AssureMOSS

Assurance and certification in secure Multi-party Open Software and Services

The mission of AssureMOSS is to produce a coherent set of automated, lightweight techniques that allow software companies to assess, manage, and re-certify the security and privacy risks associated with the fast-paced development and continuous deployment of multi-party open software and services (for which we introduce the MOSS acronym). Ultimately, we aim at supporting the creation of more secure MOSS software.

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 952647.

Total budget: €4.689.425

For further details, please visit the project homepage.

Publications

Secure Software Development in the Era of Fluid Multi-party Open Software and Services

Pushed by market forces, software development has become fast-paced. As a consequence, modern development projects are assembled from …
PDF Project

LastPyMile: Identifying the Discrepancy between Sources and Packages

Open source packages have source code available on repositories for inspection (eg on GitHub) but developers use pre-built packages …
PDF Project DOI

Detecting Security Fixes in Open-Source Repositories using Static Code Analyzers

The sources of reliable, code-level information about vulnerabilities that affect open-source software (OSS) are scarce, which hinders …
PDF Project

Automated Mapping of Vulnerability Advisories onto their Fix Commits in Open Source Repositories

The lack of comprehensive sources of accurate vulnerability data represents a critical obstacle to studying and understanding software …
PDF Project

Commit2Vec: Learning Distributed Representations of Code Changes

Deep learning methods, which have found successful applications in fields like image classification and natural language processing, …
Preprint PDF Project Project DOI