So true!
18.02.2026 07:07 — 👍 2 🔁 0 💬 0 📌 0So true!
18.02.2026 07:07 — 👍 2 🔁 0 💬 0 📌 0
Thrilled to give a keynote at ACM India's ISEC'26 in Jaipur this Friday!
How do we know whether our program has no bugs if we have never seen it have any, and if we don't even have anything (i.e., an oracle) that can tell us whether a behavior is a bug or feature?
Stick around till Friday!
Hopefully, it will allow us to refocus on what truly matters in science, on big problems, on intuition and insights, on theory building, and away from the brute mechanics of publishing and the bean counting that has put the breaks on true progress in science.
hegemon.substack.com/p/the-age-of...
Very interesting! You are suggesting there may be other domains where the proxy carries "more signal" about the expected value of the proxied random variable than the random variable itself, right?
26.12.2025 07:27 — 👍 1 🔁 0 💬 1 📌 0Yes. For the special case where the benchmark set is size 1 (i.e., 1 program), what you describe is what we found. For Fuzzbench (primarily a coverage-based benchmark), your intuition extends to larger benchmark sets, too.
26.12.2025 07:21 — 👍 0 🔁 0 💬 0 📌 0
In fact, a ranking of fuzzers by the coverage achieved on a bunch of programs is much more representative of the ranking of fuzzers by the number of bugs found than a ranking of fuzzers by the number of bugs found itself.
Don't believe me? Wait until we release our preprint 😄.
Merry Xmas everyone!
Which is better? Asking your distant Uncle Barry for the Top10 restaurants in NY or consulting the Michelin Guide? Well, turns out that bug-based fuzzer benchmarking is much like Uncle Barry. Random and noisy.
Accepted at #FSE26. Led by Ardi Madadi, @is-eqv.bsky.social, and @nimgnoeseel.bsky.social
Thanks Carlo!
19.12.2025 11:13 — 👍 0 🔁 0 💬 0 📌 0Many thanks, Rahul :)
19.12.2025 11:13 — 👍 0 🔁 0 💬 0 📌 0Thank you, Konrad!
19.12.2025 11:13 — 👍 0 🔁 0 💬 0 📌 0Thanks Adolfo!
18.12.2025 09:35 — 👍 1 🔁 0 💬 0 📌 0
Thank you to all of my former and current students, to my friends, and particularly to my dear family who have been my greatest support in my life. Thank y'all so much – I would not be where I am without you. ❤️
2/2
I have been named an ACM Distinguished Member for "contributions to software security and fuzz testing". Happy and honored!
A heartfelt *Thank You* to my nominator and all of you who endorsed and supported me - today and throughout my entire career.
1/2
Starter Pack: Max Planck scientists on Bluesky
Many Max Planck scientists have started sharing their #research findings on #BlueSky. Follow their posts and join the conversation! 👋 go.bsky.app/BYcBy6R #StarterPack
17.11.2025 11:15 — 👍 116 🔁 41 💬 5 📌 2
📢 Call for Papers for ISSTA 2026
We invite high-quality submissions on software testing and analysis from industry and academia, incl.
* research papers
* experience papers, and
* replicability studies.
📆 29th January 2026
🖊️ issta2026.hotcrp.com
🌐 conf.researchr.org/track/issta-...
@mboehme.bsky.social 👋
MPI for Security and Privacy (Software Security group)
Spokesperson for MPRGL at CPTS
mpi-softsec.github.io
⏱️ 9 days until submission deadline (Dec 11, 23:59 AoE).
Organized by: @yannicnoller.bsky.social, @rohan.padhye.org, @ruijiemeng.bsky.social, and Laszlo (@lszekeres.bsky.social) Szekeres.
Dearly beloved, we are gathered here today to celebrate this thing called ASE 2025 ;) @aseconf.bsky.social @mboehme.bsky.social @llingming.bsky.social
17.11.2025 03:18 — 👍 15 🔁 3 💬 0 📌 0
🎙️ #ASE2025 Keynote Speaker Series (1 of 3)
What do symbolic model checking, path profiling, and quantum simulation have in common? 🤔
Find out from Prof. Reps (University of Wisconsin-Madison) in his ASE2025 Keynote “We Will Publish No Algorithm Before Its Time”!
conf.researchr.org/track/ase-20...
🎙️ ASE 2025 Keynote Speaker Series (3 of 3)
Prof. Taesoo Kim (Georgia Tech)
“Hyperscale Bug Finding and Fixing: DARPA AIxCC”
conf.researchr.org/track/ase-20...
🎙️ #ASE2025 Keynote Speaker Series (2 of 3)
Dr. Cristina Cifuentes, Vice President @ Oracle Software Assurance
“Oracle Parfait – Detecting Application Vulnerabilities at Scale – Past, Present and Future”
Awesome! Also, I'll be happy to catch up in Seoul in the week after next if you are around for ASE :)
09.11.2025 13:29 — 👍 0 🔁 0 💬 1 📌 0
On the negative side, the AI reviewer seems to be worse at setting priorities, i.e., distinguishing between critical and insubstantial problems w.r.t. to the main claims. Moreover, it was convincingly incorrect whereas a human reviewer might be incorrect and detectably "silent" on the rationale.
2/2
Great question!
On the positive side, I found the AI reviewer *way* more elaborate in eliciting both the positive and negative points. The review is more objective, less/not opinionated. It is more constructive and for every weakness makes suggestions for improvements.
1/
Exactly. This is our assumption. Also, there can be infinitely many ways to implement that function.
09.11.2025 07:44 — 👍 1 🔁 0 💬 2 📌 0bsky.app/profile/mboe...
08.11.2025 20:04 — 👍 0 🔁 0 💬 0 📌 0
Overall, the AI reviewer is super impressive! I think, it would help me tremendously during the preparation of our submission to identify points to improve before the paper is submitted.
However, it does make errors, and I wouldn't trust it as an actual (co)-reviewer.
12/12
The AI reviewer lists several other items as weaknesses and the corresponding suggestions for improvement. These are summarily deemed to be fixable. Yay!
11/
The fourth weakness is a set of presentation issues. These are helpful but easily fixed.
10/
The third weakness is a matter of preference.
Our theorem expresses what (and how efficiently) we can learn about detecting non-zero incoherence given the alg. output: "If after n(δ,ε) samples we detect no disagreement, then incoherence is at most ε with prob. at least 1-δ".
9/