I am pleased to announce the opening of a PHD position at KTH Royal Institute of Technology (Stockholm, Sweden), in software technology. The student will investigate novel technology to harden the software supply chain of applications. The research will contribute to the fields of dependency management [1] and automatic build [2]. Research directions will include diverse double compilation [3], software debloating [4] and automatic diversification in the supply chains [5].
The position is for 5 years at the KTH Royal Institute of Technology, in the research group of Benoit Baudry.
[1] A. Gkortzis, D. Feitosa, and D. Spinellis, Software reuse cuts both ways: An empirical analysis of its relationship with security vulnerabilities, Journal of Systems and Software, 2021.
[2] C. Lamb and S. Zacchiroli, Reproducible builds: Increasing the integrity of software supply chains, IEEE Software, 2021.
[3] D. A. Wheeler, Countering trusting trust through diverse double-compiling, in Proc. of ACSAC, pp. 13–pp, 2005.
[4] C. Soto-Valero, T. Durieux, and B. Baudry, A longitudinal analysis of bloated java dependencies, in Proc. of ESEC/FSE, pp. 1021–1031, 2021.
[5] B. Baudry and M. Monperrus, The multiple facets of software diversity: Recent developments in year 2000 and beyond, in ACM Computing Survey, 2015
