George Mason and CodeLock work on securing the software supply chain

Nathan Kahl — Thu, 15 May 2025 11:27:25 +0000

George Mason and CodeLock work on securing the software supply chain Nathan Kahl Thu, 05/15/2025 - 07:27

�� Department of Information Sciences and Technology Professor Kun Sun received a grant from the Commonwealth Cyber Initiative (CCI) of Northern Virginia to collaborate with CodeLock, Inc., a Virginia-based technology company specializing in software security. The grant totals $75,000 for one year and is part of CCI’s Academic Support for Cybersecurity Entrepreneurship and Next-Gen Development (ASCEND) Fund. 

“The idea for this funding is to partner a startup company with university subject matter experts,” said Sun. “The focus of this grant is to build a platform that connects startups with academic experts to solve technical industry challenges.”  

The project will integrate Sun’s previous research on automated security patching with CodeLock’s technology for secure software supply chain using dynamically generated digital signatures to develop solutions that address vulnerabilities in source code. 

The CCI is Virginia’s main access point for cybersecurity research, innovation, workforce development. Image courtesy CCI.

CodeLock offers a cybersecurity platform designed to secure software development processes by providing real-time monitoring, compliance automation, and protection against insider threats and supply chain attacks. It creates a forensic chain of custody by linking every code change to its developer, ensuring transparency and integrity throughout the software development lifecycle.  
 
“So for software supply chain security we install outside software applications on our smartphones and computers, for example,” said Sun. “That software may rely on  other software and we have this term, SBOM, which means software bill of material. It says that we need to know what other dependent software is used and can we trust that software? If you install software, you need to verify it has not been manipulated or modified by an attacker.” Sun will apply his 10+ years of research on automatic software vulnerability detection and automated program repair. 

“The vast majority of software supply chain attacks begin with compromised credentials—something traditional security tools are ill-equipped to prevent,” said CodeLock CEO Brian Gallagher. “By enforcing zero-trust authentication at the developer level and linking that identity to a tamper-proof chain of custody, CodeLock is fundamentally reshaping the threat landscape. Partnering with George Mason allows us to build on that foundation by automating vulnerability patching, which not only strengthens security but also delivers measurable cost savings for our customers. This collaboration accelerates our mission to bring transparency, accountability, and efficiency to software development across both government and commercial sectors.”

The project team will get feedback from CodeLock’s existing customers and collaborate with CCI and the Northern Virginia Technology Council to refine the solution for broader commercial adoption. Additional funding will be provided by CodeLock and supplemented through grant opportunities. 

In This Story

Kun Sun

Topics

Cybersecurity

software

Commonwealth Cyber Initiative (CCI)

Research

Wing Lam brings home a flaky test achievement

Rena Malai — Mon, 04 Apr 2022 18:11:31 +0000

Wing Lam brings home a flaky test achievement Rena Malai Mon, 04/04/2022 - 14:11

In This Story

Wing Lam

Getting rewarded for being flaky doesn’t usually happen. But when it comes to computer science, researching flaky (non-deterministic) software tests resulted in Wing Lam – professor in the Department of Computer Science at �� – receiving the ACM Special Interest Group on Software Engineering (SIGSOFT) Outstanding Doctoral Dissertation Award.

“It is a tremendous opportunity to be honored with this award,” says Lam. “It makes me reflect on the many tiring nights that I spent on the work in my dissertation and on the dissertation text itself.”

Lam’s winning dissertation pinpointed flaky tests, an important topic for software developers. He says these kinds of tests tend to non-deterministically pass or fail on the same code. Basically, the tests flake out and provide unreliable results, which can cause challenges for developers trying to see if their recent code changes introduced software bugs or not.

“In recent years, many companies – like Apple, Facebook, Google, and Microsoft –highlighted through research and blogs the difficulties developers face when dealing with flaky tests,” says Lam. “The work in my dissertation proposes techniques to help developers detect, understand, and fix them.”

A fairly new arrival at Mason, Lam has been with the university for about one year. He says he was drawn to Mason’s influential researchers and strong computer science presence, particularly in the area of software engineering, which he teaches and conducts research in.

“Software engineering at Mason is now ranked seventh in the country, based on publications in recent years according to CS rankings,” says Lam. “With Mason being close to Washington D.C., there are also many collaboration opportunities and software development companies unique to this region.”

According to Lam, the work in his dissertation detected more than 3,000 flaky tests in over 300 open-source projects and helped fix more than 1,200 flaky tests in over 170 open-source projects. Lam’s work also led to changes in Maven Surefire, the default plugin of a popular build system for running tests in Java projects.

His changes are part of a toolset that is used by over 6.8 million Java developers worldwide, he says.

His advice for folks looking to develop an award winning dissertation is to explore anything that is exciting or interesting and learn through the process.

“The work in this dissertation took me three years,” says Lam. “Although I explored other related topics, I ended up mainly focusing on flaky tests because of how important this subject is for software developers.”

Topics

software

George Mason and CodeLock work on securing the software supply chain

In This Story

Related News

Topics

Wing Lam brings home a flaky test achievement

In This Story

Topics