trench crew research teaching contact

Supply chain publications

F. Reyes, A. Sharma, B. Baudry, and M. Monperrus,
Maven-hijack: Software supply chain attack exploiting packaging order,” in Proceedings of SCORED, 2025.
Y. Liu, D. Tiwari, C. Bogdan, and B. Baudry,
Detecting and removing bloated dependencies in CommonJS packages,” Journal of Systems and Software, 2025, doi: https://doi.org/10.1016/j.jss.2025.112509.
Y. Gamage, N. Gonzalez, M. Monperrus, and B. Baudry,
“Software bills of materials in maven central,” in Proceedings of IEEE/ACM MSR, 2025. https://arxiv.org/pdf/2501.13832
F. Reyes, B. Baudry, and M. Monperrus,
“Breaking-good: Explaining breaking dependency updates with build analysis,” in Proceedings of SCAM, 2024. https://arxiv.org/pdf/2407.03880
F. Reyes, Y. Gamage, G. Skoglund, B. Baudry, and M. Monperrus,
BUMP: A benchmark of reproducible breaking dependency updates,” in Proceedings of SANER, 2024, pp. 159–170. https://arxiv.org/pdf/2401.09906
C. Soto-Valero, D. Tiwari, T. Toady, and B. Baudry,
“Automatic specialization of third-party java dependencies,” IEEE Transactions on Software Engineering, vol. 49, no. 11, pp. 5027–5045, 2023, doi: 10.1109/TSE.2023.3324950.
M. Balliu, B. Baudry, S. Bobadilla, M. Ekstedt, M. Monperrus, J. Ron, A. Sharma, G. Skoglund, C. Soto-Valero, and M. Wittlinger,
“Challenges of producing software bill of materials for java,” IEEE Security & Privacy magazine, vol. 21, no. 6, pp. 12–23, 2023, doi: doi.acm.org?doi=3605770.3625207.
C. Soto-Valero, T. Durieux, N. Harrand, and B. Baudry,
“Coverage-based debloating for java bytecode,” ACM Trans. on Software Engineering and Methodology, no. 2, pp. 1–34, 2023, doi: doi.org/10.1145/3546948.
C. Soto-Valero, M. Monperrus, and B. Baudry,
“The multibillion dollar software supply chain of ethereum,” IEEE Computer, no. 10, pp. 26–34, 2022, doi: 10.1109/MC.2022.3175542.
N. Harrand, A. Benelallam, C. Soto-Valero, F. Bettega, O. Barais, and B. Baudry,
API Beauty is in the eye of the Clients: 2.2 Million Maven Dependencies reveal the Spectrum of Client-APi usages,” Journal of Systems and Software, vol. 184, p. 111134, 2022, doi: https://doi.org/10.1016/j.jss.2021.111134.
N. Harrand, T. Durieux, D. Broman, and B. Baudry,
“The behavioral diversity of java JSON libraries,” in Proc. Of the int. Symp. On software reliability (ISSRE), 2021, pp. 412–422. doi: 10.1109/ISSRE52982.2021.00050.
C. Soto-Valero, T. Durieux, and B. Baudry,
“A longitudinal analysis of bloated java dependencies,” in Proc. Of the europ. Software engineering conf. And symp. On the foundations of software engineering (ESEC/FSE), 2021, pp. 1021–1031. doi: 10.1145/3468264.3468589.
C. Soto-Valero, N. Harrand, M. Monperrus, and B. Baudry,
A comprehensive study of bloated dependencies in the Maven ecosystem,” Empirical Software Engineering, vol. 26, no. 45, 2021, doi: 10.1007/s10664-020-09914-8.
T. Durieux, C. Soto-Valero, and B. Baudry,
DUETS: A dataset of reproducible pairs of java library-clients,” in Proc. Of mining software repositories (MSR), 2021. doi: 10.1109/MSR52588.2021.00071.
C. Soto-Valero, A. Benelallam, N. Harrand, O. Barais, and B. Baudry,
“The emergence of software diversity in maven central,” in Proc. Of mining software repositories (MSR), 2019, pp. 333–343. doi: 10.1109/MSR.2019.00059.
A. Benelallam, N. Harrand, C. Soto-Valero, B. Baudry, and O. Barais,
“The maven dependency graph: A temporal graph-based representation of maven central,” in Proc. Of mining software repositories (MSR), 2019, pp. 344–348. doi: 10.1109/MSR.2019.00060.