Hey, I'm Emil
I'm a business-savvy data nerd who spends way too much time in front of a screen. I run a few different companies, invest, advise, and hack. My most notable achievement was founding, scaling, and exiting Debricked, a startup I co-founded in 2018. Following Debricked's 2022 acquisition, we joined Micro Focus. I lead teams developing application security solutions using machine learning, graph algorithms, and static analysis techniques.
I also enjoy writing spaghetti code while drinking wine. 🍷
Current projects
Podcast Appearances
- The future of security scanning with Debricked
Open Source Security
- Managing Portfolios of OSS Projects with Emil Wåreus
CHAOSS
- Open source vulnerability - Emil Wåreus from Debricked
IT Talks (Swedish)
- How to select the best open source project
IT Talks (Swedish)
- Cybersäkerhet och maskininlärning med Emil Wåreus från Debricked
Spotify (Swedish)
- Neo4j Live: Valkompass.ai - Mapping Political Insight with Graphs & AI
Neo4j
Exploring how knowledge graphs and AI bring transparency to politics through Valkompass.ai, an open-source project using Neo4j and Gemini to analyze Swedish political data.
Conference Presentations
ØreDev 2022, Linux Foundation Open Source Summit NA 2022
Addresses false alert fatigue in security scanning. Watch video
GOTO Copenhagen 2022
Neo4j applications for complex dependency resolution.
Foo Café Malmö 2022
Community health metrics and project success prediction. Watch video
Foo Café Malmö 2022, State of AI series
Introduction to semantic code search capabilities. Watch video
Zero to One AI education for managers, company tech-talks, hackathons, and machine learning events.
External Blog Posts
Research on why projects become unmaintained. Watch the talk
Demonstrates graph database approaches for dependency vulnerability analysis.
The Hacker News
Data-driven insights on vulnerability discovery timelines.
Papers
Primary Publications
Springer
Addresses vulnerability database labeling using Named Entity Recognition. Achieved F-measure of 0.86 with precision 0.857 and recall 0.865.
SCITEPRESS
Uses Hierarchical Attention Networks for automated classification. Achieved F1 score of 71% and identified approximately 191,036 potentially vulnerable issues. Nominated for best paper at conference.
Supervised Publications
- Detecting Security Patches in Java Projects Using NLP Technology
Politecnico di Milano
- Automating vulnerability remediation in Maven
Lund University
- Exploring Subjectivity in ad hoc Assessment of Open Source Software
Lund University
- Vulnerability detection using ensemble learning
Lund University
- Exploring the Business Value and User Experience of Open Source Health
Lund University
- Supply chain attacks in open source projects
Lund University
- Recommending Relevant Open Source Software using Semantic Functionality Search
Lund University
- Machine Learning Based Code Generation of Security Patches
Lund University
- Reducing time of vulnerability exposure in open source software usage for public sector software development
University of Lübeck
Patents
Uses NLP to automatically link vulnerability databases (CVE) with platform enumerations (CPE) by extracting information and building synthetic mappings.
Parses dependency files, generates CPE identifiers, and matches against vulnerability databases using confidence scoring to identify relevant security issues.
Determines quality metrics for open-source projects by extracting features from project data, applying statistical transforms, and weighting relative to similar projects.
Automates vulnerability detection using NLP on open-source issue discussions with hierarchical attention networks and virtual adversarial training.
Identifies vulnerable functions in code using call graph analysis and ML models that map CVE data to specific functions.
Maps package dependencies to non-vulnerable versions, ensuring compatibility across interdependent packages while eliminating security risks.
Uses code embeddings and functionality clustering to locate relevant code blocks within software packages based on queries.
Combines malicious code classifiers with community behavior analysis to detect malicious software packages using machine learning.
Uses ML to identify vulnerabilities in databases, locate affected code, and auto-generate patches from version deltas where issues were fixed.
Analyzes AI-generated compositions to identify training data sources and automatically assigns appropriate licensing based on source material licenses.
Monitors external component updates, analyzes API changes, identifies new vulnerabilities, and generates composite quality scores for developers.
Manages licensing for AI models trained on licensed source code, tracking and attributing licenses to AI-generated output code.
Open Source Projects
Next.js • TypeScript
This blog platform itself, built with Next.js 16. Features SSG, MDX content, and audio narration for posts. Open-sourced so you can see how it's built - warts and all.
Go • Docker
Command-line interface for open source security scanning and software composition analysis. Delivers vulnerability detection, compliance checking, and health metrics directly to the command prompt. Integrates seamlessly into CI/CD pipelines with multi-platform support.
Next.js • Neo4j • Gemini
Open source platform for exploring Swedish political party positions using AI-powered analysis. Combines knowledge graphs (Neo4j) with Google Gemini to analyze party programs, manifestos, and voting records. Provides transparent, data-driven insights for voters, journalists, and citizens.
NLP
Early-stage project automating group chat management using NLP. Self-described as "very very early stage".
Research Projects
AI and Risk-based Vulnerability Management for Trustworthy Open Source Adoption
Runtime vulnerability detection using eBPF. Funded by Vinnova. Collaboration: Debricked, Elastisys.