SPLASH 2020
Sun 15 - Sat 21 November 2020 Online Conference
Fri 20 Nov 2020 13:00 - 13:40 at Rebase - 30
Sat 21 Nov 2020 01:00 - 01:40 at Rebase - 30

In security, ‘variant analysis’ is the process of searching for variants of known vulnerabilities. This used to be done with grep and painstaking manual code audits, but it can be automated with a powerful semantic query language like CodeQL. The idea of such a query language had been around in academic research for a long time, but we had to create a startup named Semmle to make CodeQL reality. Semmle was acquired by GitHub in September 2019. I’ll show with a few in-depth examples how security researchers have used the CodeQL product to find and fix many vulnerabilities in popular open source projects. I’ll also discuss why the focus on variant analysis was a critical step in making Semmle a successful startup company. Finally, I’ll explain why the experience of creating Semmle and CodeQL convinced me that blue skies research goes fastest with user needs driving the research agenda.

Oege de Moor is the CEO and Founder of Semmle. Semmle’s mission is to secure the software that runs the world. From 1994 to 2014, Oege was a professor of computer science at the University of Oxford, where he did research in programming languages and tools. Semmle’s products are used by Microsoft, Google, NASA, NASDAQ, Credit Suisse, Dell, and many other leading software organisations. It has offices in Oxford, Copenhagen, Valencia, New York, San Francisco and Seattle. The technology at Semmle is a fun combination of deep theory (if you like lattice theory, you’ll like our engine), good engineering (making it work on some of the largest code bases on the planet) and cool applications (like the 0-days we report in open source). Semmle is always on the look-out for new team members.

Fri 20 Nov
Times are displayed in time zone: Central Time (US & Canada) change

13:00 - 13:40: 30REBASE at Rebase +12h
13:00 - 13:40
Talk
REBASE

Sat 21 Nov
Times are displayed in time zone: Central Time (US & Canada) change

01:00 - 01:40: 30REBASE at Rebase
01:00 - 01:40
Talk
REBASE