FSE 2025
Mon 23 - Fri 27 June 2025 Trondheim, Norway
co-located with ISSTA 2025
Tue 24 Jun 2025 10:30 - 10:50 at Aurora B - Security Chair(s): Zhenchang Xing

Context: Practitioners prefer to achieve performance without sacrificing productivity when developing scientific software. The Julia programming language is designed to develop performant computer programs without sacrificing productivity by providing a syntax that is scripting in nature. According to the Julia programming language website, the common projects are data science, machine learning, scientific domains, and parallel computing. While Julia has yielded benefits with respect to productivity, programs written in Julia can include security weaknesses, which can hamper the security of Julia-based scientific software. A systematic derivation of security weaknesses can facilitate secure development of Julia programs—an area that remains under-explored.

Objective: The goal of this paper is to help practitioners securely develop Julia programs by conducting an empirical study of security weaknesses found in Julia programs.

Methodology: We apply qualitative analysis on 4,592 Julia programs used in 126 open-source Julia projects to identify security weakness categories. Next, we construct a static analysis tool called Julia Static Analysis Tool (JSAT) that automatically identifies security weaknesses in Julia programs. We apply JSAT to automatically identify security weaknesses in 558 open-source Julia projects consisting of 25,008 Julia programs.

Results: We identify 7 security weakness categories, which include the usage of hard-coded password and unsafe invocation. From our empirical study we identify 23,839 security weaknesses. On average, we observe 24.9% Julia source code files to include at least one of the 7 security weakness categories.

Conclusion: Based on our research findings, we recommend rigorous inspection efforts during code reviews. We also recommend further development and application of security static analysis tools so that security weaknesses in Julia programs can be detected before execution.

Tue 24 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

10:30 - 12:30
SecurityJournal First / Research Papers / Industry Papers at Aurora B
Chair(s): Zhenchang Xing CSIRO’s Data61; Australian National University
10:30
20m
Talk
Come for Syntax, Stay for Speed, Write Secure Code: An Empirical Study of Security Weaknesses in Julia Programs
Journal First
Yue Zhang Auburn University, Justin Murphy Tennessee Tech University, Akond Rahman Auburn University
10:50
20m
Talk
AIM: Automated Input Set Minimization for Metamorphic Security Testing
Journal First
Nazanin Bayati Chaleshtari University of Ottawa, Yoann Marquer University of Luxembourg, Fabrizio Pastore University of Luxembourg, Lionel Briand University of Ottawa, Canada; Lero centre, University of Limerick, Ireland
11:10
20m
Talk
Understanding Industry Perspectives of Static Application Security Testing (SAST) Evaluation
Research Papers
Yuan Li Zhejiang University, Peisen Yao Zhejiang University, Kan Yu Ant Group, Chengpeng Wang Hong Kong University of Science and Technology, Yaoyang Ye Zhejiang University, Song Li The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Meng Luo The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Yepang Liu Southern University of Science and Technology, Kui Ren Zhejiang University
DOI
11:30
20m
Talk
Efficient and Robust Security-Patch Localization for Disclosed OSS Vulnerabilities with Fine-Tuned LLMs in an Industrial Setting
Industry Papers
Dezhi Ran Peking University, Lin Li Huawei Cloud Computing Technologies Co., Ltd., Liuchuan Zhu Huawei Cloud Computing Technologies Co., Ltd., Yuan Cao Peking University, Landelong Zhao Peking University, Xin Tan Beihang University, Guangtai Liang Huawei Cloud Computing Technologies, Qianxiang Wang Huawei Technologies Co., Ltd, Tao Xie Peking University
11:50
20m
Talk
It’s Acting Odd! Exploring Equivocal Behaviors of Goodware
Research Papers
Gregorio Dalia University of Sannio, Andrea Di Sorbo University of Sannio, Corrado A. Visaggio University of Sannio, Italy, Gerardo Canfora University of Sannio
DOI
12:10
20m
Talk
On the Unnecessary Complexity of Names in X.509 and Their Impact on Implementations
Research Papers
Yuteng Sun The Chinese University of Hong Kong, Joyanta Debnath Stony Brook University, Wenzheng Hong Independent, Omar Chowdhury Stony Brook University, Sze Yiu Chau The Chinese University of Hong Kong
DOI

Information for Participants
Tue 24 Jun 2025 10:30 - 12:30 at Aurora B - Security Chair(s): Zhenchang Xing
Info for room Aurora B:

Aurora B is the second room in the Aurora wing.

When facing the main Cosmos Hall, access to the Aurora wing is on the right, close to the side entrance of the hotel.

:
:
:
: