Keynote 1: Tuesday (August 23) 9:15 am - 10:15 am

Abstract:

Software powers much of the world today and will soon take over the rest. A key enabler of this software takeover is the abundance of libraries, modules, packages, and gems that developers can quickly reuse to create rich features for their applications. Unfortunately, the blessings from the software dependencies can become curses, evident by recent large-scale hacks that target the software supply chain (e.g., SolarWind and CodeCov hacks) in which the attackers gain access to numerous organizations by compromising one common dependency. In this talk, I will discuss the risks of software dependencies, and describe our recent work mitigating them, including (1) Upgradvisor, a system for largely automating source dependency updates and (2) NeuDep/StateFormer/XDA, several systems that leverage transfer learning to reverse-engineer and analyze binary dependencies.