Johannes Düsing, M.Sc.

About Me

I am a PhD Student for Secure Software Engineering at University of Stuttgart. My goal is to increase precision of vulnerability detection by employing static analysis techniques on software projects and their dependencies. In order to do so, i generate data on a large amount of software libraries from repositories like Maven Central, a provide efficient query- and analysis-interfaces.

Our research group moved to University of Stuttgart in February 2026, before that i was working at Technical University of Dortmund. I earned my Master's degree at Paderborn University in 2021. During my studies, i worked as a Student Assistant Software Developer at dSPACE for five years, before being a Research Assistant at Paderborn University.

Research Interests

My research interests include:

  • Static Program Analysis, especially Callgraphs and Abstract Interpretation
  • Vulnerability Propagation and Impact Analysis
  • Software Quality Metrics
  • Evolution of Software Reuse
  • Compositional Program Analysis

Current Projects

OPAL: Modular, Collaborative Program Analysis for JVM Programs

OPAL is a framework for modular, collaborative static analysis of JVM-based programs written in Scala. It can be used to parse, analyze and write JVM bytecode, and provides various types of built-in analyses. Find out more on GitHub.

MARIN: A MAven Research INterface

MARIN enables easy implementation of large-scale program analyses on Maven Central. It allows you to focus on implementing actual analysis logic, while automatically providing facilities for incremental execution, parallelization and data aggregation. For more information, have a look at our paper or visit GitHub.

DGMF: The Dependency Graph Mining Framework

The dependency graph mining framework provides a common data format for dependency graphs of different software repositories. Based on repository-specific adapter implementations, DGMF builds whole-repository dependency graphs in different configurations. Default adapters exist for Maven Central, NPM, PyPi and NuGet. Details can be found in our paper or on GitHub.

Publications

Recent Publications

MARIN: A Research-Centric Interface for Querying Software Artifacts on Maven Repositories

In this paper, we present the Maven Central Research Interface (MARIN). It allows developers and researchers to conduct large-scale program analyses on Maven Central by only implementing the domain-specific analysis logic for a single artifact. MARIN can be found on GitHub.

All Publications

  • Johannes Düsing and Jared Chiaramonte and Ben Hermann. 2025. MARIN: A Research-Centric Interface for Querying Software Artifacts on Maven Repositories. Mining Software Repositories 2025 (MSR '25). https://doi.org/10.1109/MSR66628.2025.00093
  • Dominik Helm and Sven Keidel and Anemone Kampkötter and Johannes Düsing and Tobias Roth and Ben Hermann and Mira Mezini. 2024. Total Recall? How Good are Static Call Graphs Really?. Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2024). https://doi.org/10.1145/3650212.3652114
  • Johannes Düsing and Ben Hermann. 2023. Persisting and Reusing Results of Static Program Analyses on a Large Scale. Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE 2023). https://doi.org/10.1109/ASE56229.2023.00080
  • Tobias Litzenberger and Johannes Düsing and Ben Hermann. 2023. DGMF: Fast Generation of Comparable, Updatable Dependency Graphs for Software Repositories. Mining Software Repositories 2023 (MSR '23). https://doi.org/10.1109/MSR59073.2023.00028
  • Johannes Düsing and Ben Hermann. 2021. Analyzing the Direct and Transitive Impact of Vulnerabilities onto Different Artifact Repositories. Digital Threats: Research and Practice. (January 2021), 27 pages. https://doi.org/10.1145/3472811

Teaching

Datastructures, Algorithms and Programming I. Bachelor Lecture
Abstract Interpretation. Bachelor Seminar.
Software Engineering. Bachelor Lecture.
Webtechnologies I. Bachelor Lecture.
Open-Source Software Reuse in Commercial and OSS Projects. Bachelor Seminar.
Implementation and Evaluation of Software Quality Metrics. Bachelor Project.

Contact

  • Postal
    Johannes Düsing
    Institut für Software Engineering
    Universitätsstraße 38
    70569 Stuttgart
    GERMANY