agenda.yml 2.75 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
complete: false
types:

items:
    - name: "Introduction"
      presenter: <a href="speakers/#marco_jahn">Marco Jahn</a> and <a href="speakers/#cedric_thomas">Cedric Thomas</a>
      type: session
      time: 16:00 - 16:15 (CET)
    - name: "On-going research to fuel and enhance Eclipse Steady"
      presenter: <a href="speakers/#henrik_plate">Henrik Plate</a>, <a href="speakers/#serena_ponta">Serena Ponta</a>, or <a href="speakers/#antonino_sabetta">Antonino Sabetta</a>
      type: session
      time: 16:15 - 16:35 (CET)
      abstract: |
           <p>Eclipse Steady offers a code-based approach to detect the presence of open-source code subject to known 
           vulnerabilities, to assess the severity of findings and to propose mitigations. Its code-centricity allows 
           Steady to improve on several dimensions, esp. detection accuracy. However, public vulnerability databases 
           like the NVD do not contain the required information, hence, a dedicated vulnerability database had to be 
           established, needing continuous contributions. This presentation will provide an overview about on-going 
           research activities related to the creation and maintenance of an open-source vulnerability database for 
           Eclipse Steady. Moreover, we will shortly discuss the possibility to use the code-analysis features of 
           Eclipse Steady to identify unused dependencies, whose removal would reduce applications' attack surface 
           and maintenance effort.</p>

    - name: "Sat4j, from the lab to OW2 with and for Eclipse"
      presenter: <a href="speakers/#daniel_le_berre">Daniel Le Berre</a>
      type: session
      time: 16:35 - 16:55 (CET)
      abstract: |
          <p>Sat4j is a library of tools in Java to solve combinatorial problems with Boolean variables. One of such
          problem is the canonical SATisfiability problem, one of the simplest hard problems in theoretical computer science.
          Interestingly, in practice, software able to solve instances of such problem (so called *SAT solvers*) improved 
          drastically in early 2000's.
          Those solvers are used nowadays to solve a wide range of problems, from hardware or software verification to
          bioinformatics. Sat4j provides such technology to Java users. 
          From the beginning, Sat4j has been hosted by OW2, and developed using Eclipse. Since 2008, Sat4j is used in 
          Eclipse p2 to manage Eclipse plugin dependencies.
          This talk will review the conditions, benefits and limitations of growing open source research software in a non
          academic open source world.</p>
    - name: "Wrap up"
      presenter: <a href="speakers/#cedric_thomas">Cedric Thomas</a>
      type: session
      time: 16:55 - 17:00 (CET)