Measuring Software Resilience Using Socially Aware Truck Factor Estimation (ASE 2025 - New Ideas and Emerging Results Track) - ASE 2025

Sun 16 - Thu 20 November 2025 Seoul, South Korea

Who

Alexis Butler, Dan O'Keeffe, Santanu Dash

Track

ASE 2025 NIER Track

This program is tentative and subject to change.

Time Zone

The program is currently displayed in (GMT+09:00) Seoul.

Use conference time zone: (GMT+09:00) SeoulSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

When

Tue 18 Nov 2025 16:00 - 16:10 at Grand Hall 2 - Security 6

Abstract

Continued timely maintenance is a key aspect of project security, but typically requires in-depth knowledge of a project’s code base. Truck Factor is a metric that aims to represent how vulnerable a project is to losing this knowledge through the attrition of key contributors. However, the accuracy of existing Truck Factor estimators scales poorly with project size since they tend to ignore influential team members in managerial roles, which are more common in large projects.

This work proposes SNet, a novel socially aware Truck Factor estimator based on social network analysis. SNet uses network centrality measures and social signals such as GitHub Issue interactions to estimate Truck Factor and identify Truck Factor contributors. We evaluate SNet against an existing ground truth comprised of twenty-six open source projects. Our social network analysis approach achieves superior contributor classification performance (Median F1 score = 0.8) while reducing computation time by over 2x compared to state-of-the-art estimators.

Alexis Butler

Royal Holloway University of London

Dan O'Keeffe

Royal Holloway, University of London

Santanu Dash

University of Surrey

United Kingdom

This program is tentative and subject to change.

Time Zone

The program is currently displayed in (GMT+09:00) Seoul.

Use conference time zone: (GMT+09:00) SeoulSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Session Program

Tue 18 Nov
Displayed time zone: Seoul change

	16:00 - 17:00	Security 6Industry Showcase / NIER Track at Grand Hall 2

	16:00 10m Talk		Measuring Software Resilience Using Socially Aware Truck Factor Estimation NIER Track Alexis Butler Royal Holloway University of London, Dan O'Keeffe Royal Holloway, University of London, Santanu Dash University of Surrey
	16:10 10m Talk		Should We Evaluate LLM Based Security Analysis Approaches on Open Source Systems? Industry Showcase Kohei Dozono Technical University of Munich, Jonas Engesser Technical University of Munich, Benjamin Hummel CQSE GmbH, Alexander Pretschner TU Munich, Tobias Roehm CQSE GmbH
	16:20 10m Talk		DALEQ - Explainable Equivalence for Java Bytecode Industry Showcase Jens Dietrich Victoria University of Wellington, Behnaz Hassanshahi Oracle
	16:30 10m Talk		A Secure Mocking Approach towards Software Supply Chain Security NIER Track Daisuke Yamaguchi NTT, Inc., Shinobu Saito NTT, Inc., Takuya Iwatsuka NTT, Nariyoshi Chida NTT, Inc, Tachio Terauchi Waseda University
	16:40 10m Talk		TRON: Fuzzing Linux Network Stack via Protocol-System Call Payload Synthesis Industry Showcase Qiang Zhang Hunan University, Yifei Chu Tsinghua University, Yuheng Shen Tsinghua University, Jianzhong Liu Tsinghua University, Heyuan Shi Central South University, Yu Jiang Tsinghua University, Wanli Chang College of Computer Science and Electronic Engineering, Hunan University
	16:50 10m Talk		Industry Practice of LLM-Assisted Protocol Fuzzing for Commercial Communication Modules Industry Showcase Qiang Fu Central South University, Changjian Liu Central South University, Yuan Ding China Mobile IoT, Chao Fan China Mobile IoT, Yulai Fu , Yuhan Chen Central South Sniversity, Ying Fu Tsinghua University, Ronghua Shi Central South University, Fuchen Ma Tsinghua University, Heyuan Shi Central South University