APSEC 2025
Tue 2 - Fri 5 December 2025 Macao, China
APSEC 2025 (series) /

KeynotesAPSEC 2025

Software Supply Chain Security of Web3

Abstract: The Web3 paradigm, built on the promise of decentralization and trustless execution, has attracted massive investment and innovation. However, the decentralized applications (dApps) and smart contracts that secure billions of dollars in assets are themselves built upon complex, centralized, and often vulnerable software supply chains. From npm packages to compilers and development frameworks, every component represents a potential attack vector. This talk dissects the software supply chain of the Web3 ecosystem, identifying unique risks that arise at the intersection of traditional software development practices and the high-stakes, immutable nature of blockchain technology. Drawing from foundational research in software engineering, we will explore threat models, analyze recent real-world attacks, and propose solutions to harden Web3 against this growing class of threats. Homepage: https://mab.xyz/

Martin Monperrus is Professor of Software Technology at KTH Royal Institute of Technology, Sweden. His research lies in the field of software engineering. He is the recipient of the ACM SIGSOFT Impact Paper Award (2024) for pioneering the use of machine learning to assist developers in generating code snippets, paving the way for today’s intelligent code assistance tools (such as Github Copilot), the ASE Most Influential Paper Award and the KTH PhD Supervisor award. Martin also likes to build software and companies.








How to Build AI Agent, How to Build Agentic AI, and How to Build Automatically?

Abstract: In this keynote, Professor Yang Liu explores three critical questions in the evolution of intelligent software systems: how to build effective AI agents, how to endow them with advanced agentic capabilities such as memory, reasoning, and higher-order thinking, and how to automate their construction and deployment. To ground these ideas, he will highlight applications in cybersecurity, including automating expertise across the software lifecycle—from vulnerability detection and diagnosis to proof-of-concept generation and automated repair. The talk will conclude with a forward-looking discussion on interdisciplinary strategies toward Artificial General Intelligence, integrating insights from neuroscience, psychology, social sciences, and computer science to develop AI systems that are not only intelligent and agentic, but also secure, reliable, and aligned with human values.

Dr. Yang Liu is currently a full professor at Nanyang Technological University (NTU), Executive Director of Cyber Security Research Centre @ NTU, and Executive Director of CyberSG R&D Programme Office (CRPO). In 2019, he received the University Leadership Forum Chair professorship at NTU, the President’s Chair in 2024. Dr. Liu specializes in software engineering, cybersecurity, and artificial intelligence. His research has bridged the gap between the theory and practical usage of program analysis, data analysis and AI to evaluate the design and implementation of software for high assurance and security. Many of his research has been successfully commercialized. By now, he has more than 600 publications in top tier conferences and journals, and 29 best paper awards and one most influence system award in top software engineering conferences. He is also leading several major research centers and programs including Cysren, CRPO, Trustworthy AI in NTU (TAICeN), and CREATE center with ICL on medical device security. He has received a number of prestigious awards including MSRA Fellowship, TRF Fellowship, Nanyang Assistant Professor, Tan Chin Tuan Fellowship, Nanyang Research Award, ACM Distinguished Speaker, NRF Investigatorship, and NTU Innovator (Entrepreneurship) Award.

Navigating the Impact of Large Language Models on Software Engineering: Challenges and Opportunities

Abstract: Large Language Models (LLMs) have demonstrated considerable potential across a range of software engineering (SE) tasks, yet their integration into broader SE processes introduces distinct challenges. These challenges stem primarily from the models’ limited understanding of SE-specific knowledge and the inherently structured nature of SE data. In this presentation, I will discuss critical lessons and challenges encountered while implementing LLMs in software engineering contexts. This includes the essential task of filtering out noisy data and the advantages of integrating LLMs with program analysis techniques to improve their contextual and structural understanding. Furthermore, I will delve into the transformative impact of LLMs on various SE practices, such as test case generation, vulnerability management, and automated code generation. The talk aims to provide a comprehensive exploration of both the limitations and potential of LLMs within the software engineering domain, shedding light on emerging opportunities and anticipating future trends.

Xin Xia is a Qiushi Distinguished Professor at the College of Computer Science and Technology, Zhejiang University. Prior to joining Zhejiang University, he was the Chief Expert and Director of the Software Engineering Application Technology Lab at Huawei Technologies, China. His research interests encompass AI and SE, and empirical software engineering. Xin has authored over 360 papers and has received 16 best or distinguished paper awards, including nine ACM SIGSOFT Distinguished Paper Awards for his contributions at ASE (2018-2021), ICPC (2018, 2020), FSE (2025), ICSE (2024), and MSR (2024). In recognition of his early career achievements, he was awarded the ACM SIGSOFT Early Career Researcher Award in 2022. Xin is an ACM Distinguished Member for contributions to empirical software engineering and AI for software engineering.

Xin has been a significant role in the software engineering community, serving on the steering committees of several conferences, including MSR, SANER, Internetware, and PROMISE. He has played key roles in organizing major SE conferences such as ICSE (2023-2025) and ASE (2016, 2020-2021, 2025). He serves (served) as Program Co-Chair for ICSME 2026, EASE 2026, SANER 2023, TechDebt 2023, and PROMISE 2021, and as General Co-Chair for Internetware 2023 and FORGE (2024-2025). Additionally, Xin is an Associate Editor for several esteemed SE journals, including TOSEM, EMSE, IEEE Software, ASEJ, and JSEP.