Seminars
In February 2019, the Software Institute started its SI Seminar Series. Every Thursday afternoon, a researcher of the Institute will publicly give a short talk on a software engineering argument of her choice. Examples include, but are not limited to, novel interesting papers, seminal papers, personal research overview, discussion of preliminary research ideas, tutorials, and small experiments.
On our YouTube playlist you can watch some of the past seminars. Below you can find more details on the next seminar, the upcoming seminars, and an archive of the past speakers.
Everyone is welcome to attend the seminars organized by the Software Institute.
Next Speaker: Edoardo Riggio
Modern CI/CD pipelines have become central in how we automatically build, test, and deliver software. However, such pipeline automatizations have also become prime targets for sophisticated supply chain attacks. The SUNBURST attack on SolarWinds demonstrates how malicious actors can use trusted build systems to distribute tainted updates to thousands of organizations. We will start by dissecting the anatomy of SUNBURST, revealing how the Russian cyber espionage group known as Nobelium managed to successfully execute such a large-scale attack. We will then analyze its fallout, which called for major legislative efforts, such as the US Executive Order 14067 and the EU Cyber Resilience Act. Finally, we will also be introducing the research we are carrying out towards evaluating and securing the software supply chain of CI/CD environments. In particular, we will present Soteria, a tool we developed to automatically detect security misconfigurations in GitHub workflow files.
Edoardo Riggio is currently a PhD researcher in the DESIGN research group under the supervision of Prof. Cesare Pautasso. He graduated at USI in Informatics and later in Software and Data Engineering. Edoardo’s research focuses on the security of software supply chains in CI/CD environments.
Program
-
Srdjan KrsticMay 22, 2025