Lightnews — Scholar-powered news

Andreas Zeller @andreaszeller.bsky.social · 2d

On my way to ACM CCS 2025 in Taipei (via Istanbul). Meet me there!

7

Andreas Zeller @andreaszeller.bsky.social · 27d

(The listed problems come from a Google AI summary, where I asked "What are the worst problems of Germany?")

2

Andreas Zeller @andreaszeller.bsky.social · 27d

Why don't we let ChatGPT run the country? chatgpt.com/share/68c91b...

Question for ChatGPT: I am Friedrich Merz, the chancellor of Germany. Germany suffers from a stagnating economy underinvestment, significant infrastructure deficiencies (digital and physical), and a bureaucratic system slowing innovation. Other major challenges are the demographic shifts of an aging population, increasing social inequality and poverty, a rise in right-wing extremism, racism, and discrimination, and the impacts of climate change and global competition on its export-
dependent economy. What do I do?

Answer: Good - clear diagnosis and a high-stakes brief.
Below I give a compact, actionable playbook you (as Chancellor) can use: immediate 100-day moves, medium (1-3 years) structural reforms, and long-term strategy - each with concrete levers, KPls, and quick citations for the key facts that motivate the choices...

1 5

Reposted by Andreas Zeller

Clare Sudbery @claresudbery.bsky.social · Sep 12

Did you know there are tools you can use for automated debugging, and you can build them yourself? Have you come across @andreaszeller.bsky.social and his amazing creation The Debugging Book, which is so much more than just a book? Did you know you can access The Debugging Book for free?

1 2 6

Andreas Zeller @andreaszeller.bsky.social · Aug 22

25 years of delta debugging! On this day in 2000, I presented “Simplifying Failure-Inducing Inputs” at ISSTA - now one of the most influential works in the 50-year history of Transactions on Software Engineering. Read all about its genesis and impact at doi.ieeecomputersociety.org/10.1109/TSE....

4 20

Andreas Zeller @andreaszeller.bsky.social · Aug 1

Proud and honored to have German Chancellor Friedrich Merz visit us to be shown our latest and greatest research! This is a clear signal of how relevant @cispa.de has become - and we’re still growing and expanding.

CISPA Helmholtz Center for Information Security @cispa.de · Aug 1

Federal Chancellor Friedrich Merz visits CISPA 🚀🔐

During his inaugural visit to Saarland, Friedrich Merz stopped by CISPA together with Minister President of Saarland Anke Rehlinger. The focus was on our cutting-edge research in cybersecurity and trustworthy AI.
cispa.de/en/federal-c...

9

Andreas Zeller @andreaszeller.bsky.social · Jul 25

Always use these six sentences in your paper rebuttal

Here are a few tactful, slightly groveling phrases tailored for a typical “Reviewer 2” situation—showing humility, deference, and a desire to improve, while still preserving academic dignity:

⸻

🙇‍♂️ Respectful and Deferential Phrases:
1. “We sincerely thank Reviewer 2 for the insightful and challenging comments, which have significantly improved the quality of the paper.”
2. “We deeply appreciate Reviewer 2’s thorough reading and valuable suggestions, which pointed out important weaknesses that we have now addressed.”
3. “We are grateful to Reviewer 2 for identifying critical issues that we had previously overlooked.”
4. “We thank Reviewer 2 for holding our work to a high standard. We have taken the comments very seriously and made substantial revisions accordingly.”
5. “Reviewer 2’s detailed feedback prompted us to rethink and clarify several key aspects of our approach.”
6. “We humbly acknowledge Reviewer 2’s concerns regarding [X] and have revised the manuscript to better address these points.”

1 1 7

Andreas Zeller @andreaszeller.bsky.social · Jul 21

How can you teach a machine how a program behaves? In our newest ACM TOSEM paper, we train machine learners from input/output pairs of thousands of program runs, producing models that _predict inputs for given desired outputs_. This got us a 150k€ ERC grant. Read the paper at doi.org/10.1145/3748...

Learning Program Behavioral Models from Synthesized Input-Output
Pairs
TURAL MAMMADOV∗
, CISPA Helmholtz Center for Information Security, Germany
DIETRICH KLAKOW, Saarland University, Germany
ALEXANDER KOLLER, Saarland University, Germany
ANDREAS ZELLER, CISPA Helmholtz Center for Information Security, Germany

We introduce Modelizer—a novel framework that, given a black-box program, learns a model from its input/output behavior
using neural machine translation algorithms. The resulting model mocks the original program: Given an input, the model
predicts the output that would have been produced by the program. However, the model is also reversible—that is, the model
can predict the input that would have produced a given output. Finally, the model is differentiable and can be efficiently
restricted to predict only a certain aspect of the program behavior. Modelizer uses grammars to synthesize and inputs and
unsupervised tokenizers to decompose the resulting outputs, allowing it to learn sequence-to-sequence associations between
token streams. Other than input grammars, Modelizer only requires the ability to execute the program. The resulting models
are small, requiring fewer than 6.3 million parameters for languages such as Markdown or HTML; and they are accurate,
achieving up to 95.4% accuracy and a BLEU score of 0.98 with standard error 0.04 in mocking real-world applications. As
it learns from and predicts executions rather than code, Modelizer departs from the LLM-centric research trend, opening
new opportunities for program-specific models that are fully tuned towards individual programs. Indeed, we foresee several
applications of these models, especially as the output of the program can be any aspect of program behavior. Beyond mocking
and predicting program behavior, the models can also synthesize inputs that are likely to produce a particular behavior, such
as failures or coverage, thus assisting in program understanding and maintenance.

10

Reposted by Andreas Zeller

CISPA Helmholtz Center for Information Security @cispa.de · Jul 18

🛠️ Debugging with AI?
LLMs like ChatGPT struggle with debugging—but there’s still potential. CISPA’s @andreaszeller.bsky.social explains how AI can help and what’s next in the DLF podcast Computer und Kommunikation. 🎧
Listen here: www.deutschlandfunk.de/fehlersuche-...
 #AI #Debugging #Cybersecurity

2 2

Andreas Zeller @andreaszeller.bsky.social · Jul 14

A citation injection attack? Here comes my way to h-index greatness :-)

3

Andreas Zeller @andreaszeller.bsky.social · Jul 14

I got an ERC Proof of Concept grant from @erc.europa.eu! In the PROSA project, we train _program-specific models_ from myriads of synthesized executions, obtaining models that can predict how the software behaves and how we can trigger specific behavior: cispa.de/en/erc-proof... #ERCPoC

CISPA researcher Andreas Zeller awarded ERC Proof of Concept Grant for project on AI-powered software maintenance

To transfer his ERC Advanced Grant “S3 – Semantics of Software Systems” into practice, Zeller is receiving an additional €150,000.

cispa.de

1 18

Andreas Zeller @andreaszeller.bsky.social · Jul 14

Since its release two weeks ago, our #Fandango test generator has been downloaded and installed more than 25,000 times! (Hint: It's "pip install fandango-fuzzer") Check it out here: fandango-fuzzer.github.io

Fuzzing with Fandango — Fuzzing with Fandango

fandango-fuzzer.github.io

1 2 6

Andreas Zeller @andreaszeller.bsky.social · Jul 13

Oh, and a 2020 paper of mine, "Debugging inputs" apparently has been cited 11,457 times: scholar.google.com/scholar?q=%2... Title says it all :-)

2 2

Andreas Zeller @andreaszeller.bsky.social · Jul 13

How reliable are citation metrics? According to Google Scholar, our 2025 paper "A Retrospective on Mining Version Histories to Guide Software Changes" (ieeexplore.ieee.org/abstract/doc...) has had its first citation in 1974 – 50 years BEFORE publication: scholar.google.com/scholar?oi=b...

2 3 17

Reposted by Andreas Zeller

GOTO Conferences @gotocon.com · Jul 3

🐛 "Half of dev time is debugging, yet we barely teach it" - @andreaszeller.bsky.social tells @claresudbery.bsky.social
✅ Debugging skills critically undertaught
✅ Automated tools unknown to students

The Debugging Book • Andreas Zeller & Clare Sudbery • GOTO 2025

This interview was recorded for the GOTO Book Club. #GOTOcon #GOTObookclubhttp://gotopia.tech/bookclubRead the full transcription of the interview here:https...

youtu.be

3 6

Andreas Zeller @andreaszeller.bsky.social · Jun 28

Kudos for the great video! The Attenborough-style narrator is indeed me - no AI or other audio post-processing involved. I think I’ll go and expand my voice imitation skills :-)

1

Andreas Zeller @andreaszeller.bsky.social · Jun 28

Since many of you asked: One of the wonders of @cispa.de is that it has professionals for everything - be it photography, slide design, pitch talk training, empirical study design, proposal writing - and, of course, producing fun project videos :-)

CISPA Helmholtz Center for Information Security @cispa.de · Jun 27

FANDANGO, a new open-source fuzzing tool, uses an evolutionary algorithm to generate myriads of high-quality test inputs that satisfy defined constraints. Developed by a team of CISPA-researchers led by @andreaszeller.bsky.social. Now on GitHub! Learn more here cispa.de/en/fandango-...

10

Andreas Zeller @andreaszeller.bsky.social · Jun 27

Since many of you asked: One of the wonders of @cispa.de is that it has professionals for everything - be it photography, slide design, pitch talk training, empirical study design, proposal writing, and more. This video was produced by our fabulous in-house PR team, and clearly made with love :-)

CISPA Helmholtz Center for Information Security @cispa.de · Jun 27

FANDANGO, a new open-source fuzzing tool, uses an evolutionary algorithm to generate myriads of high-quality test inputs that satisfy defined constraints. Developed by a team of CISPA-researchers led by @andreaszeller.bsky.social. Now on GitHub! Learn more here cispa.de/en/fandango-...

1 9

Andreas Zeller @andreaszeller.bsky.social · Jun 26

Introducing #Fandango 💃 — a powerful bio-inspired test generator designed to supercharge your software testing. Fandango gives you unprecedented control over test inputs, integrating grammars, constraints, and Python. Now with protocol testing!

➡️ Check out Fandango at fandango-fuzzer.github.io

1 2 13

Andreas Zeller @andreaszeller.bsky.social · Jun 25

Today at #FSE2025:

* 14:40 @ Cosmos 3C “Expressing and Checking Statistical Assumptions”: 84% of surveyed notebooks violate assumptions: conf.researchr.org/details/fse-...

OR

* 14:50 at Pirsenteret “jAST: Analyzing and Modifying Java ASTs with Python”: conf.researchr.org/details/fse-...

Expressing and Checking Statistical Assumptions (FSE 2025 - Research Papers) - FSE 2025

The ACM International Conference on the Foundations of Software Engineering (FSE) is an internationally renowned forum for researchers, practitioners, and educators to present and discuss the most recent innovations, trends, experiences, and challenges in the field of software engineering. FSE brings together experts from academia and industry to exchange the latest research results and trends as well as their practical application in all areas of software engineering. The conference will be co-located with ISSTA 2025 (June 25th – 28th, 2025), Internetware 2025 (June 20th – 22nd, 2025), an ...

conf.researchr.org

1

Andreas Zeller @andreaszeller.bsky.social · Jun 24

My #Fandango team at #FSE2025 / #ISSTA2025: Alexi Turcotte, Marius Smytzek, me, Pepe Zamudio, and Laura Plein. What is #Fandango? Watch this space on Thursday for our big 1.0 release announcement and/or attend Pepe‘s presentation on Friday 16:00!

<exchange> ::= <client:request> <server:response>
<request> ::= 0x1 <length> <payload> <padding>
<response> ::= 0x2 <length> <payload> <padding>
<length> ::= <uint16>
<payload> ::= <byte>*
<padding> ::= <byte>* 
where len(<payload>) == uint16(<length>)
where <response>.<payload> == <request>.<payload>

1 7

Andreas Zeller @andreaszeller.bsky.social · Jun 23

Today at #FSE2025: Check out

* 14:20 @ Cosmos 3C: Bernd‘s journal-first work on Information Flow Fuzzing: conf.researchr.org/details/fse-... and
* 15:12 @ Vega: Laura‘s Student Research Competion talk on Predicting Software Changes from Desired Behavior Changes: conf.researchr.org/details/fse-...

Presentation Proposal for: Finding Information Leaks with Information Flow Fuzzing (FSE 2025 - Journal First) - FSE 2025

The ACM International Conference on the Foundations of Software Engineering (FSE) is an internationally renowned forum for researchers, practitioners, and educators to present and discuss the most recent innovations, trends, experiences, and challenges in the field of software engineering. FSE brings together experts from academia and industry to exchange the latest research results and trends as well as their practical application in all areas of software engineering. The conference will be co-located with ISSTA 2025 (June 25th – 28th, 2025), Internetware 2025 (June 20th – 22nd, 2025), a ...

conf.researchr.org

1 4

Andreas Zeller @andreaszeller.bsky.social · Jun 19

For the first time in 25 years, I put a sticker on my laptop

9

Reposted by Andreas Zeller

CISPA Helmholtz Center for Information Security @cispa.de · Jun 19

🌍 From June 4-6, 2025, we hosted a group of international luminaries in cybersecurity and trustworthy artificial intelligence in Saarbrücken.

Result of our evaluation: “Outstanding” - world leader in all categories!
cispa.de/en/evaluation

CISPA Receives Top Rating in International Helmholtz Evaluation 2025

In the 2025 international Helmholtz evaluation, CISPA Helmholtz Center for Information Security was awarded the highest possible rating, “Outstanding,” in all categories. The review confirms CISPA’s g...

cispa.de

1 1

Andreas Zeller @andreaszeller.bsky.social · Jun 17

And here's my interview on fuzzing with video and English subtitles: www.youtube.com/watch?v=u84x...

2 5