ShiftLeft Second Annual Workshop
Date: October 27, 2025
Location: Chalmerska Hus, Södra Hamngatan 11, 411 14 Göteborg
Preliminary Agenda
Morning Session — 09:40–12:00
| Time | Speaker | Affiliation | Title / Topic | Duration |
|---|---|---|---|---|
| 09:45–10:15 | — | — | Welcome to external participants — Coffee | 30 min |
| 10:15–10:20 | Musard Balliu | KTH | Introduction to ShiftLeft | 5 min |
| 10:20–10:40 | Mojtaba Eshghie | Umeå University | Preventing Java Vulnerability Exploitation Before Patch Deployment | 20 min |
| 10:35–10:55 | Masoom Rabbani | Chalmers University of Technology | Attestation and Supply Chain Security | 20 min |
| 10:55–11:15 | Alexandre Bartel | Umeå University | Activating Dormant Java Deserialization Gadget Chains through Stealthy Code Changes | 20 min |
| 11:15–11:30 | — | — | Break / TBD | 15 min |
| 11:30–11:45 | Janek Stoppkotte | Chalmers University of Technology | PrivTAP: A Usable Privacy Assistant for Trigger-Action Platforms | 15 min |
| 11:45–12:00 | Raffaela Groner | Chalmers University of Technology | Developers’ View on Security in Software Supply Chains: Open-Source vs. Industry | 15 min |
| 12:00–13:00 | — | — | Lunch Break | — |
Session 2 — 13:00–14:15
| Time | Speaker | Affiliation | Title / Topic | Duration |
|---|---|---|---|---|
| 13:00–13:20 | Christoph Reichenbach | Lund University | Collaborating with the Unknown: Query-Based Static Program Analysis Composition | 20 min |
| 13:20–13:35 | Erik Präntare | Lund University | Incrementalising Demand-Driven Static Program Analysis | 15 min |
| 13:35–13:50 | SiKai Lu | KTH | Differential Alert Analysis | 15 min |
| 13:50–14:05 | Mohammad Ahmadpanah | KTH | It Wasn’t Me, It Was the Prototype: Towards a Formal Model of JavaScript Prototype Pollution | 15 min |
| 14:05–14:20 | Sven Peldszus | Guest | Beyond the Black Box: Bridging Design and Implementation for Secure ML-Enabled Systems | 15 min |
| 14:20–14:45 | — | — | Break | — |
Session 3 — 14:45–16:00 (Industrial Session & Guests)
| Time | Speaker | Affiliation | Title / Topic | Duration |
|---|---|---|---|---|
| 14:45–15:05 | Karl Norrman | Ericsson | Towards Zero-Knowledge Based Private and Verifiable Software Assurance | 20 min |
| 15:05–15:20 | Martin Wennberg | Cparta | Use Case for ShiftLeft | 15 min |
| 15:20–15:30 | Eva Haslum | Axis | Short Talk | 10 min |
| 15:30–15:50 | — | — | Discussion | 20 min |
| 15:50–16:00 | — | — | Closing Remarks | 10 min |
Contact:
For more information, please contact David Sands at dave@chalmers.se and Musard Balliu at musard@kth.se.
Supporting Institutions
