Antonino Sabetta

Senior Researcher

SAP Security Research

About me

I am a Senior Researcher in the Security Research team at SAP and I’m based in Sophia-Antipolis, in Southern France; I have been with SAP since 2010.

Current interests

My current interests are primarily in software security with an emphasis on ways to ensure a secure consumption of open-source software in large enterprise applications and the use of machine-learning to address this challenge (please see my publications page for more details and links to pre-prints). I am member of the team that makes SAP’s open-source vulnerability-assessment-tool (internally known as Vulas), which was released under the Apache 2.0 license at the end of 2018. In February 2019 we also released the vulnerability dataset that fuels Vulas.

Before SAP

Before joining SAP Security Research, I was a post-doc fellow and then a full-time researcher at the National Research Council (CNR) (Pisa, Italy) in Antonia Bertolino’s lab, where I spent four years overall.

In 2005 and 2006, during my PhD, I had the pleasure to be a visiting researcher in Dorina Petriu’s team, at Carleton University, Ottawa.

Education

I received both my PhD (2007) and my Master’s degree (2003) in Computer Science and Engineering from the University of Rome ‘Tor Vergata’ (Italy), under the guidance of Vincenzo Grassi and Raffaela Mirandola.

Additional information

You may find additional information about me on LinkedIn and on Google Scholar.

Interests

Software Security
Software Engineering
Security of Open-Source Software
Machine Learning

Education

PhD in Computer Science and Automation Engineering, 2007

University of Rome 'Tor Vergata'
MEng in Computer Science/Engineering, 2003

University of Rome 'Tor Vergata'

Experience

Mar. 2013 – Present

Mougins, France

Senior Researcher

SAP Labs

Automated approaches to the identification, assessment and mitigation of vulnerabilities in open-source software
Machine learning for software security analysis and vulnerability detection

Oct. 2010 – Feb. 2013

Mougins, France

Researcher

SAP Labs

Security certification of Web Services
Lead architect in EU-funded project Assert4SOA

Jan. 2010 – Sep. 2010

Pisa, Italy

Post-doc Fellow (2006-2008), then Researcher (2008-2010)

CNR-ISTI

I woorked in the broad domain of software testing, in particular on aspects related to service-oriented systems, performance analysis, and monitoring.

May. 2006 – Aug. 2006

Ottawa, Canada

Vising Researcher (I)

Carleton University

Using graph grammars as a way to abstract information from software models, as a preliminary step for futher model transformation to a different target representation.

Antonino Sabetta, Dorina C Petriu, Vincenzo Grassi, Raffaela Mirandola, Abstraction-raising transformation for generating analysis models, International Conference on Model Driven Engineering Languages and Systems, 2005, (preprint)

May. 2005 – Jul. 2005

Ottawa, Canada

Vising Researcher (II)

Carleton University

I worked with Dorina Petriu on an approach to use methods from the Aspect-Oriented paradigm and graph grammars to represent crosscutting concerns (performance, security) in software models.

Dorina C. Petriu, Hui Shen, Antonino Sabetta, Performance analysis of aspect-oriented UML models, Software and Systems Modeling, December 2007, Volume 6, Issue 4, pp 453–471

Oct. 2003 – Jun. 2007

Rome, Italy

PhD Candidate

Univ. of Rome ‘Tor Vergata’

My PhD thesis was on model-driven methods to analyze the performance of software systems

Selected Publications

A Manually-Curated Dataset of Fixes to Vulnerabilities of Open-Source Software

Serena E. Ponta, Henrik Plate, Antonino Sabetta, Michele Bezzi, Cédric Dangremont

Preprint Code Dataset Project

Beyond Metadata: Code-centric and Usage-based Analysis of Known Vulnerabilities in Open-source Software

Serena E. Ponta, Henrik Plate, Antonino Sabetta

Preprint PDF Source Document

A Practical Approach to the Automatic Classification of Security-Relevant Commits

Antonino Sabetta, Michele Bezzi

Preprint

Vulnerable Open Source Dependencies: Counting Those That Matter

Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta, Fabio Massacci

Preprint

Impact Assessment for Vulnerabilities in Open-Source Software Libraries

Henrik Plate, Serena E. Ponta, Antonino Sabetta

Preprint PDF DOI

TESTREX: a Testbed for Repeatable Exploits

PDF DOI

CONNECT Challenges: Towards Emergent Connectors for Eternal Networked Systems

Valérie Issarny, Bernhard Steffen, Bengt Jonsson, Gordon Blair, Paul Grace, Marta Kwiatkowska, Radu Calinescu, Paola Inverardi, Massimo Tivoli, Antonia Bertolino, Antonino Sabetta

Preprint PDF DOI

Scaling up SLA monitoring in pervasive environments

Antonia Bertolino, Guglielmo De Angelis, Antonino Sabetta, Sebastian Elbaum

PDF Slides DOI

Filling the gap between design and performance/reliability models of component-based systems: A model-driven approach

Vincenzo Grassi, Raffaela Mirandola, Antonino Sabetta

PDF DOI

Events

2019

(QUATIC 2019) 12th International Conference on the Quality of Information and Communications Technology, Ciudad Real, Spain, September 11-13, 2019
(ARES 2019) 14th International Conference on Availability, Reliability and Security (ARES 2019)
(IWSSEC 2019) International Workshop on Security Engineering for Cloud Computing (event website under construction)
(MobileSoft 2019) 6th IEEE/ACM International Conference on Mobile Software Engineering and Systems
- Submission Deadline: April 30, 2019

Antonino Sabetta

Senior Researcher

SAP Security Research

About me

Interests

Education

Experience

Senior Researcher

SAP Labs

Researcher

SAP Labs

Post-doc Fellow (2006-2008), then Researcher (2008-2010)

CNR-ISTI

Vising Researcher (I)

Carleton University

Vising Researcher (II)

Carleton University

PhD Candidate

Univ. of Rome ‘Tor Vergata’

Selected Publications

Recent Posts

Events

2019

Contact