Featured talks and papers

Find the full list of my publications at Google Scholar

Vuln4Real: A Methodology for Counting Actually Vulnerable Dependencies, IEEE Transactions of Software Engineering (6.112), 2020. - author-accepted manuscript

Technical Leverage in a Software Ecosystem: Development Opportunities and Security Risks, To appear in Proceedings of the ACM/IEEE International Conference on Software Engineering (A*), 2021 - preprint
A Qualitative Study of Dependency Management and Its Security Implications, In Proceedings of the ACM Conference on Computer and Communications Security (CCS) (A*), 2020 - preprint
Vulnerable Open Source Dependencies: Counting Those That Matter. In Proceedings of International Symposium on Empirical Software Engineering and Measurement (ESEM2018) (A), 2018. - paper
Delta-Bench: Differential Benchmark for Static Analysis Security Testing Tools. In Proceedings of International Symposium on Empirical Software Engineering and Measurement (ESEM2017) (A), 2017. - paper

Please hold on: more time = more patches? Automated program repair as anytime algorithms. To Appear in Proceedings of ACM/IEEE International Conference on Software Engineering - Automated Program Repair (APR) workshop (A*), 2021 - preprint
Secure Software Development in the Era of Fluid Multi-party Open Software and Services. To Appear in ACM/IEEE International Conference on Software Engineering - New Ideas and Emerging Results (ICSE-NIER) (A*), 2021 - page
Poster: Towards Using Source Code Repositories to Identify Software Supply Chain Attacks. In Proceedings of the ACM Conference on Computer and Communications Security (CCS) (A*), 2020 - preprint
Typosquatting and Combosquatting Attacks on the Python Ecosystem. In Proceedings of the 2nd Workshop on Attackers and Cyber-Crime Operations (WACCO 2020), 2020 - preprint
Preliminary Findings on FOSS Dependencies and Security A Qualitative Study on Developers’ Attitudes and Experience. Poster. In Proceedings of 42nd International Conference on Software Engineering (ICSE) (A*), 2020 - preprint, poster, video
FOSS Version Differentiation as a Benchmark for Static Analysis Security Testing Tools. In Proceedings of 2017 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE’17) (A*), 2017. - paper

Technical Leverage: dependencies mixed blessing. To Appear in IEEE Security and Privacy Magazine - Dept. Building Security In, 2021 - preprint
Intelligent technologies for smart grid security system. In Proc. of Information Technologies for Intelligent Decision Making Support (ITIDS). 2016.
Smart Grid security rule base design. In Proc. of Intelligent Technologies for Information Processing and Management (ITIPM). 2015
Design of Smart Grid security ontology. In Proc. of Intelligent Technologies for Information Processing and Management (ITIPM). 2014

Github Satellite Virtual 2020 - Dependency hell or Developers' Perception of Software Dependencies. (>6500 online listeners) - description, youtube

Global Summit for Java Devs’20 - A Lesson from the Trenches: Making Dependency Management Secure (>200 online listeners) - slides, video

SFScon-2019 - Say No to the Dependency Hell - (>100 attendees) - video

Speck&Tech #31 - Open Security - We say No to the Dependency Hell - slides, video

ESSOS-2017 (Bonn, Germany) - poster

We don't WannaCry (Trento, Italy) - slides

ESSOS-2016 Doctoral Symposium (London, United Kingdom) - slides

EIT Digital Security Symposium / European Cyber Week 2016 (Rennes, France) - poster

IBKVO-2015 Annual conference on cyber security of critical infrastructures (Moscow, Russia) - slides

E-mail: ivan.pashchenko[at]unitn.it Twitter: @ivPashenko Skype: ivanpashchenko My LinkedIn page: LinkedIn