• Fwd: Using SAST Tools in gnome-desktop/vte2.91

    From Gunnar Hjalmarsson@21:1/5 to All on Tue Nov 14 11:40:02 2023

    Forwarding an inquiry I got, since it appeared to be reasonably serious.


    -------- Forwarded Message --------
    Subject: Using SAST Tools in gnome-desktop/vte2.91
    Date: Tue, 14 Nov 2023 06:46:51 +0000
    From: Aravind Kumar Machiry <amachiry@purdue.edu>
    To: gunnarhj@debian.org <gunnarhj@debian.org>

    Hello Gunnar Hjalmarsson,

    I am Aravind Machiry, an Assistant Professor at Purdue's ECE Department.

    I work in the area of software security. We are working on a project
    (details at the end of this email) related to the use of Static Analysis Security Testing (SAST) tools in Debian packages developed in C/C++.

    We noticed that you are one of the owners/maintainers of
    gnome-desktop/vte2.91 Debian project.

    We want to understand whether you are using any SAST tools as part of
    your project and, if not, what are your challenges in incorporating SAST
    tools in your project.

    We are conducting a short anonymous survey (~2min) for this.

    Survey Link: https://purdue.ca1.qualtrics.com/jfe/form/SV_bsjJScol1rUHzhA

    As a participant, you will be asked to answer a few questions related to
    the use of SAST tools in your project.

    Your participation will greatly help us understand the prevalence of
    SAST tools usage in the Debian ecosystem and subsequently provide useful research directions in improving SAST tools usage.

    Note that participation is voluntary and required to be at least 18
    years old.

    -Thank you,



    Understanding Developers' Perspective on the Use of Static Analysis
    Security Testing


    The study would take 1-2 minutes.


    No personal information will be asked in the survey, and individual
    responses will only be accessible to the PI and will not be shared.


    The study is led by Dr. Aravind Machiry (amachiry@purdue.edu), Assistant Professor of the Elmore School of Electrical & Computer Engineering
    Department at Purdue University.


    The Purdue Institutional Review Board, #2023-1695 has reviewed this
    study and determined to be an exempted study.

    If you have questions about your rights while taking part in the study
    or have concerns about the treatment of research participants, please
    call the Human Research Protection Program at (765) 494-5942 or email irb@purdue.edu.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)