EASE 2024
Tue 18 - Fri 21 June 2024 Salerno, Italy
Wed 19 Jun 2024 11:00 - 11:15 at Room Vietri - Architecture Chair(s): Davide Di Ruscio

With the rapid rise in Software Supply Chain (SSC) attacks, organisations need thorough and trustworthy visibility over the entire SSC of their software inventory to detect risks early and identify compromised assets rapidly in the event of an SSC attack. One way to achieve such visibility is through SSC metadata, machine-readable and authenticated documents describing an artefact’s lifecycle. Adopting SSC metadata requires organisations to procure or develop a Software Supply Chain Metadata Management system (SCM2), a suite of software tools for performing life cycle activities of SSC metadata documents such as creation, signing, distribution, and consumption. Selecting or developing an SCM2 is challenging due to the lack of a comprehensive domain model and architectural blueprint to aid practitioners in navigating the vast design space of SSC metadata terminologies, frameworks, and solutions. This paper addresses the above-mentioned challenge by presenting an empirically grounded Reference Architecture (RA) comprising of a domain model and an architectural blueprint for SCM2 systems. Our proposed RA is constructed systematically on an empirical foundation built with industry-driven and peer-reviewed SSC security frameworks. Our theoretical evaluation, which consists of an architectural mapping of 5 prominent SSC security tools on the RA, ensures its validity and applicability, thus affirming the proposed RA as an effective framework for analysing existing SCM2 solutions and guiding the engineering of new SCM2 systems.

Wed 19 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

11:00 - 12:20
11:00
15m
Talk
An Empirically Grounded Reference Architecture for Software Supply Chain Metadata Management
Research Papers
Nguyen Khoi Tran The University of Adelaide, Samodha Pallewatta CREST, The University of Adelaide, Adelaide, Australia, Muhammad Ali Babar School of Computer Science, The University of Adelaide
11:15
15m
Talk
Dealing with clinical outcome and fair cost: the FIDCARE platform
Industry
Leopoldo Beneduce Kiranet srl, Raffaele Chianese Kiranet S.r.l, Francesco Gargiulo Createck, Stefano Marrone Università della Campania "Luigi Vanvitelli", Laura Verde Università della Campania "Luigi Vanvitelli"
11:30
15m
Talk
Harnessing No-Code Blockchain for DeFi: A Microcredit Case Study on AstraKode Blockchain
Industry
Fabiano Izzo Fabiano Izzo, CEO and co-founder, AstraKode S.r.l., Damiano D'Amici Damiano D'Amici, Head of Product and co-founder, AstraKode S.r.l.
11:45
15m
Talk
Harmonizing DevOps taxonomies — A grounded theory study
Journal-first
Jessica Díaz Universidad Politécnica de Madrid, Jorge Perez , Isaque Alves University of Brasilia (UnB), Fabio Kon University of São Paulo, Leonardo Alexandre Ferreira Leite University of São Paulo, Paulo Meirelles University of São Paulo, Carla Silva Rocha Aguiar University of Brasília
12:00
10m
Talk
CLAIM: a Lightweight Approach to Identify Microservices in Dockerized Environments
Short Papers, Vision and Emerging Results
Kevin Maggi University of Florence, Roberto Verdecchia University of Florence, Leonardo Scommegna University of Florence, Enrico Vicario University of Florence
DOI Pre-print
12:10
10m
Talk
A Folklore Confirmation on the Removal of Dead Code
Short Papers, Vision and Emerging Results
Simone Romano University of Salerno, Giovanni Toriello , Pietro Cassieri University of Salerno, Rita Francese University of Salerno, Giuseppe Scanniello University of Salerno