Program

Date Time Event
March 17, 2026
Megaron Gamma, The St. Raphael Resort, Cyprus		 14:00 - 14:05 Welcome Message and Opening Remarks
14:05 - 14:50 Keynote
Weiyi(Ian) Shang | University of Waterloo, Canada

Weiyi(Ian) Shang is an Associate Professor in the Department of Electrical and Computer Engineering at the University of Waterloo. Dr. Shang's general research area is Software Engineering. In particular, his research interest includes software engineering for ultra-large-scale systems, software log mining, empirical software engineering, mining software repositories and performance engineering.


Towards Pragmatic Pre-processing of Logs

Software systems usually record important and sensitive runtime information in their logs. Logs help practitioners understand system runtime behaviors and diagnose field failures. As logs are usually very large in size, automated log analysis is needed to assist practitioners in their software operation and maintenance efforts. The success of adopting log analysis in practice often depends on sophisticated preprocessing. In particular, to enable systematic analysis of logs, logs are often parsed such that the raw logs are converted from unstructured text to a structured format and groups based on particular IDs of time slots. Such analysis may also lead to privacy leakage from the logs which may exploit the sensitive information in logs. In this talk, I provide an overview of some of our recent work on automated techniques of log pre-processing especially considering the adoption of log analysis and the privacy leakage issues in practice.
10:00 - 10:30 Paper Session #1 — 2 papers
  • 14:50-15:10 — "Broken Access Control Risks in Open Source JavaScript Projects: A Security Analysis", Rima Ayusinta, Rodi Jolak and Raja Khurram Shahzad
  • 15:10-15:30 — "Policy-as-Code in the Wild: A Taxonomy and Dataset for Open Policy Agent from GitHub", Can Önal, Indika Kumara, Filippo Scaramuzza and Marco Tonnarelli
15:30 - 16:00 Coffee Break
16:00 - 17:30 Paper Session #2 — 5 papers
  • 16:00-16:20 — "Evaluating Large Language Models for Security Bug Report Prediction", Farnaz Soltaniani, Shoaib Razzaq and Mohammad Ghafari
  • 16:20-16:40 — "Towards Project-Aware Actionability Detection for Coding Rule Violations", Széles Csoma Lázár and Gergő Balogh
  • 16:40-16:50 — "Don’t Mind the Mesh: An Empirical Study of Istio Service Mesh Security in GitHub", Kohsuke Sonoda, Jose Luis Martin-Navarro and Tuomas Aura
  • 16:50-17:10 — "Can Developers rely on LLMs for Secure IaC Development?", Ehsan Firouzi, Shardul Bhatt, Mohammad Ghafari
  • 17:10-17:30 — "TriGuard: LLMs, Security Analyzers, and Human-Feedback for Secure Code Generation and Vulnerability Detection", Ehsan Firouzi and Mohammad Ghafari
17:30 - 17:45 Closing