About

Jadran Garcia is a Postdoctoral Scholar in the Department of Population Health & Disease Prevention at UC Irvine, working within the Yan Lab. His role involves engaging in research related to public health, with a focus on population health and disease prevention. He is affiliated with the UC Irvine Health Sciences Complex and the Joe C. Wen School of Population & Public Health, contributing to the academic and research activities of the institution.

Research topics

• Computer science
• Software engineering
• Computer security
• Distributed computing
• World Wide Web

Selected publications

• Corrigendum to “Bringing architecture-based adaption to the mainstream” [Inf. Softw. Technol. 176 (2024) 107550]

  Information and Software Technology · 2025-10-09

  erratum
  PublisherDOI

• Investigating Vulnerability Disclosures in Open-Source Software Using Bug Bounty Reports and Security Advisories

  ArXiv.org · 2025-01-29 · 1 citations

  preprintOpen accessSenior author

  In the world of open-source software (OSS), the number of known vulnerabilities has tremendously increased. The GitHub Advisory Database contains advisories for security risks in GitHub-hosted OSS projects. As of 09/25/2023, there are 197,609 unreviewed GitHub security advisories. Of those unreviewed, at least 63,852 are publicly documented vulnerabilities, potentially leaving many OSS projects vulnerable. Recently, bug bounty platforms have emerged to focus solely on providing bounties to help secure OSS. In this paper, we conduct an empirical study on 3,798 reviewed GitHub security advisories and 4,033 disclosed OSS bug bounty reports, a perspective that is currently understudied, because they contain comprehensive information about security incidents, e.g., the nature of vulnerabilities, their impact, and how they were resolved. We are the first to determine the explicit process describing how OSS vulnerabilities propagate from security advisories and bug bounty reports, which are the main intermediaries between vulnerability reporters, OSS maintainers, and dependent projects, to vulnerable OSS projects and entries in global vulnerability databases and possibly back. This process uncovers how missing or delayed CVE assignments for OSS vulnerabilities result in projects, both in and out of OSS, not being notified of necessary security updates promptly and corresponding bottlenecks. Based on our findings, we provide suggestions, actionable items, and future research directions to help improve the security posture of OSS projects.

  PublisherOA PDFDOI

• Development and evaluation of the phenotypic 2G test to detect drug-resistant TB

  IJTLD OPEN · 2025-11-01

  articleOpen access1st authorCorresponding

  SUMMARY BACKGROUND Early diagnosis of TB with drug susceptibility testing (DST) is critical to achieve successful treatment outcomes. We aimed to develop and test a novel colorimetric, 12-well, thin-layer agar-based test to assess its accuracy for TB diagnosis and DST in a clinical setting in Southern Mozambique. METHODS Development of the first prototype of the second generation (2G) test in the laboratory setting followed by a cross-sectional diagnostic accuracy study with consecutive recruitment of subjects with microbiologically confirmed TB using GeneXpert MTB/RIF Ultra. RESULTS In the laboratory setting, the 2G test showed 100% accuracy in detecting resistance of genotypically characterised drug-resistant Mycobacterium tuberculosis strains. In the clinical setting, the sensitivity of the 2G test to detect M.tb complex versus Xpert and Mycobacteria Growth Indicator Tube (MGIT) culture using fresh sputa was 45.9% and 45.2%, respectively. The 2G test sensitivity versus MGIT decreased to 23.1% when using frozen decontaminated sputum samples. CONCLUSION In the clinical setting, the 2G test showed a low sensitivity versus Xpert and MGIT. The 2G test sensitivity was lower when frozen instead of fresh sputa was used. Despite these results, important information was collected to further improve this 2G test prototype and its implementation in resource-constrained settings.

  PublisherDOI

• A Comprehensive Study of Bug-Fix Patterns in Autonomous Driving Systems

  Proceedings of the ACM on software engineering. · 2025-06-19 · 1 citations

  articleOpen accessSenior author

  As autonomous driving systems (ADSes) become increasingly complex and integral to daily life, the importance of understanding the nature and mitigation of software bugs in these systems has grown correspondingly. Addressing the challenges of software maintenance in autonomous driving systems (e.g., handling real-time system decisions and ensuring safety-critical reliability) is crucial due to the unique combination of real-time decision-making requirements and the high stakes of operational failures in ADSes. The potential of automated tools in this domain is promising, yet there remains a gap in our comprehension of the challenges faced and the strategies employed during manual debugging and repair of such systems. In this paper, we present an empirical study that investigates bug-fix patterns in ADSes, with the aim of improving reliability and safety. We have analyzed the commit histories and bug reports of two major autonomous driving projects, Apollo and Autoware, from 1,331 bug fixes with the study of bug symptoms, root causes, and bug-fix patterns. Our study reveals several dominant bug-fix patterns, including those related to path planning, data flow, and configuration management. Additionally, we find that the frequency distribution of bug-fix patterns varies significantly depending on their nature and types and that certain categories of bugs are recurrent and more challenging to exterminate. Based on our findings, we propose a hierarchy of ADS bugs and two taxonomies of 15 syntactic bug-fix patterns and 27 semantic bug-fix patterns that offer guidance for bug identification and resolution. We also contribute a benchmark of 1,331 ADS bug-fix instances.

  PublisherDOI

• A Deep Dive into How Open-Source Project Maintainers Review and Resolve Bug Bounty Reports

  2025-05-12 · 2 citations

  articleSenior author

  Researchers have investigated the bug bounty ecosystem from the lens of platforms, programs, and bug hunters. Understanding the perspectives of bug bounty report reviewers, especially those who historically lack a security background and little to no funding for bug hunters, is currently under-studied. In this paper, we primarily investigate the perspective of open-source software (OSS) maintainers who have used huntr, a bug bounty platform that pays bounties to bug hunters who find security bugs in GitHub projects and have had valid vulnerabilities patched as a result. We address this area by conducting three studies: identifying characteristics through a listing survey <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$(n_{1}=51)$</tex>, their ranked importance with Likert-scale survey data <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$(n_{2}=90)$</tex>, and conducting semi-structured interviews to dive deeper into real-world experiences <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$(n_{3} =17)$</tex>. As a result, we categorize 40 identified characteristics into benefits, challenges, helpful features, and wanted features. We find that private disclosure and project visibility are the most important benefits, while hunters focused on money or CVEs and pressure to review are the most challenging to overcome. Surprisingly, lack of communication with bug hunters is the least challenging, and CVE creation support is the second-least helpful feature for OSS maintainers when reviewing bug bounty reports. We present recommendations to make the bug bounty review process more accommodating to open-source maintainers and identify areas for future work.

  PublisherDOI

• Embedding Software Intent: Lightweight Java Module Recovery

  ArXiv.org · 2025-12-17

  preprintOpen accessSenior author

  As an increasing number of software systems reach unprecedented scale, relying solely on code-level abstractions is becoming impractical. While architectural abstractions offer a means to manage these systems, maintaining their consistency with the actual code has been problematic. The Java Platform Module System (JPMS), introduced in Java 9, addresses this limitation by enabling explicit module specification at the language level. JPMS enhances architectural implementation through improved encapsulation and direct specification of ground-truth architectures within Java projects. Although many projects are written in Java, modularizing existing monolithic projects to JPMS modules is an open challenge due to ineffective module recovery by existing architecture recovery techniques. To address this challenge, this paper presents ClassLAR (Class-and Language model-based Architectural Recovery), a novel, lightweight, and efficient approach that recovers Java modules from monolithic Java systems using fully-qualified class names. ClassLAR leverages language models to extract semantic information from package and class names, capturing both structural and functional intent. In evaluations across 20 popular Java projects, ClassLAR outperformed all state-of-the-art techniques in architectural-level similarity metrics while achieving execution times that were 3.99 to 10.50 times faster.

  PublisherOA PDFDOI

• 14. EFFECTS OF MOOD STABILIZING DRUGS IN CELL VILLAGES OF HUMAN IPSC-DERIVED CORTICAL NEURONS

  Biological Psychiatry · 2025-10-01

  article
  PublisherDOI

• Bringing architecture-based adaption to the mainstream

  Information and Software Technology · 2024-08-22

  article
  PublisherDOI

• Misconfiguration Software Testing for Failure Emergence in Autonomous Driving Systems

  Proceedings of the ACM on software engineering. · 2024-07-12 · 8 citations

  articleOpen accessSenior author

  The optimization of a system’s configuration options is crucial for determining its performance and functionality, particularly in the case of autonomous driving software (ADS) systems because they possess a multitude of such options. Research efforts in the domain of ADS have prioritized the development of automated testing methods to enhance the safety and security of self-driving cars. Presently, search-based approaches are utilized to test ADS systems in a virtual environment, thereby simulating real-world scenarios. However, such approaches rely on optimizing the waypoints of ego cars and obstacles to generate diverse scenarios that trigger violations, and no prior techniques focus on optimizing the ADS from the perspective of configuration. To address this challenge, we present a framework called C onf VE, which is the first automated configuration testing framework for ADSes. C onf VE’s design focuses on the emergence of violations through rerunning scenarios generated by different ADS testing approaches under different configurations, leveraging 9 test oracles to enable previous ADS testing approaches to find more types of violations without modifying their designs or implementations and employing a novel technique to identify bug-revealing violations and eliminate duplicate violations. Our evaluation results demonstrate that C onf VE can discover <mml:math xmlns:mml="http://www.w3.org/1998/Math/MathML" display="inline"> <mml:mrow> <mml:mn>1</mml:mn> <mml:mo>,</mml:mo> <mml:mn>818</mml:mn> </mml:mrow> </mml:math> unique violations and reduce <mml:math xmlns:mml="http://www.w3.org/1998/Math/MathML" display="inline"> <mml:mn>74.19</mml:mn> <mml:mo>%</mml:mo> </mml:math> of duplicate violations.

  PublisherDOI

• Demo: Towards Automated Driving Violation Cause Analysis in Scenario-Based Testing for Autonomous Driving Systems

  2024-01-01 · 1 citations

  articleOpen access
  PublisherDOI

Frequent coauthors

• Nenad Medvidović

  44 shared

• Sam Malek

  University of California, Irvine

  26 shared

• Daniel Popescu

  11 shared

• Uwe Zdun

  10 shared

• Mubashir Ali

  University of Birmingham

  9 shared

• Ivo Krka

  Google (Switzerland)

  9 shared

• Patrizia Scandurra

  9 shared

• Sumaya Almanee

  University of California, Irvine

  8 shared

Education

• Doctor of Philosophy, Computer Science

  University of Southern California

  2014

• Master of Science, Computer Science

  University of Southern California

  2008

• Bachelor of Science, Computer Science

  University of Southern California

  2006