Fwd: Using SAST Tools in gnome-desktop/vte2.91

To: debian-gtk-gnome@lists.debian.org
Subject: Fwd: Using SAST Tools in gnome-desktop/vte2.91
From: Gunnar Hjalmarsson <gunnarhj@debian.org>
Date: Tue, 14 Nov 2023 11:20:25 +0100
Message-id: <[🔎] 5c7a895e-8cdd-4b50-a493-2ced89da6fb2@debian.org>
In-reply-to: <LV8PR22MB4478DC6874E87D0A1298B2C6A7B2A@LV8PR22MB4478.namprd22.prod.outlook.com>
References: <LV8PR22MB4478DC6874E87D0A1298B2C6A7B2A@LV8PR22MB4478.namprd22.prod.outlook.com>

Hi!

Forwarding an inquiry I got, since it appeared to be reasonably serious.

Rgds,
Gunnar


-------- Forwarded Message --------
Subject: Using SAST Tools in gnome-desktop/vte2.91
Date: Tue, 14 Nov 2023 06:46:51 +0000
From: Aravind Kumar Machiry <amachiry@purdue.edu>
To: gunnarhj@debian.org <gunnarhj@debian.org>

Hello Gunnar Hjalmarsson,

I am Aravind Machiry, an Assistant Professor at Purdue's ECE Department.

I work in the area of software security. We are working on a project(details at the end of this email) related to the use of Static AnalysisSecurity Testing (SAST) tools in Debian packages developed in C/C++.

We noticed that you are one of the owners/maintainers ofgnome-desktop/vte2.91 Debian project.

We want to understand whether you are using any SAST tools as part ofyour project and, if not, what are your challenges in incorporating SASTtools in your project.


We are conducting a short anonymous survey (~2min) for this.

Survey Link: https://purdue.ca1.qualtrics.com/jfe/form/SV_bsjJScol1rUHzhA

As a participant, you will be asked to answer a few questions related tothe use of SAST tools in your project.

Your participation will greatly help us understand the prevalence ofSAST tools usage in the Debian ecosystem and subsequently provide usefulresearch directions in improving SAST tools usage.

Note that participation is voluntary and required to be at least 18years old.


-Thank you,
Aravind

DETAILS ABOUT THE STUDY:

STUDY TITLE:

Understanding Developers' Perspective on the Use of Static AnalysisSecurity Testing


DURATION:

The study would take 1-2 minutes.

CONFIDENTIALITY:

No personal information will be asked in the survey, and individualresponses will only be accessible to the PI and will not be shared.


CONTACT INFORMATION:

The study is led by Dr. Aravind Machiry (amachiry@purdue.edu), AssistantProfessor of the Elmore School of Electrical & Computer EngineeringDepartment at Purdue University.


IRB INFORMATION:

The Purdue Institutional Review Board, #2023-1695 has reviewed thisstudy and determined to be an exempted study.

If you have questions about your rights while taking part in the studyor have concerns about the treatment of research participants, pleasecall the Human Research Protection Program at (765) 494-5942 or emailirb@purdue.edu.

Reply to:

Follow-Ups:
- Re: Using SAST Tools in gnome-desktop/vte2.91
  - From: Jeremy Bícha <jeremy.bicha@canonical.com>

Prev by Date: Bug#1055894: bookworm-pu: package gnome-session/43.0-1+deb12u1
Next by Date: Re: Using SAST Tools in gnome-desktop/vte2.91
Previous by thread: Bug#1055894: bookworm-pu: package gnome-session/43.0-1+deb12u1
Next by thread: Re: Using SAST Tools in gnome-desktop/vte2.91
Index(es):
- Date
- Thread