Antonino Sabetta

Senior Researcher

SAP Security Research

About me

I am a Senior Researcher in the Security Research team at SAP and I’m based in Sophia-Antipolis, in Southern France; I have been with SAP since 2010.

My current interests are primarily in software security with an emphasis on ways to ensure a secure consumption of open-source software in large enterprise applications and the use of machine-learning to address this challenge (please see the publications section of this site for more details and links to pre-prints). I am member of the team that makes SAP’s open-source vulnerability-assessment-tool (internally known as Vulas), which was released under the Apache 2.0 license at the end of 2018 and has become an Eclipse Foundation project in 2019 (under the new name Eclipse Steady). In February 2019 my colleagues and I also released the vulnerability dataset that fuels Vulas.

Before joining SAP Security Research, I was a post-doc fellow and then a full-time researcher at the National Research Council (CNR) (Pisa, Italy) in Antonia Bertolino’s lab, where I spent four years overall. In 2005 and 2006, during my PhD, I had the pleasure to be a visiting researcher in Dorina Petriu’s team, at Carleton University, Ottawa.

Education I received both my PhD (2007) and my Master’s degree (2003) in Computer Science and Engineering from the University of Rome ‘Tor Vergata’ (Italy), under the guidance of Vincenzo Grassi and Raffaela Mirandola.

Additional information You may find additional information about me on LinkedIn and on Google Scholar.

To get in touch with me, just click here and write me a message.

Interests

Software Security
Software Engineering
Security of Open-Source Software
Machine Learning

Education

PhD in Computer Science and Automation Engineering, 2007

University of Rome 'Tor Vergata'
MEng in Computer Science/Engineering, 2003

University of Rome 'Tor Vergata'

Experience

Mar. 2013 – Present

Mougins, France

Senior Researcher

SAP Labs

Automated approaches to the identification, assessment and mitigation of vulnerabilities in open-source software
Machine learning for software security analysis and vulnerability detection

Oct. 2010 – Feb. 2013

Mougins, France

Researcher

SAP Labs

Security certification of Web Services
Lead architect in EU-funded project Assert4SOA

Jan. 2010 – Sep. 2010

Pisa, Italy

Post-doc Fellow (2006-2008), then Researcher (2008-2010)

CNR-ISTI

I woorked in the broad domain of software testing, in particular on aspects related to service-oriented systems, performance analysis, and monitoring.

May. 2006 – Aug. 2006

Ottawa, Canada

Vising Researcher (I)

Carleton University

Using graph grammars as a way to abstract information from software models, as a preliminary step for futher model transformation to a different target representation.

Antonino Sabetta, Dorina C Petriu, Vincenzo Grassi, Raffaela Mirandola, Abstraction-raising transformation for generating analysis models, International Conference on Model Driven Engineering Languages and Systems, 2005, (preprint)

May. 2005 – Jul. 2005

Ottawa, Canada

Vising Researcher (II)

Carleton University

I worked with Dorina Petriu on an approach to use methods from the Aspect-Oriented paradigm and graph grammars to represent crosscutting concerns (performance, security) in software models.

Dorina C. Petriu, Hui Shen, Antonino Sabetta, Performance analysis of aspect-oriented UML models, Software and Systems Modeling, December 2007, Volume 6, Issue 4, pp 453–471

Oct. 2003 – Jun. 2007

Rome, Italy

PhD Candidate

Univ. of Rome ‘Tor Vergata’

My PhD thesis was on model-driven methods to analyze the performance of software systems

Selected Publications

Commit2Vec: Learning Distributed Representations of Code Changes

Rocío Cabrera Lozoya, Arnaud Baumann, Antonino Sabetta, Michele Bezzi

Preprint PDF

A Manually-Curated Dataset of Fixes to Vulnerabilities of Open-Source Software

Serena E. Ponta, Henrik Plate, Antonino Sabetta, Michele Bezzi, Cédric Dangremont

Preprint Code Dataset Project

Beyond Metadata: Code-centric and Usage-based Analysis of Known Vulnerabilities in Open-source Software

Serena E. Ponta, Henrik Plate, Antonino Sabetta

Preprint PDF Source Document

A Practical Approach to the Automatic Classification of Security-Relevant Commits

Antonino Sabetta, Michele Bezzi

Preprint

Vulnerable Open Source Dependencies: Counting Those That Matter

Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta, Fabio Massacci

Preprint

Impact Assessment for Vulnerabilities in Open-Source Software Libraries

Henrik Plate, Serena E. Ponta, Antonino Sabetta

Preprint PDF DOI

TESTREX: a Testbed for Repeatable Exploits

PDF DOI

CONNECT Challenges: Towards Emergent Connectors for Eternal Networked Systems

Valérie Issarny, Bernhard Steffen, Bengt Jonsson, Gordon Blair, Paul Grace, Marta Kwiatkowska, Radu Calinescu, Paola Inverardi, Massimo Tivoli, Antonia Bertolino, Antonino Sabetta

Preprint PDF DOI

VCR: Virtual Capture and Replay for Performance Testing

Antonia Bertolino, Guglielmo De Angelis, Antonino Sabetta

Preprint PDF DOI

Scaling up SLA monitoring in pervasive environments

Antonia Bertolino, Guglielmo De Angelis, Antonino Sabetta, Sebastian Elbaum

PDF Slides DOI

See all publications

Events

2020

(ICSE-SEIP 2020) 42th International Conference on Software Engineering (track: Software Engineering in Practice), 23-29 May 2020, Seoul, South Korea.
(ESEC-FSE 2020) ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Sun 8 - Fri 13 November 2020 Sacramento, California, United States
(ACM SAC SA-TTA 2020) The 8th track on Software Architecture: Theory, Technology, and Applications (SA-TTA) at the 35th ACM/SIGAPP Symposium On Applied Computing (SAC 2020), Mar 30 - Apr 3, 2020, Brno, Czech Republic.
(SANER 2020) 27th IEEE International Conference on Software Analysis, Evolution and Reengineering, February 18-21, 2020, London, Ontario.

2019

(FAACS 2019) 3rd Workshop on Formal Approaches for Advanced Computing Systems – co-located with the 13th European Conference on Software Architecture (ECSA 2019), 9-13 September 2019, Paris
- Submission deadline: May 31, 2019
(QUATIC 2019) 12th International Conference on the Quality of Information and Communications Technology, Ciudad Real, Spain, September 11-13, 2019
(ARES 2019) 14th International Conference on Availability, Reliability and Security (ARES 2019)
(IWSSEC 2019) International Workshop on Security Engineering for Cloud Computing (event website under construction)
(MobileSoft 2019) 6th IEEE/ACM International Conference on Mobile Software Engineering and Systems
- Submission deadline: April 30, 2019

Antonino Sabetta

Senior Researcher

SAP Security Research

About me

Interests

Education

Experience

Senior Researcher

SAP Labs

Researcher

SAP Labs

Post-doc Fellow (2006-2008), then Researcher (2008-2010)

CNR-ISTI

Vising Researcher (I)

Carleton University

Vising Researcher (II)

Carleton University

PhD Candidate

Univ. of Rome ‘Tor Vergata’

Selected Publications

Recent Posts

Events

2020

2019

Contact