![]() |
Chengwei Liu (刘承威)
Full Professor College of Cryptology and Cyber Science, Nankai University The Building of Computer Science, Jinnan Campus, No. 38 Tongyan Road, Haihe Education Park, Tianjin, China, 300350 chengwei.liu@nankai.edu.cn |
I am a Full Professor in the College of Cryptology and Cyber Science, Nankai University, China (南开大学). I am a member of NKSSecLab, lead by Prof. Sen Chen(陈森). I am also a member of the research group led by Prof. Zheli Liu (刘哲理).
My research interest mainly lies in areas of Software Security (软件安全), including Program Analysis, Open Source Security, Software Supply Chain Security, Open Source Governance, Agentic Software Security and Governance, etc. (程序分析、开源软件安全、软件供应链安全、开源治理、新型智能体软件安全与治理等).
I was a post-doc and received my Ph.D. degree at the College of Computing and Data Science (计算与数据科学学院) in Nanyang Technological University (南洋理工大学) under the supervision of Prof. Liu Yang (刘杨).
Before that, I received my bachelor's Degree in June 2016, and a Master's Degree in April 2019 from the Nanjing University of Aeronautics and Astronautics, China (南京航空航天大学), under the supervision of Prof Yang Zhibin (杨志斌) (NUAA).
June 2026: Our paper "ATLAS: Agentic Taxonomy of Large-Scale Software Ecosystems" is accepted by ASE 2026!
May 2026: Our paper "CaVulner: Automated Context-Aware Identification of Vulnerable Versions" is accepted by Internetware 2026!
May 2026: Our paper "CCMG: Enhancing Conventional Commit Message Generation with Hierarchical Context" is accepted by TSE!
April 2026: Our paper "RustDAP: Lightweight Rust Vulnerability Detection Method via LLM-based Data Augmentation and Semantic-Structural Prompting" is accepted by COMPSAC 2026!
March 2026: Our paper "Break to Adapt: Knowledge-Based Updates of Breaking Dependencies in JavaScript" is accepted by FSE 2026!
March 2026: Our paper "One Trigger, Multiple Victims: Clean-Label Neighborhood Backdoor Attacks on Graph Neural Networks" is accepted by TIFS!
March 2026: I join Nankai University as a Full Professor! I have some open positions for postdoctoral researchers, Ph.D., and Master, please feel free to contact me if you are interested.
February 2026: Our paper "Causality-aware Safety Testing for Autonomous Driving Systems" is accepted by TSE!
January 2026: Our paper "Cutting the Gordian Knot: Detecting Malicious PyPI Packages via a Knowledge-Mining Framework" is accepted by USENIX Security 2026!
January 2026: Our paper "Bridging Expert Reasoning and LLM Detection: A Knowledge-Driven Framework for Malicious Packages" is accepted by WWW 2026!
December 2025: Our paper "Scratching the Iceberg: Unveiling the Outdated Third-Party Native Libraries in Android Apps" is accepted by SANER 2026!
November 2025: One tool IntelliRadar are awarded as the 1st Prize in the "Software Research Prototype System Competition(软件研究成果原型系统竞赛) on ChinaSoft 2025 in Wuhan!
October 2025: Our paper "IntelliRadar: A Comprehensive Platform to Pinpoint Malicious Package Information from Cyber Intelligence" is accepted by ICSE 2026!
October 2025: Our paper "Semantic-Enhanced Automatic Refinement of Architecture Recovery Results Using LLMs" is accepted by ICSE 2026!
September 2025: Our paper "Towards Secure Code Generation with LLMs: A Study on Common Weakness Enumeration" is accepted by TSE (CCF-A)!
September 2025: Our paper "DroidNative: A Greedy-Constructed Large-Scale Indexing for Android Native Libraries" is accepted by ASE-AMOBILE 2025!
September 2025: Our paper "BinStruct: Binary Structure Recovery Combining Static Analysis and Semantics" is accepted by ASE2025 (CCF-A)!
August 2025: Our paper "Vulnerability-Affected Versions Identification: How Far Are We?" is accepted by ASE2025 (CCF-A)!
July 2025: Our paper "Open Source, Hidden Costs: A Systematic Literature Review on OSS License Management" is accepted by TSE (CCF-A)!
June 2025: Our 1st workshop on Software Genomics was successfully held @FSE25, in Trondheim, Norway!
May 2025: Our paper "Why the Proof Fails in Different Versions of Theorem Provers: An Empirical Study of Compatibility Issues in Isabelle" received the ACM SIGSOFT Distinguished Paper Award at FSE2025 (CCF-A).
March 2025: Our paper "Doctor: Optimizing Container Rebuild Efficiency by Instruction Re-Orchestration" is accepted by ISSTA 2025!
March 2025: Our paper "Fixing Outside the Box: Uncovering Tactics for Open-Source Security Issue Management" is accepted by ISSTA 2025!
March 2025: Our paper "Drop the Golden Apples: Identifying Third-Party Reuse by DB-Less Software Composition Analysis" is accepted by FSE 2025-IVR !
March 2025: Our paper "Demystifying Rust Unstable Features at Ecosystem Scale: Evolution, Propagation, and Mitigation" is accepted by TSE !
January 2025: Our paper "Characterizing and Detecting Python Version Incompatibilities Caused by Inconsistent Version Specifications" is accepted by JSS !
January 2025: Our paper "Why the Proof Fails in Different Versions of Theorem Provers: An Empirical Study of Compatibility Issues in Isabelle" is accepted by FSE 2025 !
December 2024: Our paper "Towards Unveiling Vulnerability Remediation Tactics from OSS Community" is accepted by ICSE-APR 2025 !
August 2024: Our paper "The Software Genome Project: Unraveling Software Through Genetic Principles" is accepted by ASE 2024 NIER Track !
May 2024: I was honoured to have been awarded the title of Research Assistant Professor at NTU! I extend my great appreciation to my supervisor, mentors, teammates, and collaborators for their recognition and support!
January 2024: Our paper "FedMut: Generalized Federated Learning via Stochastic Mutation" is selected as Oral Presentation by AAAI 2024 (CCF-A)!
December 2023: Our paper "Catch the Butterfly: Peeking into the Terms and Conflicts among SPDX Licenses" accepted by SANER 2024 (CCF-B)!
December 2023: Our paper "Empirical Analysis of Vulnerabilities Life Cycle in Golang Ecosystem" accepted by ICSE 2024 (CCF-A)!
December 2023: Our paper "ModuleGuard: Understanding and Detecting Module Conflicts in Python Ecosystem" accepted by ICSE 2024 (CCF-A)!
December 2023: Our paper "FedMut: Generalized Federated Learning via Stochastic Mutation" accepted by AAAI 2024 (CCF-A)!
November 2023: We released our proposal on "The Software Genome Project: Venture to the Genomic Pathways of Open Source Software and Its Applications" on Arxiv, and we are open for further corporation in this area!
August 2023: Our paper "Demystifying Compiler Unstable Feature Usage and Impacts in the Rust Ecosystem" accepted by ICSE 2024 (CCF-A)!
July 2023: Our paper "Software Architecture Recovery with Information Fusion" accepted by FSE 2023 (CCF-A)!
July 2023: Our paper "Software Composition Analysis for Vulnerability Detection: An Empirical Study on Java Projects" accepted by FSE 2023 (CCF-A)!
July 2023: Our paper "Demystifying the Composition and Code Reuse in Solidity Smart Contracts" accepted by FSE 2023 (CCF-A)!
July 2023: Our paper "Comparison and Evaluation on Static Application Security Testing (SAST) Tools for Java" accepted by FSE 2023 (CCF-A)!
July 2023: Our paper "Mitigating Persistence of Open-Source Vulnerabilities in Maven Ecosystem" accepted by ASE 2023 (CCF-A)!
July 2023: Our paper "Who is the Real Hero? Measuring Developer Contribution via Multi-dimensional Data Integration" accepted by ASE 2023 (CCF-A)!
July 2023: Our paper "An Empirical Study of Malicious Code In PyPI Ecosystem" accepted by ASE 2023 (CCF-A)!
July 2023: Our paper "Aster: Automatic Speech Recognition System Accessibility Testing for Stutterers" accepted by ASE 2023 (CCF-A)!
July 2023: I received my Ph.D. degree from NTU!
March 2023: Our paper "Ambush from All Sides: Understanding Security Threats in Open-Source Software CI/CD Pipelines" accepted by TDSC (CCF-A)!
February 2023: Our paper "Compatible Remediation on Vulnerabilities from Third-Party Libraries for Java Projects" received the ACM SIGSOFT Distinguished Paper Award at ICSE2023 (CCF-A).
January 2023: Our paper "A Comprehensive Study on Quality Assurance Tools for Java" accepted by ISSTA 2023 (CCF-A)!
December 2022: Our paper "Compatible Remediation on Vulnerabilities from Third-Party Libraries for Java Projects" accepted by ICSE 2023 (CCF-A)!
October 2022: Our paper "Has My Release Disobeyed Semantic Versioning? Static Detection Based on Semantic Differencing" received the ACM SIGSOFT Distinguished Paper Award at ASE2022 (CCF-A).
July 2022: Our paper "Has My Release Disobeyed Semantic Versioning? Static Detection Based on Semantic Differencing for Java" accepted by ASE 2022 (CCF-A)!
July 2022: Our paper "Towards Understanding Third-party Library Dependency in C/C++ Ecosystem" conditionally accepted by ASE 2022 (CCF-A)!
July 2022: Invited Talk on "Demystifying the security of open source supply chain in the NPM Ecosystem" (浅析NPM生态系统中的开源供应链安全) by CodeWisdom from Fudan University, China!
December 2021: Our paper "Demystifying the Vulnerability Propagation and Its Evolution via Dependency Trees in the NPM Ecosystem" accepted by ICSE 2022 (CCF-A)!
Workshop Chairs:
• ASE2026 Software Genomics Workshop
• FSE2025 Software Genomics Workshop
Conference PCs:
• ASE2026 Journal-First Track
• ICSE2027 Research Track
• FSE2027 Research Track
• ICSE2026 Research Track
• FSE2026 New Ideas and Vision Track
• AIware2026 Main Track
• ICSME2026 Research Papers Track, Visions and Emerging Results Track
• LLMSC2026 Program Committee
• FORGE2026 Data and Benchmarking Track
• ICSE2025 Artifact Evaluation Track
• ACSAC2025 Program Committee
• MSR2025 Junior Program Committee
• ECOOP2025 Artifact Evaluation Track
• LLMSC2025 Program Committee
• ASE2024 Industry Showcase Track
• ACSAC2024 Program Committee
• MSR2024 Junior Program Committee
• ECOOP2024 Extended Reviewer Committee, Artifact Evaluation Track
Journal Reviewers:
• IEEE Transactions on Software Engineering (TSE)
• ACM Transactions on Software Engineering and Methodology (TOSEM)
• IEEE Transactions on Dependable and Secure Computing (TDSC)
• IEEE Transactions on Information Forensics and Security (TIFS)
• Empirical Software Engineering (EMSE)
• Journal of Software Maintenance and Evolution: Research and Practice (JSME)
• Automated Software Engineering (ASEJ)
• Cybersecurity
• Guest Lecturer of SZ2006 and CZ2006 in Spring 2024
• Tutorial of SZ2006 and CZ2006 in Fall 2023
• Teaching assistant for SZ2002, SZ2006, CZ2006, CZ3003 from Fall 2019 to Fall 2021 (Lab supervision)

