Esben Sparre Andreasen

> Is there is any plan to add support for other languages? Yes. I personally hope to have CVE data for an additional language this year, along with a few...

I have added #68 for tracking the MSR2019 suggestion. Thanks! (there are a few similar sources around, but this one seems to be particularly accessible) > Is the postPatch commit...

> Just to say it, at SonarSource, we are really interested to see OpenSSF CVE Benchmark supporting Java, C#, PHP, Python and C. Great to hear. ❤️ > it would...

> have the possibility to run only the scan of CVEs corresponding to a given language The "does CVE X belong to language Y?" question is hard to answer. We...

@agigleux I can work on the Java bits next week onwards. How does that sound? I initially expect to import a bunch of internally triaged Java CVEs, I will add...

> I'm not sure this is a good dataset to support first, I am not planning to import it. But perhaps someone else will open a big PR. --- Meta:...

Closing. This is de-facto demand driven, both in terms of soundness and precision.

Before you go too deep down this rabbit hole.. I know that @algobardo and @christofferqa also fought with Jalangi and modern EcmaScript features several years ago - perhaps they can...

It has been fixed partly? (see below excerpt from current source) It is still surprising that the same iid will be used for different callbacks to the analysis. But at...

With enough pre-processing of the instrumented AST, you can have the information. It is inconvenient to write the AST-analysis, but it is not a limitation of Jalangi itself. The astHandler...