Software Languages Lab

🚀 Breakout Session Spotlight: "Frontiers in Cybersecurity Testing: Addressing DevOps and IaaS". How do we secure the tools that build, deploy, and operate modern software systems? In this breakout session at Cybersecurity Industry Day, we’ll explore the evolving security challenges across the DevOps lifecycle, and the research and tools shaping the future of secure automation. 🔍 What to expect: ☑️ How software composition analysis strengthens the software supply chain through up-to-date dependencies and SBOMs ☑️ Why testing Infrastructure-as-Code (IaC) artefacts (e.g., Ansible, Terraform) is essential for spotting security weaknesses early ☑️ How Policy-as-Code solutions like OPA and Kyverno can enforce organizational policies and protect runtime environments 👉 Join us to discover how researchers and industry experts are pushing the frontiers of cybersecurity testing in the age of DevOps and cloud infrastructure. 📅 November 13, Lamot Mechelen: Register for Cybersecurity Industry Day today! https://lnkd.in/evazrXPj With Coen De Roover & Ruben Opdebeeck (Software Languages Lab). #industryday #testing #cybersecurity #DevOps #IaaS

Our paper "A Comprehensive Study of the Lifecycle of Dormant npm Packages" has been accepted for publication in Empirical Software Engineering! 🎉 🚀 🚨 This paper investigates the phenomenon of dormant npm packages, i.e., packages that experience long periods without updates. We conducted a large-scale mixed-method study on 11,970 npm packages, analyzing their release gaps, dependency outdatedness, vulnerabilities, and maintainer behavior. 🔍 Our findings reveal that dormancy often leads to outdated and insecure dependencies, with vulnerabilities tripling during inactivity. While some packages are eventually revived, many remain neglected — posing long-term risks for open-source ecosystems. Special thanks to my co-authors Ahmed Zerouali and Coen De Roover for this great collaboration 🙌 📎 Pre-print available here: https://lnkd.in/d9asf5jH

🚀𝐀𝐫𝐞 𝐲𝐨𝐮 𝐢𝐧𝐭𝐞𝐫𝐞𝐬𝐭𝐞𝐝 𝐢𝐧 𝐖𝐞𝐛 𝐆𝐔𝐈 𝐭𝐞𝐬𝐭𝐢𝐧𝐠? 𝐇𝐨𝐰 𝐢𝐬 𝐢𝐭 𝐫𝐞𝐚𝐥𝐥𝐲 𝐚𝐝𝐨𝐩𝐭𝐞𝐝 𝐚𝐧𝐝 𝐦𝐚𝐢𝐧𝐭𝐚𝐢𝐧𝐞𝐝 𝐢𝐧 𝐫𝐞𝐚𝐥 𝐰𝐞𝐛 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬? I'm thrilled to share that our "𝘐𝘯𝘷𝘦𝘴𝘵𝘪𝘨𝘢𝘵𝘪𝘯𝘨 𝘵𝘩𝘦 𝘈𝘥𝘰𝘱𝘵𝘪𝘰𝘯 𝘢𝘯𝘥 𝘔𝘢𝘪𝘯𝘵𝘦𝘯𝘢𝘯𝘤𝘦 𝘰𝘧 𝘞𝘦𝘣 𝘎𝘜𝘐 𝘛𝘦𝘴𝘵𝘪𝘯𝘨: 𝘐𝘯𝘴𝘪𝘨𝘩𝘵𝘴 𝘧𝘳𝘰𝘮 𝘎𝘪𝘵𝘏𝘶𝘣 𝘙𝘦𝘱𝘰𝘴𝘪𝘵𝘰𝘳𝘪𝘦𝘴" has been accepted for publication in the Information and Software Technology Journal! 🎉 📄preprint here:  https://lnkd.in/df2MBnC7 This work represents the 𝐟𝐢𝐫𝐬𝐭 𝐥𝐚𝐫𝐠𝐞-𝐬𝐜𝐚𝐥𝐞 𝐚𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐨𝐟 𝐭𝐡𝐞 𝐚𝐝𝐨𝐩𝐭𝐢𝐨𝐧 𝐚𝐧𝐝 𝐦𝐚𝐢𝐧𝐭𝐞𝐧𝐚𝐧𝐜𝐞 𝐨𝐟 𝐖𝐞𝐛 𝐆𝐔𝐈-𝐥𝐞𝐯𝐞𝐥 𝐭𝐞𝐬𝐭𝐢𝐧𝐠 in open-source web applications. We examined 472 real-world GitHub projects, diving deep into: ✅ How popular frameworks (Selenium, Playwright, Cypress, Puppeteer) are 𝐚𝐝𝐨𝐩𝐭𝐞𝐝, 𝐜𝐨-𝐚𝐝𝐨𝐩𝐭𝐞𝐝, 𝐚𝐧𝐝 𝐦𝐢𝐠𝐫𝐚𝐭𝐞𝐝 over time. ✅ How automated Web GUI tests 𝐞𝐯𝐨𝐥𝐯𝐞 𝐚𝐧𝐝 𝐚𝐫𝐞 𝐦𝐚𝐢𝐧𝐭𝐚𝐢𝐧𝐞𝐝 alongside the applications they validate. ✅ The 𝐩𝐫𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐩𝐚𝐭𝐭𝐞𝐫𝐧𝐬 behind testing strategies in the open-source ecosystem. Huge thanks to my co-authors Luigi Libero Lucio Starace, Valeria Pontillo, Ruben Opdebeeck, Coen De Roover, and Sergio Di Martino for their collaboration, dedication, and valuable contributions throughout this research journey. 🙌