Data lineage allows us to understand (taint) data flows in systems, which, e.g., is important for privacy because we need to understand where our data goes in order to protect them. There are a variety of Lineage approaches, such as static & dynamic analysis; each approach has potential false positives and false negatives.

These potential false positives and false negatives impact multiple entities: the Lineage tool owners, the product team using the tool, the privacy engineers assessing the products and tools. To ensure all the entities are using and upholding a consistent standard or threshold, we will present a common framework for measuring the performance of Lineage.

Francesco Logozzo is a director-level software engineer in the Product Compliance & Privacy team at Meta.

He has received his Ph.D. from Ecole Polytechnique, under the supervision of Dr. Radhia Cousot. From 2006 to 2015 he was a senior researcher at MSR. In 2015 he joined Meta to lead the efforts to build static analysis tools for security at scale.

He has published more 70 academic papers in the main programming languages conferences (POPL, PLDI, OOPSLA, SAS, VMCAI…), gave keynote talks at Academic (VSTT, VMCAI, SAS …) and Industrial conferences (MSFT BUILD, AppSec …) chaired several program committees (SAS, VMCAI…) and served in many many more.

He is the co-recipient of the “2021 IEEE Cybersecurity Award for Practice” for his work on the static analyzer Zoncolan. Overall, static analyzers in the Zoncolan family catch more that 50% of the security bugs at Meta.

Outside work, Francesco enjoys cycling and Opera.