SPLASH 2020
Sun 15 - Sat 21 November 2020 Online Conference
Fri 20 Nov 2020 13:00 - 13:40 at SPLASH-II - 30
Sat 21 Nov 2020 01:00 - 01:40 at SPLASH-II - 30

In security, ‘variant analysis’ is the process of searching for variants of known vulnerabilities. This used to be done with grep and painstaking manual code audits, but it can be automated with a powerful semantic query language like CodeQL. The idea of such a query language had been around in academic research for a long time, but we had to create a startup named Semmle to make CodeQL reality. Semmle was acquired by GitHub in September 2019. I’ll show with a few in-depth examples how security researchers have used the CodeQL product to find and fix many vulnerabilities in popular open source projects, and what makes it effective for this purpose. I’ll also discuss why the focus on variant analysis was a critical step in making Semmle a successful startup company. Finally, I’ll explain the factors that must come together to drive the adoption, scalability, and success of such technology.

The discussion and AMA following this talk will be moderated by Satish Chandra.

Aditya Sharad is a Senior Manager of Software Engineering at GitHub. He leads the CodeQL core engineering team, which is responsible for the query language, evaluation engine, and developer tooling for the CodeQL semantic code analysis technology. First at Semmle and later at GitHub, Aditya has extensive experience in both building code analysis technology and teaching the community how to use it to find security vulnerabilities in software. He holds bachelor’s and master’s degrees in mathematics and computer science from the University of Oxford.

Fri 20 Nov
Times are displayed in time zone: Central Time (US & Canada) change

13:00 - 13:40: 30REBASE at SPLASH-II +12h
13:00 - 13:40
Talk
Variant analysisAMA
REBASE
A: Aditya SharadGitHub

Sat 21 Nov
Times are displayed in time zone: Central Time (US & Canada) change

01:00 - 01:40: 30REBASE at SPLASH-II
01:00 - 01:40
Talk
Variant analysisAMA
REBASE
A: Aditya SharadGitHub