Patch Me If You Can—Securing the Linux Kernel (MSR 2025 - Industry Track)

Track

MSR 2025 Industry Track

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Mon 28 Apr 2025 11:50 - 11:55 at 215 - Security and legal aspects Chair(s): Mohammad Ghafari

Abstract

In February 2024, the Linux kernel became a CNA (CVE numbering authority). The number of CVEs issued for the kernel increased by an order of magnitude. This increase places additional patching demands on kernel vendors and software companies maintaining custom Linux kernels. The industry needs the software analytics research community’s help to understand the patch velocity, develop the prediction models, and estimate the effort required to patch the kernel.

Link to Preprint

https://gunnarku.github.io/preprints/Patch_me_if_you_can_MSR_2025.pdf

Bio

Slayer of dead OS code. From C, C++, and kernel debugger to LaTeX, R, and Greek letters. Engineer at heart.

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Mon 28 Apr
Displayed time zone: Eastern Time (US & Canada) change

11:00 - 12:30	Security and legal aspectsIndustry Track / Data and Tool Showcase Track / Technical Papers at 215 Chair(s): Mohammad Ghafari TU Clausthal

11:00 10m Talk		Wolves in the Repository: A Software Engineering Analysis of the XZ Utils Supply Chain Attack Technical Papers Piotr Przymus Nicolaus Copernicus University in Toruń, Poland, Thomas Durieux TU Delft Pre-print
11:10 10m Talk		Software Composition Analysis and Supply Chain Security in Apache Projects: an Empirical Study Technical Papers Sabato Nocera University of Salerno, Sira Vegas Universidad Politecnica de Madrid, Giuseppe Scanniello University of Salerno, Natalia Juristo Universidad Politecnica de Madrid Pre-print
11:20 10m Talk		Good practice versus reality: a landscape analysis of Research Software metadata adoption in European Open Science Clusters Technical Papers Anas El Hounsri Universidad Politécnica de Madrid, Daniel Garijo Universidad Politécnica de Madrid
11:30 10m Talk		Towards Security Commit Message Standardization Technical Papers Sofia Reis Instituto Superior Técnico, U. Lisboa & INESC-ID, Rui Abreu Faculty of Engineering of the University of Porto, Portugal, Corina Pasareanu CMU, NASA, KBR
11:40 10m Talk		From Industrial Practices to Academia: Uncovering the Gap in Vulnerability Research and Practice Technical Papers Zhuang Liu , Xing Hu Zhejiang University, Jiayuan Zhou Queen's University, Xin Xia Huawei
11:50 5m Talk		Patch Me If You Can—Securing the Linux Kernel Industry Track Gunnar Kudrjavets Amazon Web Services, USA Pre-print
11:55 5m Talk		OSS License Identification at Scale: A Comprehensive Dataset Using World of Code Data and Tool Showcase Track Mahmoud Jahanshahi University of Tennessee, David Reid University of Tennessee, Adam McDaniel University of Tennessee Knoxville, Audris Mockus University of Tennessee
12:00 5m Talk		SCRUBD: Smart Contracts Reentrancy and Unhandled Exceptions Vulnerability Dataset Data and Tool Showcase Track Chavhan Sujeet Yashavant Indian Institute of Technology, Kanpur, Mitrajsinh Chavda Indian Institute of Technology Kanpur, India, Saurabh Kumar Indian Institute of Technology Hyderabad, India, Amey Karkare IIT Kanpur, Angshuman Karmakar Indian Institute of Technology Kanpur, India Pre-print
12:05 5m Talk		ICVul: A Well-labeled C/C++ Vulnerability Dataset with Comprehensive Metadata and VCCs Data and Tool Showcase Track Chaomeng Lu DistriNet Group-T, KU Leuven, Tianyu Li DistriNet Group-T, KU Leuven, Toon Dehaene KU Leuven, Bert Lagaisse DistriNet Group-T, KU Leuven Pre-print
12:10 5m Talk		A Dataset of Software Bill of Materials for Evaluating SBOM Consumption Tools Data and Tool Showcase Track Rio Kishimoto Osaka University, Tetsuya Kanda Notre Dame Seishin University, Yuki Manabe The University of Fukuchiyama, Katsuro Inoue Nanzan University, Shi Qiu Toshiba, Yoshiki Higo Osaka University Pre-print
12:15 5m Talk		Wild SBOMs: a Large-scale Dataset of Software Bills of Materials from Public Code Data and Tool Showcase Track Luis Soeiro LTCI, Télécom Paris, Institut Polytechnique de Paris, Thomas Robert LTCI, Télécom Paris, Institut Polytechnique de Paris, Stefano Zacchiroli LTCI, Télécom Paris, Institut Polytechnique de Paris, Palaiseau, France Pre-print
12:20 5m Talk		MaLAware: Automating the Comprehension of Malicious Software Behaviours using Large Language Models (LLMs) Data and Tool Showcase Track BIKASH SAHA Indian Institute of Technology Kanpur, Nanda Rani Indian Institute of Technology Kanpur, Sandeep K. Shukla Indian Institute of Technology Kanpur Pre-print

Patch Me If You Can—Securing the Linux Kernel

Program Display Configuration

Program Display Configuration

Mon 28 AprDisplayed time zone: Eastern Time (US & Canada) change

Gunnar Kudrjavets

Amazon Web Services, USA

Mon 28 Apr
Displayed time zone: Eastern Time (US & Canada) change