Hello there! :)
My name is Jessy Ayala. I am currently a third-year PhD Student at the University of California, Irvine (UCI), where I am a member of the SORA Lab research group led by Joshua Garcia. My CV is available here.
I study questions centered around securing the open-source ecosystem using a variety of techniques (e.g., empirical and qualitative methods). My current research investigates software vulnerability management (SVM), which is the collection of approaches, processes, and activities undertaken by software developers and security professionals to ensure the security and privacy of software systems and prevent or protect against associated attacks.
Want a brief highlight of my work? Check out a talk I gave at an OpenSSF event in October 2024 regarding vulnerability disclosure practices in open-source.
If you want to collaborate, please read my recent work before contacting me.
Before joining UC Irvine, I earned my MS in Cybersecurity from New York University (NYU), advised by Danny Huang, and MEd in Education from UC San Diego (UCSD), advised by Erica Heinzman. I also completed my undergraduate degree at UC San Diego, obtaining a BS in Mathematics-Computer Science.
Updates
- Feb 2025 I won my jiu-jitsu super fight at Arte Suave Elite 42 in Las Vegas NV, click here to watch the replay :)
- Jan 2025 Our paper entitled A Mixed-Methods Study of Open-Source Software Maintainers On Vulnerability Management and Platform Security Features has been accepted to the 34th USENIX Security Symposium (USENIX 2025).
- Dec 2024 I'll be giving a talk at PyTexas 2025 in Austin TX about leveraging LLMs for offensive security and bug bounty hunting. Come say hi!
- Oct 2024 I'll be giving a talk this month at OpenSSF SOSS Fusion in Atlanta GA about vulnerability disclosure practices in open-source projects. Come say hi!
- Sep 2024 Our paper entitled A Deep Dive Into How Open-Source Project Maintainers Review and Resolve Bug Bounty Reports has been accepted to the 46th IEEE Symposium on Security and Privacy (S&P 2025).
- Jul 2024 Our team is a winner in DARPA’s Building an Adaptive and Competitive Workforce Track. We are fortunate and grateful to be among the 6 selected teams out of more than 230 submissions (~2.61% success rate)
- Jun 2024 I won a match at the Eddie Bravo Invitational (EBI) open in Austin TX, click here to watch the replay :)
- Mar 2024 Our paper entitled Do You Want Me to Participate or Not?: Investigating the Accessibility of Software Development Meetings for Blind and Low Vision Professionals has been accepted to the Conference on Human Factors in Computing Systems (CHI 2024).
- Apr 2023 I'll be giving a talk at PyTexas 2023 in Austin TX about socio-technical security concerns in critical Python repositories. Come say hi!
- Jan 2023 Our paper entitled An Empirical Study on Workflows and Security Policies in Popular GitHub Repositories has been accepted to the 1st Software Vulnerability Management workshop at the 45th IEEE/ACM International Conference on Software Engineering (ICSE 2023).