About Me

Welcome to my personal website! My name is Hao He (何昊, the “He” is pronounced like “Her” without “r”). I am currently a Ph.D. student in Software Engineering at Carniegie Mellon University, advised by Bogdan Vasilescu and Christian Kästner. In the past, I am fortunate to have worked with Minghui Zhou at Peking University.

I am broadly interested in the empirical measurement of secure software development practices, particularly in the context of software supply chain security. I am devoted to bringing the strongest methodological rigor to empirical software engineering research—which often means adapting established methods from network science, econometrics, and even medicine. Through this, my research often help answer important (and non-intuitive) problems in the realm of software engineering and software supply chain security.

Selected Publications

[ICSE'26] Six Million (Suspected) Fake Stars in GitHub: A Growing Spiral of Popularity Contests, Scams, and Malware

Hao He, Haoqin Yang, Philipp Burckhardt, Alexandros Kapravelos, Bogdan Vasilescu, Christian Kästner
In: The 2026 48th IEEE/ACM International Conference on Software Engineering
[Code]

[ICSE'26] Designing Abandabot: When Does Open Source Dependency Abandonment Matter?

*Courtney Miller, *Hao He, Weigen Chen, Elizabeth Lin, Chenyang Yang, Bogdan Vasilescu, Christian Kästner
In: The 2026 48th IEEE/ACM International Conference on Software Engineering
[Code] *Joint First Authors

[CIKM'25] The Structure of Cross-National Collaboration in Open-Source Software Development

Henry Xu, Katy Yu, Hao He, Hongbo Fang, Bogdan Vasilescu, Patrick S. Park
In: The 2025 34th ACM International Conference on Information and Knowledge Management
[DOI] [PDF] [Code]

[FSE'25] Pinning Is Futile: You Need More Than Local Dependency Versioning to Defend Against Supply Chain Attacks

Hao He, Bogdan Vasilescu, Christian Kästner
In: The 2025 ACM International Conference on the Foundations of Software Engineering
[DOI] [BibTeX] [PDF] [Code] 🏆Distinguished Paper Award!

[ASE'23] Understanding and Remediating Open-Source License Incompatibilities in the PyPI Ecosystem

*Weiwei Xu, *Hao He, Kai Gao, and Minghui Zhou
In: The 38th IEEE/ACM International Conference on Automated Software Engineering
[DOI] [BibTeX] [PDF] [Code] *Joint First Authors

[TSE] Automating Dependency Updates in Practice: An Exploratory Study on GitHub Dependabot

*Runzhi He, *Hao He, Yuxia Zhang, and Minghui Zhou
In: IEEE Transactions on Software Engineering
[DOI] [BibTeX] [PDF] [Code] *Joint First Authors

[ICSE'22] Recommending Good First Issues in GitHub OSS Projects

*Wenxin Xiao, *Hao He, Weiwei Xu, Xin Tan, Jinhao Dong, and Minghui Zhou
In: The 2022 IEEE/ACM 44th International Conference on Software Engineering
[DOI] [BibTeX] [PDF] [Code] *Joint First Authors

[ICPC'22] Demystifying Software Release Note Issues on GitHub

Jianyu Wu, Hao He, Wenxin Xiao, Kai Gao, and Minghui Zhou
In: The 2022 IEEE/ACM 30th International Conference on Program Comprehension
[DOI] [BibTeX] [PDF] [Code] 🏆Distinguished Paper Award!

[ESEC/FSE'21] A Large-Scale Empirical Study on Java Library Migrations: Prevalence, Trends, and Rationales

Hao He, Runzhi He, Haiqiao Gu, and Minghui Zhou
In: The 2021 ACM 29th Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
[DOI] [BibTeX] [PDF] [Code]

See here or my Google Scholar or DBLP for a full list.