Stephan Druskat

@[email protected]
4 Followers
79 Following
90 Posts
#SoftwareCitation • Doctoral researcher @DLR_Software 🚀 • @SoftwareSaved Fellow 🧑‍💻 • opinions my own
PronounsHe/him/they/them
Websitehttps://sdruskat.net
ORCIDhttps://orcid.org/0000-0003-4925-7248
Stephan DruskatOct 24, 2023
Andreas ZellerOct 24, 2023
I just moved "The Fuzzing Book" and "The Debugging Book" social media accounts from X to Mastodon. New announcements regarding these projects will be posted at @TheFuzzingBook and @TheDebuggingBook. Enjoy!
Stephan DruskatOct 10, 2023

En route to a meeting of the common @de_rse & @informatik SIG #ResearchSoftwareEngineering, I spotted this omission of #RSEng role in modeling on an info panel at Berlin's so-called "research station" Unter den Linden (U5).

Should read "from which CS, mathematics and research software engineering calculate..." IMHO?

Stephan DruskatOct 10, 2023
Arfon SmithOct 9, 2023

We're looking to grow the JOSS editorial team – please share far and wide!
https://blog.joss.theoj.org/2023/10/call-for-editors

#opensource #OpenScience #PeerReview

Call for editors | Journal of Open Source Software Blog

Blog for the Journal of Open Source Software • <a href='https://joss.theoj.org'>https://joss.theoj.org</a>

Stephan DruskatOct 9, 2023
Daniel S. KatzOct 9, 2023

The Journal of Open Source Software (@joss) is looking for additional editors

https://blog.joss.theoj.org/2023/10/call-for-editors

Call for editors | Journal of Open Source Software Blog

Blog for the Journal of Open Source Software • <a href='https://joss.theoj.org'>https://joss.theoj.org</a>

Stephan DruskatOct 6, 2023
Greg WilsonOct 5, 2023
Fu et al: "Security Weaknesses of Copilot Generated Code in GitHub" finds (1) 35.8% of Copilot generated code snippets contain CWEs, (2) the security weaknesses are diverse and related to 42 different CWEs, in which CWE-78: OS Command Injection, CWE-330: Use of Insufficiently Random Values, and CWE-703: Improper Check or Handling of Exceptional Conditions occurred the most frequently, and (3) 11 of those belong to the currently recognized 2022 CWE Top-25. https://arxiv.org/abs/2310.02059 #nwit
Security Weaknesses of Copilot-Generated Code in GitHub Projects: An Empirical Study

Modern code generation tools utilizing AI models like Large Language Models (LLMs) have gained increased popularity due to their ability to produce functional code. However, their usage presents security challenges, often resulting in insecure code merging into the code base. Thus, evaluating the quality of generated code, especially its security, is crucial. While prior research explored various aspects of code generation, the focus on security has been limited, mostly examining code produced in controlled environments rather than open source development scenarios. To address this gap, we conducted an empirical study, analyzing code snippets generated by GitHub Copilot and two other AI code generation tools (i.e., CodeWhisperer and Codeium) from GitHub projects. Our analysis identified 733 snippets, revealing a high likelihood of security weaknesses, with 29.5% of Python and 24.2% of JavaScript snippets affected. These issues span 43 Common Weakness Enumeration (CWE) categories, including significant ones like CWE-330: Use of Insufficiently Random Values, CWE-94: Improper Control of Generation of Code, and CWE-79: Cross-site Scripting. Notably, eight of those CWEs are among the 2023 CWE Top-25, highlighting their severity. We further examined using Copilot Chat to fix security issues in Copilot-generated code by providing Copilot Chat with warning messages from the static analysis tools, and up to 55.5% of the security issues can be fixed. We finally provide the suggestions for mitigating security issues in generated code.

arXiv.org
Stephan DruskatSep 29, 2023

At #HMCDialogue webinar, learning about a new "single source of truth" format & tool for keeping #ResearchSoftware #Metadata up-to-date across formats: #CitationCFF (#CitationFileFormat), #CodeMeta, #pyprojectTOML, etc.

https://materials-data-science-and-informatics.github.io/somesy/v0.1.0/

@helmholtz_hmc

Overview - somesy

Somesy is a CLI tool to avoid messy software project metadata by keeping it in sync.

Stephan DruskatSep 28, 2023
Michael MeinelSep 28, 2023

That's it, #undeRSE23 ist over! :(

I hope all participants could enjoy it just as I did and have lots of good experiences and new ideas to take home... not to forget all the precious memories!

But no need to be sad, because after the unconference is before the conference! The call for contribution for #deRSE24 just started! https://go.uniwue.de/derse24

Hope to see you all there next year! :D

deRSE24 - Conference for Research Software Engineering in Germany

Further information on how we deal with the current train strikes will be published on the news page. Use the pad to coordinate travel plans. FactsWhat: 4th conference for Research Software Engineering in GermanyBegin: 05.03.24End: 07.03.24Organized and hosted by Julius-Maximilians-Universität WürzburgLocation: Lecture Hall of the Natural Sciences(NWHS)Call for Contributions: See this link or the left side bar.Registration: Is openFees: 175 € full price, 145 € for GI & de-RSE e.V....

HIFIS and Helmholtz Events (Indico)
Stephan DruskatSep 27, 2023
Show threadZhian N. KamvarSep 27, 2023

You want to hire me because I am open and honest in everything I do.

I always work in the open and understand that mistakes happen, even embarassing ones, such as this instance where I failed to account for binomial expansion in a permutation and accidentally gave equal weight to less likely outcomes in a model: https://zkamvar.netlify.app/blog/squish/

By being open and honest, I know that I can build trust.

Squishing a big bad bug | Zhian N. Kamvar

My personal site that features my projects, publications, and blog where I talk about various subjects including R programming, reproducible science, and population genetics.

Zhian N. Kamvar
Stephan DruskatSep 27, 2023
de-RSESep 27, 2023
#undeRSE23 Almost a hexagon....at least we tried 🤩
Stephan DruskatSep 27, 2023
Show threadZhian N. KamvarSep 27, 2023

You want to hire me because I understand that #FOSS is not just code, it's also community.

Since the beginning of the pandemic, I worked to completely redesign @thecarpentries lesson infrastructure from the ground up to make it easier to use for our volunteer community of Maintainers and Instructors. This resulted in The #CarpentriesWorkbench: https://carpentries.github.io/workbench

Here's what the community has had to say: https://carpentries.org/blog/2023/08/celebrating-carpentries-workbench/

#GetFediHired

2/

The Carpentries Workbench