Where did you grow up, and what shaped you there—especially in relation to technology, science, or entrepreneurship?
Alfusainey Jallow: I grew up in The Gambia and later continued my studies in Switzerland and Germany. During my time in The Gambia, I was part of a small team that helped develop a medical record system used by two hospitals. That experience gave me my first real insight into how technology can have a meaningful impact on people’s daily lives.
Over time, I became interested in software security and how developers build and share software together. I was especially interested in how online communities, open-source projects, and now AI coding assistants shape modern software systems.
When did the idea first emerge that you didn’t just want to do research, but also build a company?
During my PhD research, I studied how developers reuse code from places like Stack Overflow, and GitHub, and how the evolution of that code can impact them.
At first, code reuse looked like a normal and useful development practice. But the more I studied it, the more I realized there was a larger problem. When code snippets are copied into different projects, they often become disconnected from similar code used elsewhere. Over time, they evolve separately, and it becomes difficult to track where they came from or whether they may contain security, maintenance, or licensing risks.
I realized this was not only a research problem, but also a practical problem that may affect many organizations building software today.
What role did the desire to translate research into real-world applications play in this?
Research helped me understand the problem, but I also realized that papers alone would not solve it. To better understand whether this was a real pain point outside academia, I took part in a Helmholtz field study fellowship in 2023.
As part of the study, we interviewed professional software engineers from companies including Adobe, Swisscom, Bosch, and Magnolia. Across these conversations, many developers described challenges around understanding reused code, maintaining visibility across systems, and tracking risks connected to shared code fragments.
These discussions helped confirm that this was not only an academic problem, but also something practitioners experience in real software development environments. The experience played an important role in my decision to further explore the problem through the CISPA Founders Fellowship.
"Research helped me understand the problem, but I also realized that papers alone would not solve it."
What specifically motivated you to join the Founders Fellowship at CISPA Helmholtz Center for Information Security?
The Founders Fellowship gives me the chance to explore these ideas outside of academic research alone. I liked that the program connects research with real-world problems and encourages collaboration with practitioners and industry.
For me, it is also a good opportunity to learn more about building products, understanding user needs, and testing whether the problem I am studying is something organizations truly struggle with.
Tell me about your startup idea.
My startup idea, currently called FragmentIQ, explores the idea of distributed code intelligence. The goal is to better understand how similar code fragments spread, change, and reappear across modern software ecosystems.
Today, developers reuse code from many places, including open-source projects, developer forums, internal repositories, documentation, and AI coding assistants. However, existing software supply chain tools mainly focus on package dependencies and cannot properly track reused code fragments outside those dependency graphs.
This means important information connected to one code fragment — such as security vulnerabilities, API changes, licensing risks, bug fixes, or performance improvements — often does not reach related fragments used elsewhere.
FragmentIQ explores how these hidden relationships can become more visible so organizations can better understand how code-related risks and knowledge spread across software ecosystems.
This program is designed to empower Ph.D. students, postdoctoral researchers, and exceptional MSc students, to transform their innovative research in the fields of information security, privacy, and AI/ML into successful startups. On this site we provide you with a comprehensive overview of the program, its objectives, eligibility criteria, benefits, structure, and the application process.
What problem do you really want to solve with your idea—beyond the technology itself?
I want to help organizations build software with more confidence and better visibility. Developers work under a lot of pressure and often reuse code to save time and move faster. That is a normal and important part of software development.
The challenge is that organizations often do not fully understand how reused code spreads across systems or how risks connected to that code evolve over time.
If we can improve visibility around reused code, organizations can make better security and maintenance decisions without slowing developers down.
If your startup is successful in five years, what will have concretely changed?
I hope organizations will have a better understanding of how shared code fragments move across repositories, internal systems, online forums, and AI-generated code.
I would also like to see the software industry move beyond only tracking package dependencies toward better understanding relationships between shared code fragments as well.
And if you complete the sentence: “Founding a company means to me…” — how would you finish it?
Founding a company means to me trying to turn research ideas into practical solutions that can help people in the real world :)
