Context Matters: Qualitative Insights into Developers’ Approaches and Challenges with Software...
CVE/FIRST VulnCon 2025 · Main Stage
In this insightful talk from VulnCon, Elizabeth, a PhD student from NC State's Whisper Lab, presented a qualitative study examining the real-world experiences of developers interacting with **Software Composition Analysis (SCA)** tools. The presentation highlighted critical challenges and opportunities for improvement in how these tools are integrated into development pipelines and how their outputs are interpreted and acted upon. The core message underscored that "context matters" significantly, yet is often lacking in current SCA solutions, leading to developer frustration and inefficiencies.
AI review
A competent, well-structured qualitative study on developer experiences with SCA tools. The 'context matters' thesis is legitimate and the 20-interview methodology grounds the findings in real practitioner pain. Nothing here will surprise a working AppSec engineer, but the academic rigor adds some signal value — especially the specifics around binary SCA fingerprinting failures, multi-ecosystem wrapper overhead, and the legal team pressure point around exploitability verification. This is solid conference filler that would fit comfortably in a practitioner track, but it's not the kind of…