Emanuele Iannone

Postdoctoral Researcher at TUHH

propic.jpg

Institute of Software Security

Blohmstraße 15, 21079

Hamburg, Germany

Hello, I am Emanuele (/Eh-maa-noo-eh-leh/), Postdoctoral Researcher (Research Assistant) at the Hamburg University of Technology (TUHH), Germany.

I am part of the Institute of Software Security (SoftSec), where I dedicate my effort (and passion) to security testing. I am involved in the Horizon EU project Sec4AI4Sec, where I work on automated mining and generation of proof of vulnerabilities (i.e., vulnerability test cases) and developing novel automated vulnerability repair solutions.

In February 2024, I earned a Ph.D. in Computer Science at the University of Salerno (UNISA), Italy. I defended a thesis on software vulnerabilities in the context of software maintenance and evolution (thesis title: There’s Something about Vulnerabilities: Empirical Comprehension and Novel Automated Approaches), supervised (and academically raised) by Prof. Fabio Palomba at the Software Engineering (SeSa) Lab.

My research is entirely rooted in Empirical Software Engineering. In this area, I focused on software security, in particular to security testing, automated exploit generation, mining vulnerability-related data from software repositories, and vulnerability assessment. I adopt AI tools and techniques on a daily basis, without forgetting the (good ol’) heuristic and more traditional approaches.

To summarize, my active research topics are:

    :bangbang: Security Vulnerability Testing
    :bangbang: Mining Software Repositories & Software Analytics (esp. applied to vulnerability-related data)
    :bangbang: AI for Software Security Engineering
    :bangbang: Search-based Software Engineering

I recently got interest in new topics:

    :exclamation: Automatic Vulnerability Repair
    :exclamation: Human Aspects in Software Security

I have also worked on some others topics that I am not considering much today, though it would still be good to go back to them sometimes:

    :grey_exclamation: Program Comprehension
    :grey_exclamation: Software Refactoring
    :grey_exclamation: Organizational Aspects in Software Engineering
    :grey_exclamation: Green Software Engineering

In September 2020, I earned an M.Sc. Degree in Computer Science at the University of Salerno, defending a thesis on Automated Exploit Generation of Known Java API vulnerabilities advised by Prof. F. Palomba and Prof. A. De Lucia (110/110 cum laude). Two years earlier, In July 2018, I earned an B.Sc. Degree in Computer Science at the University of Salerno, defending a thesis on Automated Refactoring of Android-specific Energy Smells advised by Prof. A. De Lucia (110/110 cum laude).

I am 100% Salernitan. I was born in Salerno, grew up there, and want to school there. I am a proud millennial, born in 1996. I have always been fond of video games, especially role-playing games (RPG), and I used to play them for hours each day. But since my professional life has given me new perspectives, I have had to change my habits and switch to more flexible hobbies, though sometimes I go back doing some retro gaming (nostalgia kicks in).

If you want to hear me talking for an indefinite amount of time, just introduce the topic Pokémon. If you want to hear me only for few hours, you can pick one among Final Fantasy, Attack on Titan, Steins;Gate, Dragon Ball and Jojo’s Bizzare Adventures.

Random facts about me:

  • Apparently people have trouble with my last name. They keep misspelling it…
  • I am former World of Warcraft player with a Human Retribution Paladin (For the Alliance, deal with it).

Contact me at: <first-name>.<last-name>@tuhh.de

Selected Publications

2024

  1. Early and Realistic Exploitability Prediction of Just-Disclosed Software Vulnerabilities: How Reliable Can It Be?
    ACM Trans. Softw. Eng. Methodol., Mar 2024
    Just Accepted

2023

  1. TSE
    preview_j2.png
    The Secret Life of Software Vulnerabilities: A Large-Scale Empirical Study
    Emanuele Iannone, Roberta Guadagni, Filomena FerrucciAndrea De Lucia, and Fabio Palomba
    IEEE Transactions on Software Engineering, Jan 2023

2022

  1. JSS
    preview_j3.png
    Just-in-time software vulnerability detection: Are we there yet?
    Journal of Systems and Software, Jan 2022