Seminars

In February 2019, the Software Institute started its SI Seminar Series. Every Thursday afternoon, a researcher of the Institute will publicly give a short talk on a software engineering argument of her choice. Examples include, but are not limited to, novel interesting papers, seminal papers, personal research overview, discussion of preliminary research ideas, tutorials, and small experiments.

On our YouTube playlist you can watch some of the past seminars. Below you can find more details on the next seminar, the upcoming seminars, and an archive of the past speakers.

Everyone is welcome to attend the seminars organized by the Software Institute.

Next Speaker: Edoardo Riggio

Date: May 8, 2025 @ 16:30

Location: D0.02

Chair: Alberto Martín López

The SUNBURST Wake-Up Call: Why CI/CD Security Matters Now More Than Ever

Modern CI/CD pipelines have become central in how we automatically build, test, and deliver software. However, such pipeline automatizations have also become prime targets for sophisticated supply chain attacks. The SUNBURST attack on SolarWinds demonstrates how malicious actors can use trusted build systems to distribute tainted updates to thousands of organizations. We will start by dissecting the anatomy of SUNBURST, revealing how the Russian cyber espionage group known as Nobelium managed to successfully execute such a large-scale attack. We will then analyze its fallout, which called for major legislative efforts, such as the US Executive Order 14067 and the EU Cyber Resilience Act. Finally, we will also be introducing the research we are carrying out towards evaluating and securing the software supply chain of CI/CD environments. In particular, we will present Soteria, a tool we developed to automatically detect security misconfigurations in GitHub workflow files.

Biography

Edoardo Riggio is currently a PhD researcher in the DESIGN research group under the supervision of Prof. Cesare Pautasso. He graduated at USI in Informatics and later in Software and Data Engineering. Edoardo’s research focuses on the security of software supply chains in CI/CD environments.

Program

Srdjan Krstic

May 22, 2025

Archive

Nargiz Humbatova - Real Faults in Deep Learning Fault Benchmarks: How Real Are They? (April 17, 2025)
Giuseppe Crupi - Cost-Efficient Software Automation with Cooperative Small Language Models (April 10, 2025)
Joe Gibbs Politz & Robby Findler - Double Talk: (1) Teaching JITs/incremental compilers + (2) Esterel in Racket (April 4, 2025)
Marco Paganoni - Reasoning about Substitutability at the Level of JVM Bytecode (April 3, 2025)
Tommi Mikkonen & Kari Systä - LiquidAI: Orchestrating Cloud-Edge Continuum with Isomorphic Software (March 20, 2025)
Andrea Mocci - Eternal Sunshine of the Spotless Macros (March 13, 2025)
Masoud Jamshidiyan Tehrani - Adversarial Attacks on Deep Learning-Based Perception in Autonomous Vehicles: Designing and Evaluating System-Level Failures (March 6, 2025)
Dominik Winterer - Formal Methods Engineering (FME): Towards More Mature Formal Methods (February 27, 2025)
Angelo Gargantini - A formal approach to software engineering for the Validation and Verification of safety critical systems (January 28, 2025)
Alessio Gambi - Beyond Scenario-based Testing of Single Ego Vehicles (January 27, 2025)
Akshatha Shenoy - Verification of Concurrency Properties for JVM based Programming Languages (December 5, 2024)
Rosalia Tufano - Deep Learning-based Code Reviews: A Paradigm Shift or a Double-Edged Sword? (November 28, 2024)
Gianmarco De Vita - Topographical Deep Learning Testing (November 21, 2024)
Jesper Findahl - From Pandas to Polars: Achieving 50x Speedups and Scaling Beyond Memory Limits (November 14, 2024)
Cesare Pautasso - Unethical Software Engineering in 8 Easy Dark Patterns (November 7, 2024)
Samuele Pasini - Evaluating and Improving the Robustness of Security Attack Detectors Generated by LLMs (October 24, 2024)
Mathieu Nassif - On-Demand Documentation via Code Examples (October 17, 2024)
Luca Chiodini - What Does It Mean To Learn? (October 10, 2024)
Hassan Atwi - Transparent Transaction Ordering in Blockchain-based Collaborative Processes (October 3, 2024)
Jinhan Kim - When Simple is Better than Complex: Coverage and Mutation for DL Testing (September 26, 2024)
Guadalupe Ortiz - Context Aware Collaborative IoT Services in a Smart World (July 22, 2024)
Domenico Bianculli - Signal-based temporal properties for cyber-physical systems: specification, monitoring, and diagnostics (June 13, 2024)
Tahereh Zohdinasab - Exposing and Explaining Misbehaviours of Deep Learning Systems – A Summary (May 23, 2024)
Paolo Falcarin - Software Systems Compliance with the AI Act (May 21, 2024)
Joey Bevilacqua - Assessing the Understanding of Expressions: A Qualitative Study of Notional-Machine-Based Exam Questions (May 16, 2024)
Stefano Campanella - Developers Developers Developers (May 2, 2024)
Alberto Martín López - Neuro-Symbolic AI for Developing, Testing and Consuming Web APIs: An AMBIZIONE Project Proposal (April 25, 2024)
Alessandro Giagnorio - Customizing deep learning models for code completion tasks (April 11, 2024)
Francesco Bresciani - Abusing GitLab CI/CD to build a data engineering pipeline (March 14, 2024)
Andréa Doreste - Adversarial Testing with Reinforcement Learning: A Case Study on Autonomous Driving (March 7, 2024)
Carlo Ghezzi - Rethinking software engineering research and education in the light of digital humanism (February 29, 2024)
Diana Carolina Muñoz Hurtado - Exploring Security Practices in OpenAPIs (December 7, 2023)
Carmen Armenti - Data Sonification - A Survey (November 30, 2023)
Mauricio Aniche - Effective developer testing: lessons I learned over time (November 23, 2023)
Antonio Mastropaolo - Evaluating Code Summarization Techniques: A New Metric and an Empirical Characterization (November 16, 2023)
Michele Lanza - Bibliometrics, the Great Beyond of Science? (November 9, 2023)
Carlo Alberto Furia - Don't Jam the LHC: A causal analysis of Code Jam data (October 26, 2023)
Rosalia Tufano - Code Review Automation: Strengths and Weaknesses of the State of the Art (October 12, 2023)
Agnese Zamboni & Matthias Hauswirth - 'Program Your Own Castle' - Developing a Self-Guided Tutorial for the Hour of Code (October 5, 2023)
Roberto Pietrantuono - Causal reasoning for software quality engineering (June 15, 2023)
Vincenzo Orrei - Contribution-based Firing of Developers? (May 25, 2023)
Patric Genfer - On the Understandability of Security Tactics for Microservice APIs (May 16, 2023)
Marco Paganoni - ByteBack: Deductive Functional Verification of Bytecode programs (May 11, 2023)
Marco Raglianti - Research Code as Infrastructure (RCaI) (May 4, 2023)
Souhaila Serbout - What about Web APIs versioning? (April 27, 2023)
Paolo Tonella - Mind, consciousness and ChatGPT: can ChatGPT impute unobservable mental states to others? (April 6, 2023)
Alberto Bacchelli - Exploring the Dual Nature of Code Review: Implications for Investigative Methods and Tool Development (March 30, 2023)
Gabriele Bavota - On Reviewers' Regrets and Negative Results (March 23, 2023)
Magnus O. Myreen - The CakeML Project: Chasing End-to-End Correctness, Verified Compilation and Applications (March 16, 2023)
Luca Chiodini - Teaching problem decomposition with graphics (March 9, 2023)
Dimi Racordon - The bright future between immutability and aliasing restrictions (March 2, 2023)
Hassan Atwi - Toward Decentralized Process Execution (December 1, 2022)
Sajad Mazraehkhatiri - Testing Drones in Simulation: Let's Be Realistic! (November 24, 2022)
Csaba Nagy - Perils and Pitfalls of the Application-Database Gap (November 17, 2022)
Marco D'Ambros - CodeLounge: a roller-coaster ride (November 10, 2022)
Matteo Biagiola - Reinforcement Learning for Software Testing (November 3, 2022)
Matthias Hauswirth - Pitfalls in Teaching Programming (October 20, 2022)
Davide Paolo Tua - An ECS Primer (October 13, 2022)
Nargiz Humbatova - DeepCrime: Mutation Testing of Deep Learning Systems Based on Real Faults (October 6, 2022)
Mohammad Rezaalipour - FauxPy: A Fault Localization Tool for Python Programs (September 29, 2022)
Crista Lopes - Exercises in Programming Style (September 9, 2022)
Michele Tufano - Unit Test Case Generation with Transformers and Focal Context (June 20, 2022)
Valerie Burgener - React 101 (May 19, 2022)
Diego Venâncio Marcílio - Towards Untangling Java Exceptions (May 12, 2022)
Bin Lin - Academic Job Search: An Experience Report (April 28, 2022)
Michael Weiss - Uncertainty-Wizard: Fast and User-Friendly Neural Network Uncertainty Quantification (April 7, 2022)
Matteo Ciniselli - On automatically generating source code (March 31, 2022)
Aron Fiechter - Creating a Domain Specific Language in Kotlin Using Type-Safe Builders (March 24, 2022)
Emad Aghajani - 5 Years of Research: Lessons Learned (March 17, 2022)
Andrea Stocco - Testing and Evaluation of Autonomous Driving Systems: From Simulated to Real-world Test Environments (March 10, 2022)
Luca Pascarella - Fine-Grained Code Summarization (March 3, 2022)
Alessio Merlo - Mobile Apps: The Dark Side of the Droid (December 6, 2021)
Vincenzo Riccio - Automated Test Input Generation to Check if the Machine Actually Learned (December 2, 2021)
Jesper Findahl - What’s Up With the CodeLoungers?
AKA what are CodeLoungers doing all day (November 25, 2021)
Carlo Alberto Furia - When does correlation imply causation? (November 18, 2021)
Antonio Mastropaolo - Supporting code-related tasks via Deep-Learning (November 11, 2021)
Andrea Gallidabino - Do you understand the code you write? 'I hope the TAs won't look at this!' (November 4, 2021)
Igor Moreno Santos - Towards sound notional machines: a Lambda Calculus crash course (October 28, 2021)
Gunel Jahangirova - Quality Metrics and Oracles for Autonomous Vehicles Testing (October 21, 2021)
Marco Raglianti - Visualizing Discord Servers - definitely not a virtual conference video replay (October 14, 2021)
Anthony Cleve - Analyzing and Supporting the Evolution of Data-Intensive Systems (October 7, 2021)
Bhargav Bhatt - Datalog Synthesis and Repair (September 30, 2021)
Rosalia Tufano - Towards Automating Code Review Activities (May 27, 2021)
Cesare Pautasso - Presentations as Code (May 20, 2021)
Luca Chiodini - A Curated Inventory of Programming Language Misconceptions (May 6, 2021)
Andrea Mocci - How does CodeLounge develop? (April 29, 2021)
Fabio Di Lauro - Towards Large-scale Empirical Assessment of Web APIs Evolution (April 22, 2021)
Michele Lanza - History is not a burden on the (computer) memory but an illumination of the (software engineering researcher's) soul (April 15, 2021)
Tahereh Zohdinasab - Explaining Deep Learning Systems by exploring their feature space (March 25, 2021)
Roberto Minelli - DFlow is dead. Long live Tako! (March 18, 2021)
Souhaila Serbout - Structural Patterns Mining in Web APIs (March 11, 2021)
Paolo Tonella - Deep Learning Testing: problems, solutions and elephants (March 4, 2021)
Gabriele Bavota - On Lessons Learned while Replicating my Own Research (December 10, 2020)
Matthias Hauswirth - Rainfall and LuCE: The Difficulty of Learning to Program (December 3, 2020)
Nargiz Humbatova - Mutation Testing of Deep Learning Systems (November 26, 2020)
Alejandro Mazuera Rozo - Investigating types and survivability of performance bugs in mobile apps (November 19, 2020)
Matteo Biagiola - Testing the plasticity of reinforcement learning based systems (November 12, 2020)
Csaba Nagy - Analyzing SQL Queries Embedded in the Source Code (November 5, 2020)
Mohammad Rezaalipour - Deep Neural Network Bugs and the Challenges of Repairing Them (October 29, 2020)
Luca Pascarella - Augmented Fine-Grained Defect Prediction for Code-Review (October 22, 2020)
Diego Venâncio Marcílio - SpongeBugs: Automatically Fixing Static Analysis Tools Violations (October 15, 2020)
Michael Weiss - Detecting Uncertainty in Deep Learning (February 27, 2020)
Christoph Treude - Uncovering the best parts of software documentation (January 28, 2020)
Bhargav Bhatt - DroidPLUMB: Repairing Resource-Leak bugs with Static Analysis (December 5, 2019)
Jesper Findahl - TypeScript - what is that and why should I care? (November 28, 2019)
Francesco Magagnino - Envisioning the future of the customer interaction (November 21, 2019)
Armin Heinzl - How Pair Programming Influences Team Performance: The Role of backup-behavior, shared mental models, and task novelty (November 7, 2019)
Davide Paolo Tua - Time Evolving Voronoi Treemaps for Metrics Visualization (October 31, 2019)
Bin Lin - Program Comprehension at ICSME 2019 (October 24, 2019)
Ana Ivanchikj - Discovering Imgur API – Controlled Experiment (October 17, 2019)
Marco D'Ambros - Dashboarding your inbox for fun and profit (October 3, 2019)
Emad Aghajani - Software Documentation: How far we've come, and challenges ahead (September 26, 2019)
Andrea Stocco - Black-box Confidence Estimation for Misbehavior Prediction in Autonomous Driving Systems (September 19, 2019)
Jacopo Tagliabue - Less (Data) Is More: Why Small Data Holds the Key to the Future of Artificial Intelligence (June 24, 2019)
David Clark - The Theory of Testing Programs - An Information Theoretic View (June 19, 2019)
Jan Vitek - Getting everything wrong without doing anything right! (June 13, 2019)
Hridesh Rajan - Software as Data (June 12, 2019)
Alejandro Mazuera Rozo - SOFIA: An Automated Security Oracle for Black-Box Testing of SQL-Injection Vulnerabilities (May 23, 2019)
Jevgenija Pantiuchina - On the Naturalness of Buggy Code (May 16, 2019)
Richard Torkar - Why do we encourage even more missingness when having missing data? (May 9, 2019)
Fengcai Wen - Neural-Machine-Translation-Based Commit Message Generation: How Far Are We? (May 2, 2019)
Vincenzo Riccio - A Day in the (Activity) Lifecycle (April 18, 2019)
Luis Mastrangelo - Casting about in the Dark (April 11, 2019)
Gunel Jahangirova - Mutation Testing of Deep Learning Systems (April 4, 2019)
Andrea Mocci - The Tale of 'Quattro Tabelle' (March 28, 2019)
Carlo Alberto Furia - Why You Should Use Bayesian Statistics for Empirical Software Engineering (March 7, 2019)
Csaba Nagy - Beauty and the Beast: True Stories of Evolving Software Systems (February 28, 2019)
Andrea Gallidabino - Liquid Software: Multi-Device Adaptation with Liquid Media Queries (February 21, 2019)

Load more...