Andreas Dann successfully completed his doctorate on the topic of "Secure Use of Open-Source Software - A Systematic Study and Techniques for Java" under Prof Dr Eric Bodden. Congratulations on this achievement!
Summary of the thesis:
The code of modern software often consists of up to 75% open source software. While the integration of open source software allows new systems to be programmed quickly, it also harbours the risk of integrating known security vulnerabilities into proprietary systems. The consequences of security vulnerabilities in integrated open-source software were demonstrated by the Log4Shell vulnerability in 2021, which made systems from companies such as Microsoft, Apple and Google vulnerable to attack.
Based on an industrial case study, the thesis identifies challenges in the secure integration of open source. Based on this, the Achilles benchmark and the UpCy tool are developed to reliably identify and automatically update insecure open source software without introducing new bugs. Finally, the developed static code analysis ModGuard is used to analyse Java modules with regard to their ability to integrate open source software in such a way that the risk of security vulnerabilities is minimised.
