* Click on a project title on the image opposite to view more information.

InnerSource Continuous Accumulation and Refinement of Corporate Software Engineering Capability Monolithic Disentanglement Large-Scale Model Quality Product Trustworthiness Measurement Seamless Concatenation of Design/Development Developer Experience Software Clone Detection Taint Analysis Techniques and Tools AddressSanitizer Works On ARM Linux Assurance Cases for Software Compliance with Security Standards


This project is focused on the development of an open source development paradigm within organizations, moving away from a silo-approach and promoting flexible code ownership, resulting in large-scale code refactoring/improvement, and the sharing of ideas, projects and other artifacts, which can subsequently evolve into new products and services.

Continuous Accumulation and Refinement of Corporate Software Engineering Capability

This project is focused on ensuring that each individual software project in large software-producing organizations should have two outputs:

1) A version of a software product that satisfies customers and also

2) An increase in the company’s software engineering capability, for example, by refining an existing component, evolving the architecture of the platform, reducing the complexity of common assets.

Monolithic Disentanglement

Monolithic software systems suffer from a number of scale and complexity problems that increase their resistance to change. This project will focus on identifying appropriate ‘fracture points’ where monolithic software systems can be partitioned into smaller code units/microservices, thus enabling more rapid delivery of new/enhanced software functionality to the market and serverless computing consumption which holds the promise of significantly lowering hardware costs.

Large-Scale Model Quality

This project focuses on the refinement of the large UML/SysML/DSL models used to represent software systems at various level of abstraction: architectural/design/implementation. The project will work on refining the structure of these models to the use-case contexts of the models in commercial practice.

Product Trustworthiness Measurement

This project focuses on the derivation of measures for trustworthy-software attributes like security, privacy, safety and reliability. It will derive such measures based on a review of academic literature in the area and current standards, subsequently assessing these measurements in-situ and using the data generated to refine the measures.

Seamless Concatenation of Design/Development

This project focuses on heightening the bi-directional consistency between requirements and source code. In high-quality, trustworthy software systems, the software developers should always be able to determine (1) that each requirement is actually implemented in source code and (2) which requirements are implemented by a given piece of code. This project aims at finding techniques and approaches towards achieving these goals.

Developer Experience

This project aims to improve the software developer experience by understanding their work context (their tasks, their information needs, their experience levels, the tools they have at their disposal and their motivation) and the approaches they currently use (both strategic and tactical).

Software Clone Detection

This project aims to derive techniques towards the efficient and effective identification of type III and IV clones. Efficient in that the techniques must deal with very large code bases (100s of millions of lines of code) and effective in that they should have very high recall, while preserving high precision.

Taint Analysis Techniques and Tools

This project will focus on using taint analysis to detect vulnerabilities that can arise from external interfaces introducing untrusted data to C/C++ programs. It aims to derive various static/dynamic taint analysis techniques that can scale to millions of lines of code, and which can analyze C++ virtual function calls and C/C++ function pointer calls, while ensuring high accuracy.

AddressSanitizer Works On ARM Linux

The goal of this project is to develop new methods of program instrumentation that reduce the memory overhead of, and execution time for, testing C/C++ programs with memory checking. It will focus on fast, but more compact, data structures for checking memory errors and mixing approaches in a family of techniques with different trade-offs, to cumulatively increase coverage.

Assurance Cases for Software Compliance with Security Standards

This project will develop a methodology to support software compliance with existing security standards. It will focus on the creation of security assurance cases that can demonstrate compliance using evidence collected from the analysis and verification of the software architecture and implementation.  The approach adopted in this project  will inform the development of new standards and regulations.