Professor to collaborate with successful spinout
With a grant of 2.5 million EUR, Anders Møller can continue his research into securing the supply chains of open-source software. For the next five years, this will be done in collaboration with the company that emerged from his latest research project.
Professor of Computer Science at the Department of Computer Science, Anders Møller, has received 2.5 million EUR to continue his research on how to analyse open-source software and detect errors before they are incorporated into products worldwide.
The department announced this in a news release.
"It's an exciting opportunity to have made the cut," says Anders Møller.
The money is one of the prestigious grants, ERC Advanced Grants, awarded by the European Research Council to "excellent researchers who are already established research directors with a list of publications of significant research breakthroughs," according to the website of the Ministry of Science, Higher Education and Digital Affairs.
Important in virtually all software
"Most people have heard of open-source software. Virtually all software today is created by building on top of open-source software. A typical web application consists of up to 90 percent open-source, and then the rest is newly developed software. This means that open-source is essential in our society," explains Anders Møller.
ERC Advanced Grants
ERC Advanced Grants are some of the most prestigious and competitive research funds in Europe, and they are only awarded to established researchers with outstanding scientific results and ground-breaking research ideas. The grants provide long-term funding for ambitious, curiosity-driven projects that have the potential to create major scientific breakthroughs.
ERC Advanced Grants can provide up to 2.5 million EUR over five years and are awarded solely on the basis of scientific excellence through a highly competitive international peer-review process. This year, 3.329 proposals were submitted, which is a record and an increase of 31% from 2.534 last year. 9.6% of the proposals were awarded funding.
Source: ERC
When new software products and systems rely so heavily on existing software that is freely available to everyone, the reliability of that underlying software becomes crucial.
"If there are errors, it can lead to serious safety problems. There are some frightening examples of how badly things can go wrong, and vulnerabilities have been discovered that malicious hackers exploited before they could be fixed,” says Anders Møller, pointing to the attack Novo Nordisk was recently subjected to.
Here, hackers had access to confidential information, which they demanded 25 million USD in ransom not to leak (In Danish, ed.).
Anders Møller's research deals with preventing errors and unintended use of open-source. The aim is to find new methods to do this, while at the same time making the methods scalable so that they can be used in as many places as possible.
"It has become popular to use different AI tools, but they often do not find all the security problems and can be expensive to use. My project is about using more classical algorithms to examine the open-source programmes before they are put into use," explains Anders Møller.
Reuniting with Coana
The 2.5 million EUR makes it possible to continue the work Anders Møller carried out alongside a group of PhD students. This was also done with EU funds, a so-called ERC Consolidator Grant.
One of the partial results that came out of the research at the time was the company Coana, one of the most successful spinouts at Aarhus University. It originated from Professor Anders Møller's research group, is based in INCUBA, and in 2023, it was acquired by the American software security startup Socket, which is now a unicorn valued at more than 1 billion USD.
"That company was created alongside a couple of the PhD students and focused on the exciting challenges that exist in open-source software. That's what my new research project is about," says Anders Møller.
There are several challenges with open-source software. One is unintentional errors in the development of the open-source software. In other words, errors that are not immediately discovered and have consequences for the software that is built on top of it. Another is the unintentional use of open-source software, where a programmer uses it "incorrectly" while working on their own product, and then there are the malicious challenges where hackers gain control of part of the code. By doing so, they can gain access to confidential information and personal data if the code that the hackers have taken control of is used in other systems and products.
"A recent example is the code that hackers successfully built into the open-source package Axios, which is downloaded 100 million times a week for use in a wide range of software systems around the world, giving hackers full control over the affected computers."
The new research project, called ProSec – Program Analysis for Software Supply Chain Security, will be launched in the autumn. The project will last five years and will be carried out in collaboration with the company Socket.
"In connection with this, we are looking for talented PhD students in Computer Science who want to be on board and help develop the project and the algorithms that will be used," says Anders Møller.
Anders Møller's colleague, Professor Simona Radutoiu from the Department of Molecular Biology and Genetics, has also been awarded an ERC Advanced Grant to lead the project ProMIC (Plant Root Coordinated Signalling During Microbiota Establishment). This was announced by the department in a news release.
This text is machine translated and post-edited by Mie Skov Jeppesen.