Ben Hermann
YOU?
Author Swipe
View article: Total Recall? How Good Are Static Call Graphs Really?
Total Recall? How Good Are Static Call Graphs Really? Open
Static call graphs are a fundamental building block of program analysis. However, differences in call-graph construction and the use of specific language features can yield unsoundness and imprecision. Call-graph analyses are evaluated usi…
View article: (Re)Use of Research Results (Is Rampant)
(Re)Use of Research Results (Is Rampant) Open
Prior pessimism about reuse in software engineering research may have been a result of using the wrong methods to measure the wrong things.
View article: A retrospective study of one decade of artifact evaluations
A retrospective study of one decade of artifact evaluations Open
Most software engineering research involves the development of a prototype, a proof of concept, or a measurement apparatus. Together with the data collected in the research process, they are collectively referred to as research artifacts a…
View article: Reproduction Package (Docker container) for the ESEC/FSE 2022 Article `A Retrospective Study of one Decade of Artifact Evaluations`
Reproduction Package (Docker container) for the ESEC/FSE 2022 Article `A Retrospective Study of one Decade of Artifact Evaluations` Open
This is the artifact accompanying our study of artifact evaluations at SE/PL conferences and their effects, accepted for presentation at the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software En…
View article: Reproduction Package (Docker container) for the ESEC/FSE 2022 Article `A Retrospective Study of one Decade of Artifact Evaluations`
Reproduction Package (Docker container) for the ESEC/FSE 2022 Article `A Retrospective Study of one Decade of Artifact Evaluations` Open
This is the artifact accompanying our study of artifact evaluations at SE/PL conferences and their effects, accepted for presentation at the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software En…
View article: Reproduction Package (Docker container) for the FSE 2022 Article `A Retrospective Study of one Decade of Artifact Evaluations`
Reproduction Package (Docker container) for the FSE 2022 Article `A Retrospective Study of one Decade of Artifact Evaluations` Open
This is the artifact accompanying our study of artifact evaluations at SE/PL conferences and their effects, accepted for presentation at the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software En…
View article: Static data-flow analysis for software product lines in C
Static data-flow analysis for software product lines in C Open
Many critical codebases are written in C, and most of them use preprocessor directives to encode variability, effectively encoding software product lines. These preprocessor directives, however, challenge any static code analysis. SPLlift,…
View article: TaintBench: Automatic real-world malware benchmarking of Android taint analyses
TaintBench: Automatic real-world malware benchmarking of Android taint analyses Open
Due to the lack of established real-world benchmark suites for static taint analyses of Android applications, evaluations of these analyses are often restricted and hard to compare. Even in evaluations that do use real-world apps, details …
View article: Crowdsourcing the State of the Art(ifacts)
Crowdsourcing the State of the Art(ifacts) Open
In any field, finding the "leading edge" of research is an on-going challenge. Researchers cannot appease reviewers and educators cannot teach to the leading edge of their field if no one agrees on what is the state-of-the-art. Using a nov…
View article: Analyzing the Direct and Transitive Impact of Vulnerabilities onto Different Artifact Repositories
Analyzing the Direct and Transitive Impact of Vulnerabilities onto Different Artifact Repositories Open
In modern-day software development, a vast amount of public software libraries enable the reuse of existing implementations for reoccurring tasks and common problems. While this practice does yield significant benefits in productivity, it …
View article: Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis
Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis Open
Static analysis is used to automatically detect bugs and security breaches, and aids compiler optimization. Whole-program analysis (WPA) can yield high precision, however causes long analysis times and thus does not match common software-d…
View article: bhermann/artifact-survey: v4 - Paper Camera-Ready
bhermann/artifact-survey: v4 - Paper Camera-Ready Open
Changes for the camera-ready version of the paper
View article: bhermann/artifact-survey: v3 - Post-Artifact Evaluation
bhermann/artifact-survey: v3 - Post-Artifact Evaluation Open
This version includes changes suggested by the artifact reviewers.
View article: bhermann/artifact-survey: v1 - Blinded version
bhermann/artifact-survey: v1 - Blinded version Open
This version was available to the reviewers during the paper review. Results of the card sorting and the figures were added with the rebuttal in order to provide more information to the reviewers.
View article: bhermann/artifact-survey: v2 - Pre-Artifact Evaluation
bhermann/artifact-survey: v2 - Pre-Artifact Evaluation Open
This is the version of the artifact which was submitted to the artifact evaluation track of ESEC/FSE 2020. (Note: Manually uploaded as zenodo's automated process was not available.)
View article: From Needs to Actions to Secure Apps?:The Effect of Requirements and Developer Practices on App Security
From Needs to Actions to Secure Apps?:The Effect of Requirements and Developer Practices on App Security Open
Increasingly mobile device users are being hurt by security or privacy issues with the apps they use. App developers can help prevent this; inexpensive security assurance techniques to do so are now well established, but do developers use …
View article: Artifact and instructions to generate experimental results for TACAS 2019 paper: PhASAR: An Inter-Procedural Static Analysis Framework for C/C++
Artifact and instructions to generate experimental results for TACAS 2019 paper: PhASAR: An Inter-Procedural Static Analysis Framework for C/C++ Open
This artifact is concerned with Section 6 (Scalability) of the Paper "PhASAR: An Inter-Procedural Static Analysis Framework for C/C++" by Philipp Dominik Schubert, Ben Hermann and Eric Bodden. The artifact consists of a pre-compiled binary…
View article: PhASAR: An Inter-procedural Static Analysis Framework for C/C++
PhASAR: An Inter-procedural Static Analysis Framework for C/C++ Open
Static program analysis is used to automatically determine program properties, or to detect bugs or security vulnerabilities in programs. It can be used as a stand-alone tool or to aid compiler optimization as an intermediary step. Develop…
View article: Full-Stack Static Security Analysis for the Java Platform
Full-Stack Static Security Analysis for the Java Platform Open
We have to face a simple, yet, disturbing fact: current computing is inherently insecure. The systems we develop and maintain have outgrown our capacity to prove them secure in every instance. Moreover, we became increasingly dependent on …