Thomas LaToza
George Mason University, USA

Theories of Program Comprehension in the Age of LLMs
Abstract More than 50 years of work in program comprehension has yielded a rich and diverse trove of findings about how developers work with and comprehend code, while envisioning numerous paths by which tools can support program comprehension. As LLMs transform developer work from writing to comprehending code and promise to usher in a golden age of program comprehension, how can lessons from the past help chart a path forward?
In this talk, we’ll explore how theories of programming help unravel the impact of LLMs on program comprehension, examining the use of theory to distill findings from empirical studies, capture implicit assumptions about how tools help, identify when and where studies are needed, and shape the design of new types of programming tools.
BIO: Thomas LaToza is an Associate Professor of Computer Science in the School of Computing at George Mason University. His work draws on empirical studies of programming practice to design new types of tools for programming, debugging, and software design. His early work, in collaboration with Microsoft Research, helped lay the foundations for many of the contemporary uses of empiricism in software engineering. His work on microtask programming inspired several recent startups, including Sayna and Crowdbotics. More recently, he served as organizer of the Dagstuhl Seminar on Theories of Programming, served as General Chair of the Symposium on Visual Languages and Human-Centric Computing, and was recognized as a George Mason University Teacher of Distinction.
Kate Stewart
The Linux Foundation
Shared keynote with MSR

Mining BOMs for Improving Supply Chain Efficiency & Resilience
Abstract Bill of Materials (BOMs) have been present in the shipping of physical products for decades, but as more modern systems (including AI) have come to rely increasingly on software and data, these elements are now essential to capture as well. Software Bill of Materials (SBOMs) are gaining adoption in industry due to increasing software complexity, emerging regulatory requirements (e.g., FDA, CRA), and the expansion of software's role in critical systems (automotive, medical, space, industrial, etc.). The sheer scale of SBOM metadata generated, the diverse information needed across the software lifecycle, and the need to leverage this data for various risk analyses (security, license, operational, safety, AI) require robust solutions and different perspectives on this material. This keynote will look at the current challenges in the SBOM landscape in terms of generating and maintaining such data. It will explore the challenges that are there for being able to extract knowledge from the BOM metadata for continuous safety compliance for products that may be leveraging open source components in safety critical domains.
BIO: Kate Stewart is the Vice President of Dependable Embedded Systems at The Linux Foundation. She works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects. Since joining the foundation ten years ago, she has launched the Zephyr and ELISA Projects, among others. Kate was one of the founders of SPDX in 2009, and is currently the technical team co-lead. She has been active in the multistakeholder efforts to define SBOM minimum elements hosted by NTIA and more recently updated by CISA in 2024. With more 30 years of experience in the software industry, she has held a variety of roles and worked as a developer in Canada, Australia, and the US and for the last 20 years has managed software development teams in the US, Canada, UK, India, and China. She can be reached at: kstewart@linuxfoundation.org