Distinguished paper award for Mohayeji Nasrabadi et al.


The team of researchers from Eindhoven University of Technology (Hamid Mohayeji Nasrabadi, Andrei Agaronian, Eleni Constantinou, Nicola Zannone, and Alexander Serebrenik) have won the ACM SIGSOFT Distinguished Paper Award at the 20th International Conference on Mining Software Repositories (MSR 2023).

In their award-winning paper “On the Resolution of Vulnerable Dependencies with Dependabot Security Updates” Mohayeji et al show that the task of fixing vulnerable dependencies is, to a large extent, delegated to Dependabot and that developers merge the majority of security updates within several days.However, when developers do not merge a security update, they usually address the identified vulnerability manually. This approach, however, often takes up to several months which in turn could expose the projects to security issues.