The last decades have put Privacy and Security (P&S) in the spotlight of information technology as data breaches and cyberattacks have spiked globally. Still, P&S are often afterthoughts in software development as their benefits are sometimes difficult to demonstrate and their costs hard to justify. However, such technical debt is becoming hard to sustain as new legal frameworks, such as the EU General Data Protection Regulation (GDPR), demand companies to incorporate P&S features (e.g., transparency, anonymity, and informed consent) at the core of their products. Hence, there is an urgent call for tools and methods supporting the elicitation and deployment of P&S requirements in a by-design approach. P&S are multifaceted and complex research areas spanning across different knowledge domains (e.g., engineering, law, and psychology). Challenges in P&S cannot be solely addressed from a single discipline as they often involve human factors, technological artefacts, and regulatory/legal frameworks. Particularly, the quest for P&S solutions requires in-deep knowledge and actionable information about its users/stakeholders, vulnerabilities/flaws, and potential attackers. Mining Software Repositories (MSR) techniques can support this quest by providing means to understand the P&S dimensions of information systems, thus help shaping privacy- and security-friendly software. This workshop aims to explore the application of MSR at the different stages of P&S engineering.
The use of LLMs is transforming software engineering. In many aspects of SE, using LLMs has shown tremendous improvements. One area where LLMs struggle is in the suggestion and management of software dependencies. In this talk, I will present some work that highlights the challenges of using LLMs when software dependencies are involved. I will also present some of the reasons LLMs tend to struggle with software dependencies and suggest potential solutions to address these challenges.
SEC4AI4SEC is a European project aimed at developing cutting-edge technologies, open-source tools, and new methodologies for designing and certifying secure AI-enhanced systems and AI-enhanced systems for security.
Paper camera ready
Workshop
Thank you so much to all who made MSR4P&S possible, specially to the authors for their engaging presentations on #privacy #security #staticanalysis #sbomsecurity #threatmodeling and so much more! Proceedings will be online soon! Stay tuned! 🙌 @SANERconf pic.twitter.com/V02SHPLy2A
— MSR4PS 2024 (@MSR4PSworkshop) March 12, 2024