Works (17)

Updated: July 5th, 2023 15:38

2021 journal article

Different Kind of Smells: Security Smells in Infrastructure as Code Scripts

IEEE SECURITY & PRIVACY, 19(3), 33–41.

By: A. Rahman* & L. Williams n

TL;DR: This article summarizes the recent research findings related to infrastructure as code (IaC) scripts, where 67,801 occurrences of security smells that include 9,175 hard-coded passwords are identified. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: June 10, 2021

2021 journal article

Security Smells in Ansible and Chef Scripts: A Replication Study

ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 30(1).

By: A. Rahman*, M. Rahman n, C. Parnin n & L. Williams n

TL;DR: This article identifies two security smells not reported in prior work: missing default in case statement and no integrity check and recommends practitioners to rigorously inspect the presence of the identified security smells in Ansible and Chef scripts using code review, and static analysis tools. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: March 8, 2021

2020 article

Gang of Eight: A Defect Taxonomy for Infrastructure as Code Scripts

2020 ACM/IEEE 42ND INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2020), pp. 752–764.

By: A. Rahman*, E. Farhana n, C. Parnin n & L. Williams n

author keywords: bug; category; configuration as code; configuration scripts; defect; devops; infrastructure as code; puppet; software quality; taxonomy
TL;DR: A taxonomy of IaC defects is developed by applying qualitative analysis on 1,448 defect-related commits collected from open source software (OSS) repositories of the Openstack organization and the quantified frequency of the defect categories may help in advancing the science of IAC script quality. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: June 21, 2021

2020 journal article

The 'as code' activities: development anti-patterns for infrastructure as code

EMPIRICAL SOFTWARE ENGINEERING, 25(5), 3430–3467.

By: A. Rahman*, E. Farhana n & L. Williams n

author keywords: Anti-pattern; Bugs; Configuration script; Continuous deployment; Defect; Devops; Infrastructure as code; Practice; Puppet; Quality
TL;DR: Five development anti-patterns of infrastructure as code (IaC) scripts, namely, ‘boss is not around’, “many cooks spoil”, � ‘minors are spoiler‚, ’silos‚ and ‘unfocused contribution’ are identified. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: September 7, 2020

2019 article

Blockchain Enabled AI Marketplace: The Price You Pay For Trust

2019 IEEE/CVF CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION WORKSHOPS (CVPRW 2019), pp. 2857–2866.

By: K. Sarpatwar*, V. Ganapavarapu*, K. Shanmugam*, A. Rahman n & R. Vaculin*

TL;DR: This work provides a blockchain implementation that enables an "AI marketplace": a platform where consumers and data providers can transact data and/or models and derive value and demonstrates that the blockchain implementation plays a crucial role in addressing the issue of fair value attribution and privacy in a trustable way. (via Semantic Scholar)
UN Sustainable Development Goal Categories
Source: Web Of Science
Added: October 5, 2020

2019 article

Share, But Be Aware: Security Smells in Python Gists

2019 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE AND EVOLUTION (ICSME 2019), pp. 536–540.

By: M. Rahman n, A. Rahman* & L. Williams n

author keywords: GitHub; Gist; Python; Security; Security Smell; Static Analysis; Software Security
TL;DR: This paper finds 13 types of security smells with 4,403 occurrences in 5,822 publicly-available Python Gists and finds no significance relation between the presence of these security smells and the reputation of the Gist author. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: Web Of Science
Added: April 14, 2020

2019 journal article

Source code properties of defective infrastructure as code scripts

INFORMATION AND SOFTWARE TECHNOLOGY, 112, 148–163.

By: A. Rahman n & L. Williams n

author keywords: Configuration as code; Continuous deployment; Defect prediction; Devops; Empirical study; Infrastructure as code; Puppet
TL;DR: This paper applies qualitative analysis on defect-related commits mined from open source software repositories to identify source code properties that correlate with defective IaC scripts and constructs defect prediction models using the identified properties. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: June 17, 2019

2019 article

The Seven Sins: Security Smells in Infrastructure as Code Scripts

2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2019), pp. 164–175.

By: A. Rahman n, C. Parnin n & L. Williams n

author keywords: devops; devsecops; empirical study; infrastructure as code; puppet; security; smell; static analysis
TL;DR: The goal of this paper is to help practitioners avoid insecure coding practices while developing infrastructure as code (IaC) scripts through an empirical study of security smells in IaC scripts. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: September 7, 2020

2018 journal article

A systematic mapping study of infrastructure as code research

INFORMATION AND SOFTWARE TECHNOLOGY, 108, 65–77.

By: A. Rahman n, R. Mandavi-Hezaveh & L. Williams n

author keywords: Devops; Configuration as code; Configuration script; Continuous deployment; Infrastructure as code; Software engineering; Systematic mapping study
TL;DR: The findings suggest that framework or tools is a well-studied topic in IaC research, as defects and security flaws can have serious consequences for the deployment and development environments in DevOps. (via Semantic Scholar)
Source: Web Of Science
Added: March 11, 2019

2018 article

Characteristics of Defective Infrastructure as Code Scripts in DevOps

PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING - COMPANION (ICSE-COMPANION, pp. 476–479.

By: A. Rahman n

author keywords: defects; devops; infrastructure as code; metrics
TL;DR: Methods to help practitioners increase the quality of IaC scripts are proposed to identify structural characteristics that correlate with defects, and identify characteristics that violate security and privacy objectives. (via Semantic Scholar)
Source: Web Of Science
Added: December 3, 2018

2018 article

Characterizing the Influence of Continuous Integration

PROCEEDINGS OF THE 4TH ACM SIGSOFT INTERNATIONAL WORKSHOP ON SOFTWARE ANALYTICS (SWAN'18), pp. 8–14.

By: A. Rahman n, A. Agrawal n, R. Krishna n & A. Sobran*

author keywords: Continuous Integration; DevOps; GitHub; Mining Software Repositories; Software Development Practice
TL;DR: The findings indicate that only adoption of CI might not be enough to the improve software development process, and recommend industry practitioners to adopt the best practices of CI to reap the benefits of CI tools for example, making frequent commits. (via Semantic Scholar)
Source: Web Of Science
Added: April 2, 2019

2018 article

Comprehension Effort and Programming Activities: Related? Or Not Related?

2018 IEEE/ACM 15TH INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES (MSR), pp. 66–69.

By: A. Rahman n

author keywords: Comprehension; Halstead's complexity; Programmer behavior
TL;DR: An empirical study using the MSR 2018 Mining Challenge Dataset quantifies programmers' comprehension effort, and investigates the relationship between program comprehension effort and four programming activities: navigating, editing, building projects, and debugging. (via Semantic Scholar)
Source: Web Of Science
Added: March 4, 2019

2018 article

Poster: Defect Prediction Metrics for Infrastructure as Code Scripts in DevOps

PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING - COMPANION (ICSE-COMPANION, pp. 414–415.

By: A. Rahman n, J. Stallings n & L. Williams n

author keywords: Continuous Deployment; DevOps; Infrastructure as Code; Metrics
TL;DR: The goal of this paper is to help software practitioners in prioritizing their inspection efforts for infrastructure as code (IaC) scripts by proposing defect prediction model-related metrics, and applies Constructivist Grounded Theory on defect-related commits mined from version control systems to identify metrics suitable for IaC scripts. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: December 3, 2018

2018 article

What Questions Do Programmers Ask About Configuration as Code?

PROCEEDINGS 2018 IEEE/ACM 4TH INTERNATIONAL WORKSHOP ON RAPID CONTINUOUS SOFTWARE ENGINEERING (RCOSE), pp. 16–22.

By: A. Rahman n, A. Partho, P. Morrison n & L. Williams n

author keywords: challenge; configuration as code; continuous deployment; devops; infrastructure as code; programming; puppet; question; stack over-flow
TL;DR: This paper extracts 2,758 Puppet-related questions asked by programmers from January 2010 to December 2016, posted on Stack Overflow, and applies qualitative analysis to identify the questions programmers ask about Puppet. (via Semantic Scholar)
Source: Web Of Science
Added: January 21, 2019

2016 article

Software Security in DevOps: Synthesizing Practitioners' Perceptions and Practices

INTERNATIONAL WORKSHOP ON CONTINUOUS SOFTWARE EVOLUTION AND DELIVERY, CSED 2016, pp. 70–76.

By: A. Rahman n & L. Williams n

author keywords: DevOps; security; software practices; survey
TL;DR: The goal of this paper is to aid software practitioners in integrating security and DevOps by summarizing experiences in utilizing security practices in a DevOps environment by analyzing a selected set of Internet artifacts. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2016 conference paper

Tutorial: text analytics for security

Symposium and Bootcamp on the Science of Security, 124–125.

By: T. Xie & W. Enck

Source: NC State University Libraries
Added: August 6, 2018

2015 article

Synthesizing Continuous Deployment Practices Used in Software Development

2015 AGILE CONFERENCE, pp. 1–10.

By: A. Ur Rahman, E. Helms n, L. Williams n & C. Parnin n

author keywords: agile; continuous deployment; continuous delivery; industry practices; internet artifacts; follow-up inquiries
TL;DR: It is observed that continuous deployment necessitates the consistent use of sound software engineering practices such as automated testing, automated deployment, and code review, which are used by software companies. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.

Certain data included herein are derived from the Web of Science© and InCites© (2024) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.