MSR4P&S Workshop Presentation – Alexis Butler
The 3 rd International workshop on Mining Software Repositories for Privacy and Security (MSR4P&S) this year, was co-located with SANER25 in Montreal, Canada. I was fortunate to be able to attend and present my recent work, Links Between Package Popularity, Criticality, and Security in Software Ecosystems. MSR4P&S focusses on the application of software mining techniques to the security domain, an intersection particularly relevant to my interests in software supply chain risks. This year, the work presented, ranged from the study of LLM PII disclosure risks, to Software Bill of Materials (SBOM) standards conformity. The other published works can be found on the workshop’s webpage . In the work I presented, we investigated the relationships between package popularity, criticality, and security within software ecosystems, specifically Python and JavaScript/TypeScript. Given the increasing maintenance workloads and stressors faced by open-source software (OSS) maintainers, our...