 Dicembre 2021)
  • Jesper Findahl - What’s Up With the CodeLoungers?
    AKA what are CodeLoungers doing all day         (25 Novembre 2021)
  • Carlo Alberto Furia - When does correlation imply causation? (18 Novembre 2021)
  • Antonio Mastropaolo - Supporting code-related tasks via Deep-Learning (11 Novembre 2021)
  • Andrea Gallidabino - Do you understand the code you write? 'I hope the TAs won't look at this!' (4 Novembre 2021)
  • Igor Moreno Santos - Towards sound notional machines: a Lambda Calculus crash course (28 Ottobre 2021)
  • Gunel Jahangirova - Quality Metrics and Oracles for Autonomous Vehicles Testing (21 Ottobre 2021)
  • Marco Raglianti - Visualizing Discord Servers - definitely not a virtual conference video replay (14 Ottobre 2021)
  • Anthony Cleve - Analyzing and Supporting the Evolution of Data-Intensive Systems (7 Ottobre 2021)
  • Bhargav Bhatt - Datalog Synthesis and Repair (30 Settembre 2021)
  • Rosalia Tufano - Towards Automating Code Review Activities (27 Maggio 2021)
  • Cesare Pautasso - Presentations as Code (20 Maggio 2021)
  • Luca Chiodini - A Curated Inventory of Programming Language Misconceptions (6 Maggio 2021)
  • Andrea Mocci - How does CodeLounge develop? (29 Aprile 2021)
  • Fabio Di Lauro - Towards Large-scale Empirical Assessment of Web APIs Evolution (22 Aprile 2021)
  • Michele Lanza - History is not a burden on the (computer) memory but an illumination of the (software engineering researcher's) soul (15 Aprile 2021)
  • Tahereh Zohdinasab - Explaining Deep Learning Systems by exploring their feature space (25 Marzo 2021)
  • Roberto Minelli - DFlow is dead. Long live Tako! (18 Marzo 2021)
  • Souhaila Serbout - Structural Patterns Mining in Web APIs (11 Marzo 2021)
  • Paolo Tonella - Deep Learning Testing: problems, solutions and elephants (4 Marzo 2021)
  • Gabriele Bavota - On Lessons Learned while Replicating my Own Research (10 Dicembre 2020)
  • Matthias Hauswirth - Rainfall and LuCE: The Difficulty of Learning to Program (3 Dicembre 2020)
  • Nargiz Humbatova - Mutation Testing of Deep Learning Systems (26 Novembre 2020)
  • Alejandro Mazuera Rozo - Investigating types and survivability of performance bugs in mobile apps (19 Novembre 2020)
  • Matteo Biagiola - Testing the plasticity of reinforcement learning based systems (12 Novembre 2020)
  • Csaba Nagy - Analyzing SQL Queries Embedded in the Source Code (5 Novembre 2020)
  • Mohammad Rezaalipour - Deep Neural Network Bugs and the Challenges of Repairing Them (29 Ottobre 2020)
  • Luca Pascarella - Augmented Fine-Grained Defect Prediction for Code-Review (22 Ottobre 2020)
  • Diego Venâncio Marcílio - SpongeBugs: Automatically Fixing Static Analysis Tools Violations (15 Ottobre 2020)
  • Michael Weiss - Detecting Uncertainty in Deep Learning (27 Febbraio 2020)
  • Christoph Treude - Uncovering the best parts of software documentation (28 Gennaio 2020)
  • Bhargav Bhatt - DroidPLUMB: Repairing Resource-Leak bugs with Static Analysis (5 Dicembre 2019)
  • Jesper Findahl - TypeScript - what is that and why should I care? (28 Novembre 2019)
  • Francesco Magagnino - Envisioning the future of the customer interaction (21 Novembre 2019)
  • Armin Heinzl - How Pair Programming Influences Team Performance: The Role of backup-behavior, shared mental models, and task novelty (7 Novembre 2019)
  • Davide Paolo Tua - Time Evolving Voronoi Treemaps for Metrics Visualization (31 Ottobre 2019)
  • Bin Lin - Program Comprehension at ICSME 2019 (24 Ottobre 2019)
  • Ana Ivanchikj - Discovering Imgur API – Controlled Experiment (17 Ottobre 2019)
  • Marco D'Ambros - Dashboarding your inbox for fun and profit (3 Ottobre 2019)
  • Emad Aghajani - Software Documentation: How far we've come, and challenges ahead (26 Settembre 2019)
  • Andrea Stocco - Black-box Confidence Estimation for Misbehavior Prediction in Autonomous Driving Systems (19 Settembre 2019)
  • Jacopo Tagliabue - Less (Data) Is More: Why Small Data Holds the Key to the Future of Artificial Intelligence (24 Giugno 2019)
  • David Clark - The Theory of Testing Programs - An Information Theoretic View (19 Giugno 2019)
  • Jan Vitek - Getting everything wrong without doing anything right! (13 Giugno 2019)
  • Hridesh Rajan - Software as Data (12 Giugno 2019)
  • Alejandro Mazuera Rozo - SOFIA: An Automated Security Oracle for Black-Box Testing of SQL-Injection Vulnerabilities (23 Maggio 2019)
  • Jevgenija Pantiuchina - On the Naturalness of Buggy Code (16 Maggio 2019)
  • Richard Torkar - Why do we encourage even more missingness when having missing data? (9 Maggio 2019)
  • Fengcai Wen - Neural-Machine-Translation-Based Commit Message Generation: How Far Are We? (2 Maggio 2019)
  • Vincenzo Riccio - A Day in the (Activity) Lifecycle (18 Aprile 2019)
  • Luis Mastrangelo - Casting about in the Dark (11 Aprile 2019)
  • Gunel Jahangirova - Mutation Testing of Deep Learning Systems (4 Aprile 2019)
  • Andrea Mocci - The Tale of 'Quattro Tabelle' (28 Marzo 2019)
  • Carlo Alberto Furia - Why You Should Use Bayesian Statistics for Empirical Software Engineering (7 Marzo 2019)
  • Csaba Nagy - Beauty and the Beast: True Stories of Evolving Software Systems (28 Febbraio 2019)
  • Andrea Gallidabino - Liquid Software: Multi-Device Adaptation with Liquid Media Queries (21 Febbraio 2019)
Carica altri...