Date:2025/10/17 14:20-15:40
Location:R103, CSIE
Speakers:Dr. Ting Zhang
Host:陳尚澤教授
Abstract:
Open-source software (OSS) underpins today's digital infrastructure, but its vulnerabilities can propagate at scale. Current practices often leave critical gaps: many security fixes are silent, version information is incomplete, and automated detectors lack precision. This seminar presents a line of work that addresses these challenges by combining program analysis and AI. The talk covers three key projects: Fixseeker, for detecting silent vulnerability-fixing commits; Vercation, for precisely identifying vulnerable software versions; and R2Vul, for building accurate and explainable vulnerability detectors. Together, these works highlight a shift from pattern matching toward AI-augmented reasoning for software security and invite discussion on securing the wider OSS ecosystem.
Biography:
Ting Zhang (a.k.a. happygirlzt) is a Lecturer (equivalent to Assistant Professor) in the Department of Software Systems & Cybersecurity at Monash University, Australia. Her research at the intersection of software engineering and AI focuses on using large language models to improve software security and developer productivity. She received her Ph.D. from Singapore Management University (SMU) in 2024 and was the lead post-doctoral researcher on TITAN, a collaborative SMU–GovTech project on intelligent vulnerability discovery. Her work has appeared in leading venues such as ICSE, FSE, ASE, TSE, and ACL, and she is actively seeking motivated Ph.D. students and collaborators.