ICSME 2025
Sun 7 - Fri 12 September 2025 Auckland, New Zealand

This program is tentative and subject to change.

Over the past two decades we have seen an evolution of the application security landscape including the transitioning from an on-premise environment to a cloud-based one, which transformed the way development teams work, now heavily relying on continuous integration and continuous delivery. For application security, this presented new challenges with a transition to a DevSecOps model where security gets integrated at different levels of the software process and having different constraints on integration of appsec tools. In this talk we provide our experience over the past close to two decades on development of research in the vulnerability space to scale up methods of detecting vulnerabilities at scale over billions of lines of code and yet remain precise in results from these tools. Our insights led to the development of the Intelligent Application Security (IAS) vision to develop an integrated approach to improving application security including security issue prevention and remediation. We show how one can combine program analysis and synthesis techniques with LLM-based techniques to achieve our vision. These improvements lead not only to better security, they also improve developer productivity.

This program is tentative and subject to change.

Thu 11 Sep

Displayed time zone: Auckland, Wellington change

09:00 - 10:00
Keynote 2 (plenary)ICSME Plenary Events at OGGB4 260-073
Chair(s): Stephen MacDonell Victoria University of Wellington, Amjed Tahir Massey University, Dan Hao Peking University, Matthias Galster University of Canterbury
09:00
60m
Keynote
From Vulnerability Detection to DevSecOps Productivity
ICSME Plenary Events
Cristina Cifuentes Oracle Software Assurance, Paddy Krishnan Oracle Labs, Australia