When a two-alarm warehouse fire erupted in San Francisco, six engine companies roared toward the flames, draining three nearby firehouses and leaving thousands of residents uncovered. Months later, Chandler Kuhn replayed that crisis using an algorithm he had developed for his graduate research project in engineering management. On his laptop, census blocks flashed red wherever response times slipped past the city’s 5-minute target.
Kuhn clicked run again. In 0.6 seconds, the model reassigned three idle engines and turned the map green — full coverage, no extra equipment needed.
“I’ve seen a structure fire pull every nearby engine, and if someone has a heart attack right then, the closest help can be 10 minutes away,” said Kuhn, a former volunteer firefighter now finishing a blended bachelor’s in aerospace engineering and master’s in engineering management. “This model tells dispatch in seconds exactly which rig to shift so that gap never opens.
Kuhn’s mix of street-level experience and data science earned him first place in the behavioral, social sciences and administration category at the 39th California State University Research Competition, which drew more than 200 scholars from the system’s 23 campuses to Cal Poly Humboldt in late April.
Cal Poly collected five awards — two of them firsts from the College of Engineering. The second blue ribbon went to computer science graduate Joanna Chou and soon-to-be graduate Wesley Tam, whose software–supply-chain scanner spots hidden vulnerabilities before hackers can exploit them.
Together, the two projects attack “invisible emergencies” most people never notice until something goes terribly wrong.
Bad Mayo, Bad Code
While Kuhn hunted for coverage gaps on city streets, Chou and Tam tracked dangers buried in software.
“Think of a sandwich shop,” Chou told the judges at Cal Poly Humboldt. “If your mayo supplier ships spoiled product, every sandwich is at risk.” Modern apps work the same way: thousands of open-source libraries act as unseen ingredients, and a single compromised dependency can infect everything stacked on top.
Working with computer science faculty Bruce DeBruhl and BJ Klingenberg, the pair built a tool that scans open-source software, lists every outside package and checks each one for known security flaws. While Tam and Chou led the presentation, about 10 other computer science students have contributed to the project. The tool assigns a 0-to-10 risk score and flags suspicious, look-alike names that hackers use to slip in bad code. Last year alone, supply-chain attacks like these topped 250,000, doubling the total from 2019 to 2022.
“We want developers to see at a glance when a dependency is trouble,” Tam said. “If our tool flags a library at a 10, they can swap it out — or at least proceed knowing it’s risky.”
Future plans include improving the tool’s interface, expanding it beyond JavaScript and building smarter ways to detect risky code patterns, with an open-source beta targeted for winter.
Inside the Solutions
At the CSU finals, teams only had 10 minutes to present and 5 to answer questions, so clarity, relevance and strong visuals often made the difference.
Kuhn emphasized impact. His warehouse-fire replay showed the city’s uncovered zone drop from 8% to zero after the model shifted three idle rigs, while addresses reachable within 5 minutes rose by more than 10%.
“Major incidents almost never happen alone,” he told the panel, noting that dispatchers still reposition engines manually, often only after the situation has calmed.
Guided by Zhiyuan Wei, an industrial and manufacturing engineering professor, Kuhn now plans to refine the tool for real-time use and present his findings at the Institute of Industrial and Systems Engineers conference in June. “The math says we can save minutes,” he added. “I hope a department picks it up, whether it’s for a house fire, a medical call or a wildfire that leaves whole areas uncovered.”
Chou and Tam focused on scale. A rotating 3D graph revealed how one bright-red node — an intentionally tainted dependency — could ripple through layers of green and yellow packages.
“One outdated library can poison thousands of apps,” Chou said. “We’re building that consciousness,” she said, “so vulnerabilities are obvious before developers hit commit.”
What began as an exploratory effort evolved into a tool with real-world value. Their next step is to publish their findings and make the software publicly available, part of their goal to help developers make safer choices before code ever leaves the keyboard.
The two winning projects grew from different corners of engineering, yet both share the same promise: to stop a crisis before anyone realizes danger was there. And in both cases, the solution lies not in more resources but in seeing the problem sooner and acting faster.
Second place, physical and mathematical sciences:
Gavin Plume, environmental engineering, for mapping the vertical structure of subsurface marine heatwaves near California’s upwelling coast.
Second place, biological sciences:
Ryan Singer, biology, for cataloging evaporative water loss in California’s colubrid snakes — data that could guide habitat-management plans.
Honorable mention, health care engineering:
Jaafar Al Shatari, Josh Gottschalk, Seth Saxena and Giovanni Wang, biomedical engineering, for developing a virtual reality system to help clinicians assess brain injuries.
First-place winners received $500 and custom trophies designed by Cal Poly Humboldt’s makerspace. Second-place winners earned $250.
By Emily Slater
