WP1: Project Management
Defined and implemented administrative, financial, technical, and quality management processes.
Utilized Earned Value principles for resource monitoring.
Organized the GenderMag Workshop at Month 12.
WP2: Design Model Extraction and Security Metrics
Defined detectors for design models in open-source microservice applications.
Published results in D2.1 and a paper on automatic Data Flow Diagrams (DFDs) extraction.
Released a dataset of manually created DFDs to the research community.
Proposed microservice security metrics and developed a technique for automatic security rule checks.
WP3: ML-Based Source Code Security Analysis
Proposed and evaluated ML-based source code representation methods for security analysis.
Designed, implemented, and released an open-source framework for security bug corrections.
Conducted a rigorous evaluation of state-of-the-art ML explainability methods.
Introduced the Technical Leverage metric and studied software supply chain security risks and mitigations.
WP4: Testing and Validation Platform
Set up a Kubernetes-based platform for testing and validating project activities.
Developed stress test and dynamic analysis methodologies.
Produced and evaluated security assessment methodologies in microservices, particularly focusing on Kubernetes.
Presented a runtime learning prototype for state machine models from MOSS component logs.
WP5: Risk and Resilience Assessment Tools
Defined indicators for risk and resilience assessment in the ResilienceTool.
Defined the AssureMOSS scheme for lightweight delta-certification used by the DeltAICert Tool.
Aimed to reduce efforts for security evaluators through delta evaluation and automation concepts.
WP6: Integrated Toolflow and Repository Mining Toolkit
Defined the AssureMOSS integrated toolflow evaluation and demonstration plan.
Developed Prospector, a repository mining toolkit, for automating vulnerability fixes dataset creation.
Implemented and validated three industrial pilots, reporting results through KPIs.
Prepared and published guidelines for risk management and software certification.
WP7: Dissemination, Communication, and Stakeholder Engagement
Created a project website and established social media accounts on Twitter and LinkedIn.
Defined the Dissemination and Communication Plan and Report, Innovation Management Plan, and Exploitation Plan Strategy.
Provided recommendations for cybersecurity certification and policy-making.
Presented a Final Report on Stakeholders’ Engagement and Liaising with other EC initiatives.
WP8: Ethical Deliverables
Drafted Ethical Deliverables (D8.1 D8.2 D8.3) as per the EC request and submitted them.