Dr. Tony Lindsay
Director, STELaRLab, Lockheed Martin Australia



Speaker’s Bio

Dr. Tony Lindsay is an Australian expert in C4ISREW technologies and joined Lockheed Martin Australia after a distinguished career within the Defence Science and Technology Group.

He leads Lockheed Martin’s first internationally based, multi-disciplinary Research and Development Laboratory – the Science, Technology, Engineering Leadership and Research Laboratory (STELaRLab) – partnering with Australian universities and research organisations to undertake advanced research and development.

“I joined Lockheed Martin in 2016, because leading STELaRLab is a great opportunity to work with the finest minds here in Australia on programs that have the potential to lead the world. The establishment of STELaRLab is concrete recognition of the international respect for the standard of the research being undertaken in Australia, as well as the standing of our researchers globally.”

“From a Defence perspective, the Australian Defence Force’s AIR 6500 program is one to watch here. It is a leading edge program, unique to Australia, which will develop solutions to modernise and more closely integrate ADF’s fifth generation technologies. It’s a program that will provide a foundation for Defence’s capability evolution well into the 21st century.”

“Today we’re introducing bright young minds to the possibilities offered by leveraging Lockheed Martin’s vast global innovation and research backbone, and they are now actively contributing Australian solutions to solving real world challenges through leading edge R&D.”

Prior to his role at Lockheed Martin, Tony was with the Defence Science and Technology Group for 28 years. His last position was Chief of the National Security and Intelligence, Surveillance and Reconnaissance Division. In that role he was responsible for R&D programs supporting Australian Defence Organisation (ADO) ISR Projects, including major surveillance acquisitions and intelligence programs.

Oracle Parfait: The Flavour of Real-World Vulnerability Detection


Cristina Cifuentes
Oracle Labs, Australia


The Parfait static code analysis tool focuses on detecting vulnerabilities that affect C, C++, Java and PL/SQL languages. Its focus has been on four key items expected of a commercial tool that lives in a commercial organisation:

  • precision of results (i.e., high true positive rate),
  • scalability (i.e., being able to quickly scan millions of lines of code),
  • incremental analysis (i.e., run over deltas of the code quickly), and
  • usability (i.e., ease of integration into standard build processes and reporting).

Parfait is used everyday around the world by thousands of Oracle developers.

In this presentation, we’ll sample a flavour of Parfait. We explore some real-world challenges faced in the creation of a robust vulnerability detection tool, we look into two examples of vulnerabilities that severely affected the Java platform in 2012-13 and most machines in 2017-18, and we conclude by recounting what matters to developers for integration into today’s continuous integration and continuous delivery (CI/CD) pipelines.

Speaker’s Bio

Cristina is the Director of Oracle Labs Australia and an Architect at Oracle. Headquartered in Brisbane, the Lab focuses on Program Analysis as it applies to finding vulnerabilities in software and enhancing the productivity of developers worldwide. Prior to founding Oracle Labs Australia, Cristina was the Principal Investigator of the Parfait bug tracking project at Sun Microsystems, then Oracle. Today, Oracle Parfait has become the defacto tool used by thousands of Oracle developers for bug and vulnerability detection in real-world, commercially sized C/C++/Java applications. Parfait’s success is founded on the pioneering work in advancing static program analysis techniques by Cristina’s team of Researchers and Engineers at Oracle Labs Australia. Cristina’s passion for tackling the big issues in the field of Program Analysis began with her doctoral work in binary decompilation at Queensland’s University of Technology. In an interview with Richard Morris for Geek of the Week, Cristina talks about Parfait, Walkabout and her career journey in this field. Before she joined Oracle and Sun Microsystems, Cristina held teaching posts at major Australian Universities, co-edited Going Digital, a landmark book on cybersecurity, and served on the executive committees of ACM SIGPLAN and IEEE Reverse Engineering.

Human-centric Software Engineering


Professor John Grundy
Monash University, Australia


Humans are a key part of software development, including customers, designers, coders, testers and end users. In this talk I discuss several examples from our recent work on handling human-centric issues when engineering software systems. This includes personality impact on aspects of software development, specifically testing and pair-programming; understanding interpersonal issues in agile practices ; incorporating end user emotions into software requirements engineering; reporting usability defects; providing proactive design critics in software tools to augment human decision making; and finally to the use of human-centric, domain-specific visual models for non-technical experts to specify and generate systems, without the need for software engineers at all. I assess the usefulness of these approaches and discuss key future directions.

Speaker’s Bio

Professor John Grundy is the Senior Deputy Dean for the Faculty of Information Technology and a Professor of Software Engineering at Monash University. Professor Grundy holds the BSc(Hons), MSc and PhD degrees, all in Computer Science, from the University of Auckland. Professor Grundy is a Fellow of Automated Software Engineering, Fellow of Engineers Australia, Certified Professional Engineer, Engineering Executive, Member of the ACM and Senior Member of the IEEE. His research is in the area of software engineering, primarily software tools and techniques, software architecture, model-driven software engineering, visual languages, software security engineering, service-based and component-based systems and user interfaces. His work is mostly applied and he does research, R&D and consulting work with a range of companies. These have included, among many others, Unisono, Uniting AgeWell, Mailguard, NICTA, Thales Australia, CA Labs, XSol, Orion Health, Peace Software, and Whitecloud Systems.

Automated Program Repair


Professor Abhik Roychoudhury
National University of Singapore


Software systems, are prone to vulnerabilities which can be exploited. One of the key difficulties in building trustworthy software systems – is the lack of specifications, or intended behavior, or a description of how the software system is supposed to behave. In our work, we have developed semantic analysis techniques to extract or discover specifications from an erroneous or vulnerable program. Such a specification discovery process helps in automatically generating repairs, thereby moving closer to the goal of self-healing software systems. As more and more of our daily functionalities become software controlled, and with the impending arrival of technology like personalized drones, the need for self-healing software has never been greater. There exist exciting possibilities for combining semantics based repair approaches with search-based repair, and this is under investigation in our research team. We envision that automated repair capabilities should be integrated into programming environments in the future. We will also discuss the possibility of using automated repair for grading and teaching of introductory programming to various learner groups

Speaker’s Bio

Abhik Roychoudhury is a Professor of Computer Science at National University of Singapore. His research focuses on software testing and analysis, software security and trust-worthy software construction. His research group has built scalable techniques for testing, debugging and repair of programs using systematic semantic analysis. He has been an ACM Distinguished Speaker (2013-19). He is currently leading a large five-year long targeted research effort funded by National Research Foundation in the domain of trust-worthy software. He is the Lead Principal Investigator of the Singapore Cyber-security Consortium, which is a consortium of over 35 companies in the cyber-security space engaging with academia for research and collaboration. He has served as Program Chair of ACM International Symposium on Software Testing and Analysis (ISSTA) 2016 and Editorial Board member of IEEETransactions on Software Engineering (TSE) from 2014 to 2018. Abhik received his Ph.D. in Computer Science from the State University of New York at Stony Brook in 2000.

The Unbearable Fragility of Software Documentation


Professor Martin Robillard
McGill University, Canada


Software documentation is possibly one of the most fragile of human constructions: Changing a single line in the documented software can invalidate its documentation. Yet we do need software documentation, sometimes crucially. In this talk I will discuss what makes software documentation so fragile, and how we could get rid of this fragility by rethinking the role that documentation plays in the life-cycle of a software system.

Speaker’s Bio

Martin Robillard is a Professor of Computer Science at McGill University. His current research focuses on problems related to software evolution, architecture and design, and software reuse. He served as the Program Co-Chair for the 20th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2012) and the 39th ACM/IEEE International Conference on Software Engineering (ICSE 2017). He received his Ph.D. and M.Sc. in Computer Science from the University of British Columbia and a B.Eng. from École Polytechnique de Montréal

The Threat in your Pocket: Trends, Challenges, and Solutions in Mobile Application Security


Professor Sam Malek
University of California, USA


Mobile devices are ubiquitous, with billions of smartphones and tablets used worldwide. Fueling the popularity of such devices is the abundance of apps available on a variety of markets (e.g., Google Play). This abundance of apps arises, in large part, due to the platform’s low barrier to entry for amateur and professional developers alike, where a re-usable infrastructure enables relatively quick production of apps. However, this low barrier to entry is associated with an increased risk of apps with defects, particularly in the form of security vulnerabilities. Consequently, developers and designers of such apps are in need of appropriate approaches, tools, and frameworks that aid them in producing secure apps. In this talk, I will first provide an overview of the security vulnerabilities in Android and the attacks that exploit them. I will then describe a few promising approaches that aim to resolve these security threats. Finally, I will conclude the talk with the lessons learned and the avenues for future research.