Skip to content
View sofiaoreis's full-sized avatar
👽
👽
57 followers · 24 following

Achievements

Achievement: StarstruckAchievement: YOLOAchievement: Arctic Code Vault ContributorAchievement: Pull Sharkx2
BetaSend feedback

Achievements

Achievement: StarstruckAchievement: YOLOAchievement: Arctic Code Vault ContributorAchievement: Pull Sharkx2
BetaSend feedback

Organizations

@alumniei @TQRG
Block or Report

Block or report sofiaoreis

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
sofiaoreis/README.md

Hi there 👽

I'm a PhD Candidate at the University of Lisbon. I perform research in security, software engineering, productivity, program analysis, machine learning, software maintainability and best practices.

🍵 My projects:

  • Secbench - A dataset of 676 security patches (mutli-language, single-commits).
  • Security Patches Dataset - Collection of datasets for vulnerability prediction -- monthly updated.
  • SECOM - A convention for security commit messages.
  • SECOMlint - A linter for security commit messages. It measures compliance against SECOM.
  • SAST - A collection of static analyzers for security.
  • Lithium-Slicer - A test minimization tool to help developers create smaller test inputs (i.e., code snippets) in their bug reports (program slicer based on the Mozilla lithium tool).
  • ... and many more that will soon be published.

✨ Contributions:

  • Infer - I've added models to Meta/Facebook's static analyzer to boost the detection of performance issues in C/C++ (12 weeks internship).

Pinned

  1. TQRG/secbench TQRG/secbench Public

    🪐 A Database of Existing Security Vulnerabilities Patches to Enable Evaluation of Techniques (single-commit; multi-language)

    Python 30 6

  2. TQRG/secom TQRG/secom Public

    🍵 Convention for security commit messages

    JavaScript 5 1

  3. TQRG/security-patches-dataset TQRG/security-patches-dataset Public

    ☠️ Ground-truth dataset for vulnerability prediction (known research datasets and data sources included such as NVD, CVE Details and OSV); tools to automatically update the data are provided.

    Jupyter Notebook 75 25

  4. lithium-slicer lithium-slicer Public

    ⚙️ Program slicer based on the Mozilla Lithium Tool for Java (also dubbed as Tandem-FL).

    Python 11 2

  5. TQRG/puppet-lint-infrasecure TQRG/puppet-lint-infrasecure Public

    👷 Puppet-lint plugins for security.

    Ruby 8

  6. facebook/infer facebook/infer Public

    A static analyzer for Java, C, C++, and Objective-C

    OCaml 14.8k 2k