This is the MPI Software Security group lead by Dr Marcel Böhme at the Max Planck Institute for Security and Privacy (MPI-SP) in Germany. We are interested in the automatic discovery of security flaws in software systems at the very large scale. Some of us work on the foundations of automatic vulnerability discovery and program analysis in general. For instance, we seek to identify fundamental limitations of existing techniques, we study empirical methods (incl. statistical and causal reasoning) for program analysis, and we explore the assurances that software testing provides when no bugs are found. Another part of our group develops practical vulnerability discovery tools that are widely used in software security practice. For instance, Entropic is the default power schedule in LibFuzzer which powers the largest fuzzing platforms at Google and Microsoft, fuzzing hundreds of security-critical projects on 100k machines 24/7. Our tools have discovered 100+ bugs in widely-used software systems, more than 70 of which are security-critical vulnerabilities registered as CVEs at the US National Vulnerability Database.



We are always looking to recruit 👩‍🎓 PhD students and 👩‍💻 interns in Software Security. Just reach out via email.

You'll need a strong background in one of:
* Statistics, data science, ML (causality, security flaws), and/or
* Program analysis, system building, vulnerability discovery, CTFs.


Faculty & Fellows

Graduate Students

Interns & Visitors

Co-advised Grad Students

Past Research Fellows


Past Research Assistents

Past Interns & Visitors

Past Undergraduate Students

  • Robert Stark 2022. MSc thesis (co-adviced). Moved to Bosch.
  • Tobias Wienand 2022. BSc thesis (co-adviced).