I am a Principal Research Scientist in the Security Research team at SAP. I am based in Sophia-Antipolis, in Southern France, and I have been with SAP since 2010.

My current focus is primarily on artificial intelligence for source code analysis applied to the field of software security, particularly open-source software.

I was part of the team that invented and developed Eclipse Steady, the tool that SAP has used since 2015 to scan the dependencies of its Java products. In February 2019 my colleagues and I released the vulnerability dataset that fuels Steady at SAP; an extended version of that dataset is now available through project KB.

I am principal investigator of EU-funded Sec4AI4Sec project (2023-2026). I have been principal investigator and technical leader of EU-funded AssureMOSS project (2020-2023).

Since the end of 2021, I serve as a (co-)editor for the Building Security In department of the IEEE Security & Privacy magazine.

Before joining SAP, I was a post-doc fellow and then a full-time researcher at the National Research Council (CNR) (Pisa, Italy), where I spent four years overall.

During my PhD, in 2005 and 2006, I spent 7 months overall as a visiting researcher at Carleton University, Ottawa.

I received my PhD in Computer Science and Engineering from the University of Rome ‘Tor Vergata’ (Italy) in 2007.

You may find additional information about me on LinkedIn and on Google Scholar.

To get in touch with me, just click here and write me a message.