Resources - Blog Posts

Stay ahead of the curve with insights and trends in technology and innovation.

Featured Article
Security‑API Misuse Across Mobile and Web Applications: A Systematic Review
AI

Security‑API Misuse Across Mobile and Web Applications: A Systematic Review

Security application programming interfaces—cryptographic primitives, SSL/TLS configuration, OAuth flows, biometric sensors, and framework‑specific security modules such as Spring Security and Google SafetyNet Attestation—are the building blocks of secure mobile and web software. When developers do not adhere to the precise specifications of these APIs, the resulting code can be vulnerable to man‑in‑the‑middle attacks, data leakage, regulatory non‑compliance, and other serious security problems. This blog presents a systematic review of the literature that surveyed 69 primary studies in mobile and web contexts. The review identifies thirty distinct misuse types, evaluates the detection techniques that have been employed, and examines the current state of public benchmarks. It also draws practical implications for researchers and practitioners.

Ali BabarAli Babar
1/1/1970
Quick Read
Read More

All Articles

Explore our complete collection of articles and insights.

Supporting Autistic Professionals in Software Engineering: A Systematic Review of Success Factors
AI

Supporting Autistic Professionals in Software Engineering: A Systematic Review of Success Factors

The review uncovered 18 success factors organized into four high‑level categories: education, training, workplace design, and assistive technology. These factors collectively outline the ecosystem needed to support autistic individuals in software engineering—from tailored learning environments and structured training to sensory‑friendly workplaces and customizable tools. By synthesising evidence across studies spanning 2010‑2025, we identified actionable pathways for educators, employers, tool developers, and policymakers to foster neuro‑diverse friendly ecosystems.

Ali BabarAli Babar
1/1/1970
Read More
MtsCID: A Dual‑Network Framework for Coarse‑Grained Multivariate Time Series Anomaly Detection
General

MtsCID: A Dual‑Network Framework for Coarse‑Grained Multivariate Time Series Anomaly Detection

We present *MtsCID*, a semi‑supervised anomaly‑detection framework for multivariate time series that jointly learns coarse‑grained temporal and inter‑variates dependencies in time and frequency domains. Building on dual‑branch architecture and prototype‑guided attention, MtsCID achieves state‑of‑the‑art performance on seven benchmark datasets while remaining computationally efficient.

Ali BabarAli Babar
1/1/1970
Read More
Can Large Language Models Save Vulnerability Detection in Low-Resource Languages?
AI

Can Large Language Models Save Vulnerability Detection in Low-Resource Languages?

As Kotlin, Swift, and Rust grow in popularity for mobile and systems programming, a critical challenge emerges: vulnerability detection models struggle due to scarce labeled datasets—only 0.2–0.8% the size of those for C/C++. Traditional code-embedding models like CodeBERT falter in this low-data regime, with performance dropping sharply despite aggressive sampling strategies. In this study, we benchmark CodeBERT against fine-tuned and few-shot ChatGPT on real-world vulnerability data from these languages. Results reveal that LLMs significantly outperform baselines—boosting function-level F1 by up to 34% and improving line-level localization accuracy by over 50%—even with minimal training data. The findings suggest that large language models, empowered by broad pre-training, can bridge the data scarcity gap, offering secure, practical solutions for emerging languages. This work redefines the future of automated vulnerability detection in an era of language diversity and limited labeled code.

Ali BabarAli Babar
1/1/1970
Read More
Deploying Tactical Edge Blockchain for Dynamic Reference Information
Blockchain

Deploying Tactical Edge Blockchain for Dynamic Reference Information

This post presents a tactical edge blockchain platform that enables distributed teams to collaboratively manage and audit reference information in low‑trust environments. The platform, called DDRI (Decentralised Dynamic Reference Information), is built on a peer‑to‑peer network, utilizes PoA consensus, and integrates on‑chain smart contracts with off‑chain storage. Our multi‑year research demonstrates feasibility, performance, and security for edge devices.

Nguyen TranNguyen Tran
1/1/1970
Read More
Productivity in LLM‑Assisted Code Generation: A User Study
AI

Productivity in LLM‑Assisted Code Generation: A User Study

The following post distills the findings from our 36‑participant investigation into how developers interact with GPT models during code‑generation tasks.

Ali BabarAli Babar
1/1/1970
Read More
NVAL: Automating Multi‑Channel Blockchain Deployment for Edge Environments
Blockchain

NVAL: Automating Multi‑Channel Blockchain Deployment for Edge Environments

Deploying private blockchain networks across edge environments is complex—especially when managing multi-channel topologies, heterogeneous platforms, and strict governance requirements. Enter NVAL (Blockchain Network Deployment and Evaluation Framework), a powerful new framework that transforms high-level blockchain designs into fully automated, reproducible deployments. By leveraging a directed property graph model (BND), a composable action pool, and a deterministic planning engine, NVAL automates provisioning, configuration, and performance evaluation across diverse infrastructures—including IoT devices, fog nodes, and cloud backends. In a case study, it deployed 65 complex networks in under 15 minutes with 100% success and planning overhead under 100ms. NVAL isn’t just about speed—it’s about reproducibility, extensibility, and edge-aware automation for the future of distributed ledger technology. Discover how this community-driven platform is reshaping blockchain experimentation and deployment at scale.

Nguyen TranNguyen Tran
1/1/1970
Read More
Blockchain on the Battlefield: A Deployable Edge Platform for Secure, Real-Time Data Sharing
Blockchain

Blockchain on the Battlefield: A Deployable Edge Platform for Secure, Real-Time Data Sharing

Built for extreme conditions, this microkernel-based blockchain platform enables secure, decentralized data exchange in tactical edge environments—without relying on cloud infrastructure. By combining a lightweight Ethereum chain with IPFS for off-chain storage and intelligent caching, it delivers 15-second block times, 10MB ledger growth over 5.75 hours, and rock-solid resilience under intermittent connectivity.

Nguyen TranNguyen Tran
1/1/1970
Read More
The Prevalence of Smells in AI‑Generated Kubernetes Manifests
AI

The Prevalence of Smells in AI‑Generated Kubernetes Manifests

As Kubernetes adoption surges, so does the use of AI to generate deployment manifests—promising speed and simplicity. But is convenience worth the risk? In our latest study, we analyzed 98 real-world Kubernetes manifests generated by ChatGPT, uncovering a sobering truth: nearly half contain critical configuration smells—like unbounded resource limits, containers running as root, and dangling services. Our findings reveal that AI-generated code isn’t inherently flawed, but it does require rigorous safeguards. With security and operational risks on the rise—especially as developers grow more reliant on AI—we argue for an essential shift: static analysis must be woven into every CI/CD pipeline. Learn how tools like KubeLinter, enforced policies, and developer education can turn AI from a liability into a reliable ally. The future of cloud-native infrastructure isn’t just automated—it must be responsible.

Ali BabarAli Babar
1/1/1970
Read More
SAGELY – Context‑Aware Policy Enforcement for Swarm‑Edge Systems
AI

SAGELY – Context‑Aware Policy Enforcement for Swarm‑Edge Systems

We present **SAGELY**, a unified framework that brings context‑aware, adaptive policy enforcement to swarm‑edge service applications (SESA). By combining OPA‑based Rego policies, a hybrid centralized/decentralized coordination model, and a pluggable context‑management layer, SAGELY adapts to dynamic changes in UAV swarms, edge nodes, and cloud resources. Our prototype, built on Kubernetes, Istio, and ROS‑2, demonstrates how policy propagation latency scales with policy size and service count, and how packet loss degrades performance on low‑resource UAVs.

Ali BabarAli Babar
1/1/1970
Read More
VulGuard: A Unified Tool for Evaluating Just‑In‑Time Vulnerability Prediction Models
AI

VulGuard: A Unified Tool for Evaluating Just‑In‑Time Vulnerability Prediction Models

This research introduces VulGuard, a fully automated, end-to-end framework designed to overcome existing limitations in Just-in-time vulnerability prediction by streamlining the entire process from data mining to model deployment.

Ali BabarAli Babar
9/25/2025
Read More
Evaluating Just‑In‑Time Vulnerability Prediction in Real‑World Development
AI

Evaluating Just‑In‑Time Vulnerability Prediction in Real‑World Development

This research addresses the practical viability of Just-In-Time Vulnerability Prediction (JIT-VP) by conducting a realistic evaluation, contrasting it with idealized settings, and revealing a substantial performance drop when accounting for the full spectrum of commit types, including neutral commits.

Ali BabarAli Babar
9/25/2025
Read More

Showing 12 of 18 articles