Patch Me If You Can—Securing the Linux Kernel (MSR 2025 - Industry Track) - MSR 2025

Mon 28 - Tue 29 April 2025 Ottawa, Ontario, Canada

co-located with ICSE 2025

Track

MSR 2025 Industry Track

This program is tentative and subject to change.

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

When

Mon 28 Apr 2025 11:50 - 11:55 at 215 - Security and legal aspects

Abstract

In February 2024, the Linux kernel became a CNA (CVE numbering authority). The number of CVEs issued for the kernel increased by an order of magnitude. This increase places additional patching demands on kernel vendors and software companies maintaining custom Linux kernels. The industry needs the software analytics research community’s help to understand the patch velocity, develop the prediction models, and estimate the effort required to patch the kernel.

Link to Preprint

https://gunnarku.github.io/preprints/Patch_me_if_you_can_MSR_2025.pdf

Bio

Slayer of dead OS code. From C, C++, and kernel debugger to LaTeX, R, and Greek letters. Engineer at heart.

This program is tentative and subject to change.

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Session Program

Mon 28 Apr
Displayed time zone: Eastern Time (US & Canada) change

	11:00 - 12:30	Security and legal aspectsIndustry Track / Data and Tool Showcase Track / Technical Papers at 215

	11:00 10m Talk		Wolves in the Repository: A Software Engineering Analysis of the XZ Utils Supply Chain Attack Technical Papers Piotr Przymus Nicolaus Copernicus University in Toruń, Poland, Thomas Durieux TU Delft
	11:10 10m Talk		Software Composition Analysis and Supply Chain Security in Apache Projects: an Empirical Study Technical Papers Sabato Nocera University of Salerno, Sira Vegas Universidad Politecnica de Madrid, Giuseppe Scanniello University of Salerno, Natalia Juristo Universidad Politecnica de Madrid Pre-print
	11:20 10m Talk		Good practice versus reality: a landscape analysis of Research Software metadata adoption in European Open Science Clusters Technical Papers Anas El Hounsri Universidad Politécnica de Madrid, Daniel Garijo Universidad Politécnica de Madrid
	11:30 10m Talk		Towards Security Commit Message Standardization Technical Papers Sofia Reis Instituto Superior Técnico, U. Lisboa & INESC-ID, Rui Abreu INESC-ID; University of Porto, Corina Pasareanu CMU, NASA, KBR
	11:40 10m Talk		From Industrial Practices to Academia: Uncovering the Gap in Vulnerability Research and Practice Technical Papers Zhuang Liu , Xing Hu Zhejiang University, Jiayuan Zhou Queen's University, Xin Xia Huawei
	11:50 5m Talk		Patch Me If You Can—Securing the Linux Kernel Industry Track Gunnar Kudrjavets Amazon Web Services, USA Pre-print
	11:55 5m Talk		OSS License Identification at Scale: A Comprehensive Dataset Using World of Code Data and Tool Showcase Track Mahmoud Jahanshahi Research Assistant, University of Tennessee Knoxville, David Reid University of Tennessee, Adam McDaniel University of Tennessee Knoxville, Audris Mockus The University of Tennessee
	12:00 5m Talk		SCRUBD: Smart Contracts Reentrancy and Unhandled Exceptions Vulnerability Dataset Data and Tool Showcase Track Chavhan Sujeet Yashavant Indian Institute of Technology, Kanpur, Mitrajsinh Chavda Indian Institute of Technology Kanpur, India, Saurabh Kumar Indian Institute of Technology Hyderabad, India, Amey Karkare IIT Kanpur, Angshuman Karmakar Indian Institute of Technology Kanpur, India
	12:05 5m Talk		ICVul: A Well-labeled C/C++ Vulnerability Dataset with Comprehensive Metadata and VCCs Data and Tool Showcase Track Chaomeng Lu DistriNet Group-T, KU Leuven, Tianyu Li DistriNet Group-T, KU Leuven, Toon Dehaene KU Leuven, Bert Lagaisse DistriNet Group-T, KU Leuven
	12:10 5m Talk		A Dataset of Software Bill of Materials for Evaluating SBOM Consumption Tools Data and Tool Showcase Track Rio Kishimoto Osaka University, Tetsuya Kanda Notre Dame Seishin University, Yuki Manabe The University of Fukuchiyama, Katsuro Inoue Nanzan University, Shi Qiu Toshiba, Yoshiki Higo Osaka University
	12:15 5m Talk		Wild SBOMs: a Large-scale Dataset of Software Bills of Materials from Public Code Data and Tool Showcase Track Luis Soeiro LTCI, Télécom Paris, Institut Polytechnique de Paris, Thomas Robert LTCI, Télécom Paris, Institut Polytechnique de Paris, Stefano Zacchiroli Télécom Paris, Polytechnic Institute of Paris
	12:20 5m Talk		MaLAware: Automating the Comprehension of Malicious Software Behaviours using Large Language Models (LLMs) Data and Tool Showcase Track BIKASH SAHA Indian Institute of Technology Kanpur, Nanda Rani Indian Institute of Technology Kanpur, Sandeep K. Shukla Indian Institute of Technology Kanpur

Gunnar Kudrjavets

Gunnar Kudrjavets

Amazon Web Services, USA