banner
mboehme.bsky.social
Marcel Böhme
@mboehme.bsky.social
820 followers 410 following 120 posts
Software Security @MPI, PhD @NUS, Dipl.-Inf. @TUDresden. Research Group: http://mpi-softsec.github.io
mpi-softsec.github.io
Posts Media Videos Starter Packs
Pinned
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Nov 19
🔮 ACM TOSEM Perspective Paper on Software Security in 2030 (Invited).

📝 mpi-softsec.github.io/papers/TOSEM...

Collab w/ Eric Bodden, Tevfik Bultan, Cristian Cadar, Liu Yang, and Giuseppe Scanniello
1 7 25
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · 19h
After 5 years, we are back at NDSS in San Diego!

Looking forward to submissions from the Security and the Software Engineering community!
yannicnoller.bsky.social
Yannic Noller @yannicnoller.bsky.social · 22h
#FUZZING'26 CALL FOR PAPERS
──────
✨ After 5 years, we will be again co-located with NDSS!

🔗 fuzzing-workshop.github.io
📅 11. Dec (Submission)

//cc @mboehme.bsky.social (MPI-SP), @ruijiemeng.bsky.social (CISPA), @rohan.padhye.org (CMU), László Szekeres (Google)
2 4
Reposted by Marcel Böhme
trowlett0.bsky.social
Tanner Rowlett @trowlett0.bsky.social · 14d
GUIFuzz++ is the first general-purpose fuzzer for desktop GUI software! Fuzzing by translating AFL++ random input into user interaction with GUIs, leading to the discovery of 23 new bugs!

Paper: futures.cs.utah.edu/papers/25ASE.pdf
Source: github.com/FuturesLab/GUIFuzzPlusPlus

Go test some GUIs!
1 11 16
Reposted by Marcel Böhme
aseconf.bsky.social
International Conference on Automated Software Engineering (ASE) @aseconf.bsky.social · Aug 21
Paper deadlines for ASE’25 co-located workshops are approaching! This year, nine exciting workshops are co-located with ASE’25, covering diverse SE topics. Deadlines vary, but most are due Aug 26 ⏳. Check each workshop’s website for details! conf.researchr.org/track/ase-20...

#ASE25 #Workshop #CFP
ASE 2025 - Workshops - ASE 2025
Welcome to the website of the 40th IEEE/ACM International Conference on Automated Software Engineering, ASE 2025. The ASE conference is the premier research forum for Automated Software Engineering. E...
conf.researchr.org
2 2
Reposted by Marcel Böhme
andreaszeller.bsky.social
Andreas Zeller @andreaszeller.bsky.social · Aug 22
25 years of delta debugging! On this day in 2000, I presented “Simplifying Failure-Inducing Inputs” at ISSTA - now one of the most influential works in the 50-year history of Transactions on Software Engineering. Read all about its genesis and impact at doi.ieeecomputersociety.org/10.1109/TSE....
25yrs of delta dbg
4 20
Reposted by Marcel Böhme
daveaitel.bsky.social
Dave Aitel @daveaitel.bsky.social · Aug 8
Aixcc results !
2 8
Reposted by Marcel Böhme
jonathanaldrich.bsky.social
Jonathan Aldrich @jonathanaldrich.bsky.social · Aug 8
Released today: the second video in my Programming Language Pragmatics series, covering Compilation, Interpretation, and Environments!

www.youtube.com/watch?v=mrmo...

Going forward, I'll post a video 3 times a week. Please share the series with anyone who might benefit!
PLP 1.3-1.4: Compilation, interpretation, and environments
YouTube video by Jonathan Aldrich
www.youtube.com
1 7 23
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Jul 2
We believe that our probabilistic perspective of correctness for the LLM-generated program as a random variable gives rise to a proliferation of new techniques built for trustworthy code generation with probabilistic guarantees.

Comments and feedback welcome!
2
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Jul 2
This work on "Estimating Correctness Without Oracles in LLM-Based Code Generation" was led by Thomas Valentin (ENS Paris Saclay) with the generous advice and help from Ardi Madadi (MPI-SP) and Gaetano Sapia (MPI-SP).
1 2
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Jul 2
A traditional pass@1 based evaluation of the code generation abilities of LLMs can be reliably substituted with our oracle-less evaluation. This brings substantial benefits. For instance, it removes reliance on human-written oracles (reducing data leakage and overfitting problems).
1
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Jul 2
Can we statistically estimate how likely an LLM-generated program is correct w/o knowing what is a correct program for that task?

Sounds impossible-but it's actually really simple. In fact, our measure of "correctness" called incoherence can be estimated (PAC guarantees).

arxiv.org/abs/2507.00057
Estimating Correctness Without Oracles in LLM-Based Code Generation
Generating code from natural language specifications is one of the most successful applications of Large Language Models (LLMs). Yet, they hallucinate: LLMs produce outputs that may be grammatically c...
arxiv.org
1 3 12
Reposted by Marcel Böhme
dmnk.bsky.social
dmnk @dmnk.bsky.social · Jul 1
LibAFLGo adds directed fuzzing to #LibAFL

Neat!
(not related to Golang)

github.com/vusec/libaflgo
GitHub - vusec/libaflgo: LibAFLGo: Evaluating and Advancing Directed Greybox Fuzzing
LibAFLGo: Evaluating and Advancing Directed Greybox Fuzzing - vusec/libaflgo
github.com
1 7
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Jul 1
It absolutely is. See you next time :)
1
Reposted by Marcel Böhme
yannicnoller.bsky.social
Yannic Noller @yannicnoller.bsky.social · Jun 29
🚨 Our amazing #FUZZING'25 keynotes are online!

"Constraining Fuzzing without Paying Too Much" by Miryung Kim
youtu.be/L90MBb6NLBE

"Are you sure you belong in academia?" by Will Wilson
youtu.be/qQGuQ_4V6WI

// @mboehme.bsky.social, László Szekeres, @rohan.padhye.org, @ruijiemeng.bsky.social
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Jun 29
We had two exciting keynotes:
* From academia: Miryung Kim (Prof @ UCLA)
* From industry: Will Wilson (CEO and Co-Founder of @AntithesisHQ.bsky.social).
Stay tuned for recordings!
1 6 11
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Jun 29
Wow! That was quick.
1
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Jun 29
It's been a lot of fun! Up here in Trondheim the sun never really sets at this time of the year. This is a picture from 9:30pm which feels like an eternal 4pm.

See y'all next year!
4
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Jun 29
Will Wilson (@AntithesisHQ.bsky.social) talked about the four professional paths with a beautiful historical metaphor from being a member of a guilt (academia) to being a siege engineer (startup founder). He also talked about his efforts at Antithesis to build a deterministic VM for fuzzing.
1 2
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Jun 29
Miryung Kim (UCLA) talked about challenges in domain-specific fuzzing beyond those of general-purpose, including very slow targets (from HW circuits to distributed systems), and her approach to developing domain-specific program transformations, mutation operators, feedback, etc.
1 2
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Jun 29
We had two exciting keynotes:
* From academia: Miryung Kim (Prof @ UCLA)
* From industry: Will Wilson (CEO and Co-Founder of @AntithesisHQ.bsky.social).
Stay tuned for recordings!
1 2
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Jun 29
It was great to see the community come together again at our 4th #FUZZING workshop in Trondheim this year! We drew a big crowd. Enjoyed the super lively discussions.

Thanks to the organizers:
* @rohan.padhye.org
* @yannicnoller.bsky.social
* @ruijiemeng.bsky.social and
* László Szekeres (Google)
2 3 21
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Jun 19
Thrilled to share a recent opinion piece at the IEEE Security and Privacy (Vol. 23, Issue 3).

Basically a long-term perspective on the field meant for both researchers and practitioners.

📝 ieeexplore.ieee.org/stamp/stamp....
2 9
Reposted by Marcel Böhme
andreaszeller.bsky.social
Andreas Zeller @andreaszeller.bsky.social · Jun 4
Knowing the input language of a software system greatly facilitates its (automated) testing. In our new GDBMiner work, we use the GNU debugger (GDB) to extract precise input grammars from any recursive descent parser that can be traced via GDB: doi.org/10.4230/LITE...
GDBMiner: Mining Precise Input Grammars on (Almost) Any System
doi.org
3 16
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Jun 7
The sequence of proofs approaches intuition with distance converging to 0.
Reposted by Marcel Böhme
halvarflake.bsky.social
halvarflake.bsky.social @halvarflake.bsky.social · Jun 5
My short impulse presentation from Cycon is online: youtu.be/qllU_B_Rmis?...
Fireside Chat: Gentleman Hackers with Thomas Dullien
YouTube video by natoccdcoe
youtu.be
4 10 21
Reposted by Marcel Böhme
rohan.padhye.org
Rohan Padhye @rohan.padhye.org · Jun 6
Just Accepted to ACM TOSEM!

The "Havoc Paradox" is about the relationship between byte-level fuzzer mutations and their effect on the inputs produced by generators for structured strings (e.g. XML/SQL). Can disruptive mutations be controlled? Should they be? Find out.

📄 dl.acm.org/doi/pdf/10.1...
2 3 21
mboehme.bsky.social
Marcel Böhme @mboehme.bsky.social · Jun 3
Massive 1.2k submissions to #ASE25 in Korea! 🎉 📈
aseconf.bsky.social
International Conference on Automated Software Engineering (ASE) @aseconf.bsky.social · Jun 3
🎉 HUGE NEWS! 🎉

#ASE2025 has received a record-breaking 1,190 submissions – the most EVER for a single-cycle top SE conference! 🤯

Massive thanks to all authors who submitted. Looking forward to what promises to be an unforgettable conference with an incredible program 🔥!
ASE 2025
Welcome to the website of the 40th IEEE/ACM International Conference on Automated Software Engineering, ASE 2025. The ASE conference is the premier research forum for Automated Software Engineering. E...
conf.researchr.org
2 16