Publications

Journal Publications

  1. Laurie Williams, Giacomo Benedetti, Sivana Hamer, Ranindya Paramitha, Imranur Rahman, Mahzabin Tamanna, Greg Tystahl, Nusrat Zahan, Patrick Morrison, Yasemin Acar, Michel Cukier, Christian Kästner, Alexandros Kapravelos, Dominik Wermke, and William Enck, Research directions in software supply chain security, in ACM Trans. Softw. Eng. Methodol. (TOSEM), 2025. [PDF]

Conference Publications

  1. Giacomo Benedetti, Oreofe Solarin, Courtney Miller, Greg Tystahl, William Enck, Christian Kästner, Alexandros Kapravelos, Alessio Merlo, and Luca Verderame, An Empirical Study on Reproducible Packaging in Open-Source Ecosystems, in Proceedings of the IEEE/ACM International Conference on Software Engineering (ICSE), 2025. [PDF]

  2. Giacomo Benedetti, Serena Cofano, Alessandro Brighente, and Mauro Conti, The Impact of SBOM Generators on Vulnerability Assessment in Python: A Comparison and a Novel Approach, in Proceedings of the International Conference on Applied Cryptography and Network Security, 2025. [PDF]

  3. Serena Cofano, Giacomo Benedetti, and Matteo Dell’Amico, SBOM Generation Tools in the Python Ecosystem: an In-Detail Analysis, in Proceeding of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2024. [PDF]

  4. Giacomo Benedetti, Luca Verderame, and Alessio Merlo, A Preliminary Study of Privilege Life Cycle in Software Management Platform Automation Workflows, in Proceedings of IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2023. [PDF]

  5. Giacomo Benedetti, Luca Verderame, and Alessio Merlo, Automatic Security Assessment of GitHub Actions Workflows, in Proceedings of the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED), 2022. [PDF]

  6. Giacomo Benedetti, Luca Verderame, and Alessio Merlo, Alice in (Software Supply) Chains: Risk Identification and Evaluation, in Proceedings of Quality of Information and Communications Technology (QUATIC), 2022. [PDF]