PROMISE 2025
Thu 26 Jun 2025 Trondheim, Norway
co-located with FSE 2025
FSE 2025 (series) /

Keynotes

Monday 23 June FSE Keynote: Mark Harman, Peter O’Hearn, and Shubho Sengupta

Meta / University College London

More info coming soon.

Tuesday 24 June FSE Keynote: Laurie Williams

North Carolina State University

Title: Can the Rising Tide of Software Supply Chain Attacks Raise All Software Engineering Boats?

Software organizations largely did not anticipate how the software supply chain would become a deliberate attack vector. The software industry has moved from passive adversaries finding and exploiting vulnerabilities contributed by well-intentioned developers, such as log4j, to a new generation of software supply chain attacks, where attackers also aggressively implant vulnerabilities directly into dependencies available in open source e. Adversaries also find their way into builds and deployments, such as occurred with SolarWinds, to deploy rogue software. Once implanted, these vulnerabilities become an efficient attack vector for adversaries to gain leverage at scale by exploiting the software supply chain. Software supply chain attacks have increased exponentially since in 2020.

These attacks have heightened awareness among governments and software organizations throughout the world of the need for software development teams to adopt good software security practices – and, in the process, also good software engineering practices. This awareness has led to two US Executive Orders, the EU Cyber Resilience Act, and other actions worldwide. For example, the CEOs of software organizations who sell to the US government now need to sign a document attesting that good software security/engineering practices were used. This talk will share an overview of these actions, empirical observations in the state-the-practice in software security practice adoption, automated software practice measurement, and how these efforts can move into general software engineering.

Bio: Laurie Williams is the Goodnight Distinguished University Professor of Security Sciences in the Computer Science Department of the College of Engineering at North Carolina State University (NCSU). Laurie is the director of the National Science Foundation-sponsored Secure Software Supply Chain Center (S3C2), and co-director of the NSA-sponsored North Carolina Partnership for Cybersecurity Excellence (NC-PaCE) and the NCSU Secure Computing Institute. She was the co-director of the National Security Agency (NSA)-sponsored Science of Security Lablet at NCSU from 2011-2023. Laurie is an IEEE Fellow and an ACM Fellow. Laurie’s research focuses on software security, software processes, and empirical software engineering.

Wednesday 25 June FSE and ISSTA joint Keynote: Matthew Dwyer

University of Virginia

Title: Leveraging Latent-space Generative Models for Testing

Generative models have drawn attention in recent years for their ability to synthesize previously unseen instances from complex data distributions. These models can yield surprising results that reflect an ability to combine semantic features from training data, e.g., images of an armchair in the shape of an avocado.

In this talk, we explore the potential of such models to support software testing. To be useful in software testing, such models must produce data that is realistic and diverse relative to the input space of the system under test. Moreover, they must be controllable, so that input generation can target specific regions of the input space to enable focused testing.

We provide an overview of latent-space generative models and how they can support software testing. More specifically, we describe recent work defining test coverage criteria, test input generation methods, and methods that can control the generative process to produce data that is consistent with preconditions thereby allowing oracles encoding postconditions to be used.

Bio: Matthew B. Dwyer is the Robert Thomson Distinguished Professor in the Department of Computer Science at the University of Virginia and an Amazon Scholar. He has authored more than 140 scholarly publications in program analysis, software specification, and automated formal methods. These research contributions have been recognized with five “test of time” (ICSE 2010, SIGSOFT 2010, FSE 2018, SIGSOFT 2021, ISSTA 2022). He was named a Fulbright Research Scholar (2011), an IEEE Fellow (2013), a Parnas Fellow (2018), and an ACM Fellow (2019), and has received the IEEE Computer Society Harlan D. Mills Award (2022).

Thursday 26 June ISSTA Keynote: Claire Le Goues

Carnegie Mellon University

Title: Correctness Matters: Automatic Program Transformation in the Age of Generative AI

Software engineers never start from a blank page, but rather from an extant and usually long-running project in need of modification (for repair, extension, update, etc.). One way to view modern programming is thus as a continual process of iteratively transforming existing programs into something new, and hopefully better. In this context, I will talk about the development of the area of automatic program repair, from research novelty to industrial deployment. I will discuss the potential that this class of automatic program transformation approaches has to augment or automate a broad range of software development activities. I will focus especially on the fundamental challenge of ensuring that automatically transformed code is of acceptable quality, and ways to tackle that challenge, especially in light of recent advances in generative AI. Finally, I will reflect on the implications these emerging techniques have for the ways human engineers interact with their toolchains and their software systems, as well as for analysis and tool designers.

Bio: Claire Le Goues is a Professor of Computer Science at Carnegie Mellon University, primarily affiliated with the Software and Societal Systems Department. Her expertise lies in software engineering and applied programming languages, and especially in techniques for improving software quality via automatic program analysis and transformation. She is a recipient of the Presidential Early Career Award for Scientist and Engineers (PECASE), the ACM SIGSOFT Early Career Researcher Award, and an NSF CAREER Award, as well as faculty awards from Google and Meta; her early work on program repair has received impact awards from SIGEVO, ICSE, and IEEE TSE; and her research has been recognized by Distinguished Paper designations from ICSE, GECCO, and USENIX Security. In addition to teaching classes at all levels in software engineering and program analysis, Le Goues is a proud co-founder and co-director of the Research Experiences for Undergraduates in Software Engineering (REUSE) program (reuse.cs.cmu.edu). Le Goues received MS and PhD degrees in Computer Science from the University of Virginia, and a BA in the same from Harvard College. More details are available at www.clairelegoues.com

Friday 27 June ISSTA Keynote: ISSTA MIP Talk

Zichao Qi, Fan Long, Sara Achour, Martin Rinard: An analysis of patch plausibility and correctness for generate-and-validate patch generation systems.