I am a research associate and team lead at Fraunhofer IEM in Paderborn, Germany.
Static code analysis has shown success in finding bugs and security vulnerabilities. However, using existing analyses and tools on new codebases requires sufficient knowledge on how the particular analysis works which needs to be configured. This configuration includes selection of appropriate call graph, rules, and more. Default configurations are often not usable. In my research, I develop methods and tools that will ease the application of generic static analyses, such as taint analysis or typestate analysis to specific context.
Fraunhofer IEM Institute for Mechatronic Systems Design
Department Software Engineering and IT-Security