Works (106)

Updated: September 8th, 2023 05:00

2023 article

Do Software Security Practices Yield Fewer Vulnerabilities?

2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE, ICSE-SEIP, pp. 292โ€“303.

By: N. Zahan n, S. Shohan nโ€‰, D. Harris n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: August 21, 2023

2023 journal article

Open or Sneaky? Fast or Slow? Light or Heavy?: Investigating Security Releases of Open Source Packages

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 49(4), 1540โ€“1560.

By: N. Imtiaz n, A. Khanom n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Security; Codes; Delays; Ecosystems; Databases; Semantics; Supply chains; Empirical study; open source security; supply chain security
Source: Web Of Science
Added: May 30, 2023

2023 article

SecretBench: A Dataset of Software Secrets

2023 IEEE/ACM 20TH INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES, MSR, pp. 347โ€“351.

By: S. Basak n, L. Neil n, B. Reaves n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: September 5, 2023

2023 journal article

What Are the Attackers Doing Now? Automating Cyberthreat Intelligence Extraction from Text on Pace with the Changing Threat Landscape: A Survey

ACM COMPUTING SURVEYS, 55(12).

By: M. Rahman n, R. Hezavehโ€‰ n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Cyberthreat intelligence; CTI extraction; CTI mining; IoC extraction; TTPs; extraction; attack pattern extraction; threat reports; tactical threat intelligence; technical threat intelligence
Source: Web Of Science
Added: April 24, 2023

2023 article

What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts?

2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ICSE, pp. 1635โ€“1647.

By: S. Basak n, L. Neil n, B. Reaves n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: September 5, 2023

2022 article

Dazzle: Using Optimized Generative Adversarial Networks to Address Security Data Class Imbalance Issue

2022 MINING SOFTWARE REPOSITORIES CONFERENCE (MSR 2022), pp. 144โ€“155.

By: R. Shu n, T. Xia n, L. Williams n & T. Menzies nโ€‰

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Security Vulnerability Prediction; Class Imbalance; Hyperparameter Optimization; Generative Adversarial Networks
Sources: Web Of Science, ORCID
Added: September 19, 2022

2022 journal article

Do I really need all this work to find vulnerabilities? An empirical case study comparing vulnerability detection techniques on a Java application

EMPIRICAL SOFTWARE ENGINEERING, 27(6).

By: S. Elder n, N. Zahan n, R. Shu n, M. Metro n, V. Kozarev n, T. Menzies nโ€‰, L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Vulnerability Management; Web Application Security; Penetration Testing; Vulnerability Scanners
Sources: Web Of Science, ORCID
Added: August 22, 2022

2022 article

Exploring the Shift in Security Responsibility

Weir, C., Migues, S., & Williams, L. (2022, March 9). IEEE SECURITY & PRIVACY.

By: C. Weirโ€‰*, S. Migues* & L. Williams n

co-author countries: Switzerland ๐Ÿ‡จ๐Ÿ‡ญ United Kingdom of Great Britain and Northern Ireland ๐Ÿ‡ฌ๐Ÿ‡ง United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Security; Software; Companies; Satellites; Standards organizations; Data models; Training
Source: Web Of Science
Added: March 28, 2022

2022 journal article

Feature toggles as code: Heuristics and metrics for structuring feature toggles

INFORMATION AND SOFTWARE TECHNOLOGY, 145.

By: R. Mahdavi-Hezavehโ€‰ n, N. Ajmeri*โ€‰ & L. Williams n

co-author countries: United Kingdom of Great Britain and Northern Ireland ๐Ÿ‡ฌ๐Ÿ‡ง United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Feature toggle; Continuous integration; Continuous development; Open source repository; Heuristic; Metric
Sources: Web Of Science, ORCID
Added: May 2, 2022

2022 journal article

Omni: automated ensemble with unexpected models against adversarial evasion attack

EMPIRICAL SOFTWARE ENGINEERING, 27(1).

By: R. Shu n, T. Xia n, L. Williams n & T. Menzies nโ€‰

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Hyperparameter optimization; Ensemble defense; Adversarial evasion attack
Sources: Web Of Science, ORCID
Added: December 6, 2021

2022 journal article

Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations

IEEE SECURITY & PRIVACY, 20(2), 96โ€“100.

By: W. Enck n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: May 31, 2022

2022 article

What are Weak Links in the npm Supply Chain?

2022 ACM/IEEE 44TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE (ICSE-SEIP 2022), pp. 331โ€“340.

By: N. Zahan n, T. Zimmermann*, P. Godefroid*, B. Murphyโ€‰*, C. Maddilaโ€‰* & L. Williams n

co-author countries: United Kingdom of Great Britain and Northern Ireland ๐Ÿ‡ฌ๐Ÿ‡ง United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Software Ecosystem; Supply Chain Security; npm; Weak link Signal
Source: Web Of Science
Added: September 19, 2022

2022 article

What are the Practices for Secret Management in Software Artifacts?

2022 IEEE SECURE DEVELOPMENT CONFERENCE (SECDEV 2022), pp. 69โ€“76.

By: S. Basak n, L. Neil n, B. Reaves n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: secret management; practices; empirical study; grey literature; secure development
Source: Web Of Science
Added: February 20, 2023

2022 journal article

Why secret detection tools are not enough: It's not just about false positives-An industrial case study

EMPIRICAL SOFTWARE ENGINEERING, 27(3).

By: M. Rahman n, N. Imtiaz n, M. Storeyโ€‰* & L. Williams n

co-author countries: Canada ๐Ÿ‡จ๐Ÿ‡ฆ United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Secret detection tool; Hardcoded secrets; Secrets in repositories; Credentials in repositories
Source: Web Of Science
Added: April 4, 2022

2021 journal article

Different Kind of Smells: Security Smells in Infrastructure as Code Scripts

IEEE SECURITY & PRIVACY, 19(3), 33โ€“41.

By: A. Rahman* & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: June 10, 2021

2021 journal article

How to Better Distinguish Security Bug Reports (Using Dual Hyperparameter Optimization)

EMPIRICAL SOFTWARE ENGINEERING, 26(3).

By: R. Shu, T. Xia, J. Chen, L. Williams & T. Menziesโ€‰

author keywords: Hyperparameter Optimization; Data pre-processing; Security bug report
Sources: Web Of Science, ORCID
Added: May 3, 2021

2021 journal article

Improving Vulnerability Inspection Efficiency Using Active Learning

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 47(11), 2401โ€“2420.

By: Z. Yu nโ€‰, C. Theisen*, L. Williams n & T. Menzies nโ€‰

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Inspection; Software; Tools; Security; Predictive models; Error correction; NIST; Active learning; security; vulnerabilities; software engineering; error correction
Sources: Web Of Science, ORCID
Added: November 12, 2021

2021 article

Infiltrating Security into Development: Exploring the World' Largest Software Security Study

PROCEEDINGS OF THE 29TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE '21), pp. 1326โ€“1336.

By: C. Weir, S. Migues, M. Ware & L. Williams

author keywords: Software engineering; Software security; Developer centered security; Software security group; Secure software development lifecycle; SDLC; DevSecOps
Source: Web Of Science
Added: March 7, 2022

2021 journal article

Security Smells in Ansible and Chef Scripts: A Replication Study

ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 30(1).

By: A. Rahman*, M. Rahman n, C. Parnin n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: March 8, 2021

2021 journal article

Software development with feature toggles: practices used by practitioners

EMPIRICAL SOFTWARE ENGINEERING, 26(1).

By: R. Mahdavi-Hezavehโ€‰ n, J. Dremann n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Continuous integration; Continuous delivery; Feature toggle; Practice
Source: Web Of Science
Added: February 8, 2021

2021 article

Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard

2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: JOINT TRACK ON SOFTWARE ENGINEERING EDUCATION AND TRAINING (ICSE-JSEET 2021), pp. 95โ€“104.

By: S. Elder n, N. Zahan n, V. Kozarev n, R. Shu n, T. Menzies nโ€‰ & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Security and Protection; Computer and Information Science Education; Industry-Standards
Sources: Web Of Science, ORCID
Added: November 1, 2021

2020 article

A Literature Review on Mining Cyberthreat Intelligence from Unstructured Texts

20TH IEEE INTERNATIONAL CONFERENCE ON DATA MINING WORKSHOPS (ICDMW 2020), pp. 516โ€“525.

By: M. Rahman n, R. Mahdavi-Hezavehโ€‰ n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: July 12, 2021

2020 journal article

Better together: Comparing vulnerability prediction models

INFORMATION AND SOFTWARE TECHNOLOGY, 119.

By: C. Theisen n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Security; Vulnerabilities; Prediction model; Software engineering
Source: Web Of Science
Added: March 2, 2020

2020 article

Gang of Eight: A Defect Taxonomy for Infrastructure as Code Scripts

2020 ACM/IEEE 42ND INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2020), pp. 752โ€“764.

By: A. Rahman*, E. Farhana n, C. Parnin n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: bug; category; configuration as code; configuration scripts; defect; devops; infrastructure as code; puppet; software quality; taxonomy
Source: Web Of Science
Added: June 21, 2021

2020 journal article

The 'as code' activities: development anti-patterns for infrastructure as code

EMPIRICAL SOFTWARE ENGINEERING, 25(5), 3430โ€“3467.

By: A. Rahman*, E. Farhana n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Anti-pattern; Bugs; Configuration script; Continuous deployment; Defect; Devops; Infrastructure as code; Practice; Puppet; Quality
Source: Web Of Science
Added: September 7, 2020

2019 journal article

A systematic mapping study of infrastructure as code research

INFORMATION AND SOFTWARE TECHNOLOGY, 108, 65โ€“77.

By: A. Rahman n, R. Mandavi-Hezaveh & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Devops; Configuration as code; Configuration script; Continuous deployment; Infrastructure as code; Software engineering; Systematic mapping study
Source: Web Of Science
Added: March 11, 2019

2019 article

How Do Developers Act on Static Analysis Alerts? An Empirical Study of Coverity Usage

2019 IEEE 30TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE), pp. 323โ€“333.

By: N. Imtiaz n, B. Murphyโ€‰* & L. Williams n

co-author countries: United Kingdom of Great Britain and Northern Ireland ๐Ÿ‡ฌ๐Ÿ‡ง United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: static analysis; tools; alerts; warnings; developer action
Source: Web Of Science
Added: July 13, 2020

2019 article

Share, But Be Aware: Security Smells in Python Gists

2019 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE AND EVOLUTION (ICSME 2019), pp. 536โ€“540.

By: M. Rahman n, A. Rahman* & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: GitHub; Gist; Python; Security; Security Smell; Static Analysis; Software Security
Source: Web Of Science
Added: April 14, 2020

2019 journal article

Source code properties of defective infrastructure as code scripts

INFORMATION AND SOFTWARE TECHNOLOGY, 112, 148โ€“163.

By: A. Rahman n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Configuration as code; Continuous deployment; Defect prediction; Devops; Empirical study; Infrastructure as code; Puppet
Source: Web Of Science
Added: June 17, 2019

2019 article

The Seven Sins: Security Smells in Infrastructure as Code Scripts

2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2019), pp. 164โ€“175.

By: A. Rahman n, C. Parnin n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: devops; devsecops; empirical study; infrastructure as code; puppet; security; smell; static analysis
Source: Web Of Science
Added: September 7, 2020

2018 article

Are Vulnerabilities Discovered and Resolved like Other Defects?

PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), pp. 498โ€“498.

By: P. Morrison n, R. Pandita*, X. Xiao*, R. Chillarege* & L. Williams n

co-author countries: Spain ๐Ÿ‡ช๐Ÿ‡ธ United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: January 21, 2019

2018 journal article

Are vulnerabilities discovered and resolved like other defects?

EMPIRICAL SOFTWARE ENGINEERING, 23(3), 1383โ€“1421.

By: P. Morrisonโ€‰ n, R. Pandita n, X. Xiao, R. Chillarege & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Software development; Measurement; Process improvement; Security; Orthogonal Defect Classification (ODC)
Source: Web Of Science
Added: August 6, 2018

2018 review

Attack surface definitions: A systematic literature review

[Review of ]. INFORMATION AND SOFTWARE TECHNOLOGY, 104, 94โ€“103.

By: C. Theisen n, N. Munaiahโ€‰*, M. Al-Zyoud*, J. Carverโ€‰*, A. Meneelyโ€‰* & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Attack surface; Vulnerabilities; Software engineering; Systematic literature review
Source: Web Of Science
Added: November 19, 2018

2018 article

Characterizing Defective Configuration Scripts Used for Continuous Deployment

2018 IEEE 11TH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION (ICST), pp. 34โ€“45.

By: A. Rahmanโ€‰ n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: August 6, 2018

2018 article

Continuously Integrating Security

2018 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SECURITY AWARENESS FROM DESIGN TO DEPLOYMENT (SEAD), pp. 1โ€“2.

By: L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Continuous deployment; software security; DevOps; DevSecOps
Source: Web Of Science
Added: October 29, 2018

2018 article

Identifying Security Issues in Software Development: Are Keywords Enough?

PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING - COMPANION (ICSE-COMPANION, pp. 426โ€“427.

By: P. Morrison n, T. Oyetoyanโ€‰* & L. Williams n

co-author countries: Norway ๐Ÿ‡ณ๐Ÿ‡ด United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Security; vocabulary; classification model; CVE; Prediction
Source: Web Of Science
Added: December 3, 2018

2018 journal article

Mapping the field of software life cycle security metrics

INFORMATION AND SOFTWARE TECHNOLOGY, 102, 146โ€“159.

By: P. Morrison n, D. Moye n, R. Pandita n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Metrics; Measurement; Security
Source: Web Of Science
Added: October 19, 2018

2018 article

Poster: Defect Prediction Metrics for Infrastructure as Code Scripts in DevOps

PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING - COMPANION (ICSE-COMPANION, pp. 414โ€“415.

By: A. Rahman n, J. Stallings n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Continuous Deployment; DevOps; Infrastructure as Code; Metrics
Source: Web Of Science
Added: December 3, 2018

2018 article

What Questions Do Programmers Ask About Configuration as Code?

PROCEEDINGS 2018 IEEE/ACM 4TH INTERNATIONAL WORKSHOP ON RAPID CONTINUOUS SOFTWARE ENGINEERING (RCOSE), pp. 16โ€“22.

By: A. Rahman n, A. Partho, P. Morrison n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: challenge; configuration as code; continuous deployment; devops; infrastructure as code; programming; puppet; question; stack over-flow
Source: Web Of Science
Added: January 21, 2019

2017 article

Highlights of the ACM Student Research Competition

Williams, L., & Baldwin, D. (2017, November). COMMUNICATIONS OF THE ACM, Vol. 60, pp. 5โ€“5.

By: L. Williams n & D. Baldwin*

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: August 6, 2018

2017 journal article

Identifying the implied: Findings from three differentiated replications on the use of security requirements templates

EMPIRICAL SOFTWARE ENGINEERING, 22(4), 2127โ€“2178.

By: M. Riaz n, J. King nโ€‰, J. Slankas n, L. Williams n, F. Massacciโ€‰*, C. Quesada-Lopez*, M. Jenkins*

co-author countries: Costa Rica ๐Ÿ‡จ๐Ÿ‡ท Italy ๐Ÿ‡ฎ๐Ÿ‡น United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Security requirements; Controlled experiment; Replication; Requirements engineering; Templates; Patterns; Automation
Sources: Web Of Science, ORCID
Added: August 6, 2018

2017 journal article

TMAP: Discovering relevant API methods through text mining of API documentation

Journal of Software: Evolution and Process, 29(12), e1845.

By: R. Pandita n, R. Jetley*, S. Sudarsanโ€‰*, T. Menzies nโ€‰ & L. Williams n

co-author countries: India ๐Ÿ‡ฎ๐Ÿ‡ณ United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: API documents; API mappings; text mining
Sources: Crossref, ORCID
Added: February 24, 2020

2017 article

The Rising Tide Lifts All Boats: The Advancement of Science in Cyber Security (Invited Talk)

ESEC/FSE 2017: PROCEEDINGS OF THE 2017 11TH JOINT MEETING ON FOUNDATIONS OF SOFTWARE ENGINEERING, pp. 1โ€“1.

By: L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Systems security; Software and application security; Human and societal aspects of security and privacy; Trust frameworks
Source: Web Of Science
Added: August 6, 2018

2017 journal article

The Top 10 Adages in Continuous Deployment

IEEE SOFTWARE, 34(3), 86โ€“95.

By: C. Parnin n, E. Helms*, C. Atlee, H. Boughton, M. Ghattas*, A. Glover*, J. Holman, J. Micco* ...

co-author countries: Canada ๐Ÿ‡จ๐Ÿ‡ฆ Spain ๐Ÿ‡ช๐Ÿ‡ธ United Kingdom of Great Britain and Northern Ireland ๐Ÿ‡ฌ๐Ÿ‡ง Israel ๐Ÿ‡ฎ๐Ÿ‡ฑ United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: August 6, 2018

2017 journal article

To log, or not to log: using heuristics to identify mandatory log events - a controlled experiment

EMPIRICAL SOFTWARE ENGINEERING, 22(5), 2684โ€“2717.

By: J. King nโ€‰, J. Stallings n, M. Riaz n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Logging; User activity logs; Security; Controlled experiment; User study; Mandatory log events
Sources: Web Of Science, ORCID
Added: August 6, 2018

2017 journal article

Twist-3 Distribution Amplitudes of Pion in the Light-Front Quark Model

Few-Body Systems, 58(2).

By: H. Choiโ€‰* & C. Ji nโ€‰

co-author countries: Korea (Republic of) ๐Ÿ‡ฐ๐Ÿ‡ท United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Sources: Web Of Science, Crossref, ORCID
Added: August 6, 2018

2016 conference paper

ICON: Inferring temporal constraints from natural language API descriptions

32nd ieee international conference on software maintenance and evolution (icsme 2016), 378โ€“388.

By: R. Pandita, K. Taneja, T. Tung & L. Williams

Source: NC State University Libraries
Added: August 6, 2018

2016 article

NANE: Identifying Misuse Cases Using Temporal Norm Enactments

2016 IEEE 24TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE), pp. 136โ€“145.

By: O. Kafali n, M. Singh*โ€‰ & L. Williams*

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ

Contributors: L. Williams*, O. Kafali n & M. Singh*โ€‰

author keywords: Security requirements; sociotechnical systems
Sources: Web Of Science, ORCID
Added: August 6, 2018

2016 article

Software Security in DevOps: Synthesizing Practitioners' Perceptions and Practices

INTERNATIONAL WORKSHOP ON CONTINUOUS SOFTWARE EVOLUTION AND DELIVERY, CSED 2016, pp. 70โ€“76.

By: A. Rahman n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: DevOps; security; software practices; survey
Source: Web Of Science
Added: August 6, 2018

2016 journal article

Stack traces reveal attack surfaces

Perspectives on Data Science for Software Engineering, 73โ€“76.

By: C. Theisen & L. Williams

Source: NC State University Libraries
Added: August 6, 2018

2016 journal article

Towards characterization of photo-excited electron transfer and catalysis in natural and artificial systems using XFELs

FARADAY DISCUSSIONS, 194, 621โ€“638.

co-author countries: China ๐Ÿ‡จ๐Ÿ‡ณ Germany ๐Ÿ‡ฉ๐Ÿ‡ช Japan ๐Ÿ‡ฏ๐Ÿ‡ต Sweden ๐Ÿ‡ธ๐Ÿ‡ช United States of America ๐Ÿ‡บ๐Ÿ‡ธ
MeSH headings : Catalysis; Crystallography, X-Ray; Electrons; Lasers; X-Rays
Sources: Web Of Science, ORCID
Added: August 6, 2018

2016 conference paper

Tutorial: text analytics for security

Symposium and Bootcamp on the Science of Security, 124โ€“125.

By: T. Xie & W. Enck

Source: NC State University Libraries
Added: August 6, 2018

2016 conference paper

systematically developing prevention, detection, and response patterns for security requirements

2016 IEEE 24th International Requirements Engineering Conference Workshops (REW), 62โ€“67.

Source: NC State University Libraries
Added: August 6, 2018

2015 conference paper

Discovering likely mappings between APIs using text mining

Ieee international working conference on source code analysis and, 231โ€“240.

By: R. Pandita n, R. Jetley*, S. Sudarsanโ€‰* & L. Williams n

co-author countries: India ๐Ÿ‡ฎ๐Ÿ‡ณ United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: NC State University Libraries
Added: August 6, 2018

2015 journal article

How have we evaluated software pattern application? A systematic mapping study of research design practices

INFORMATION AND SOFTWARE TECHNOLOGY, 65, 14โ€“38.

By: M. Riaz n, T. Breaux* & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Software pattern; Mapping study; Systematic review; Empirical evaluation; Empirical design
Source: Web Of Science
Added: August 6, 2018

2015 article

Synthesizing Continuous Deployment Practices Used in Software Development

2015 AGILE CONFERENCE, pp. 1โ€“10.

By: A. Ur Rahman, E. Helms n, L. Williams n & C. Parnin n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: agile; continuous deployment; continuous delivery; industry practices; internet artifacts; follow-up inquiries
Source: Web Of Science
Added: August 6, 2018

2014 chapter

Agile Software Development in Practice

In Lecture Notes in Business Information Processing (pp. 32โ€“45).

By: M. Doyle*, L. Williams n, M. Cohn & K. Rubin

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Crossref
Added: January 5, 2021

2014 conference paper

Hidden in plain sight: Automatically identifying security requirements from natural language artifacts

2014 ieee 22nd international requirements engineering conference (re), 183โ€“192.

By: M. Riaz n, J. King nโ€‰, J. Slankas n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Sources: NC State University Libraries, ORCID
Added: August 6, 2018

2014 article

On Coverage-Based Attack Profiles

2014 IEEE EIGHTH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY - COMPANION (SERE-C 2014), pp. 5โ€“6.

By: A. Rivers n, M. Vouk n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: security; coverage; models; attack; profile
Source: Web Of Science
Added: August 6, 2018

2014 conference paper

Towards a framework to measure security expertise in requirements analysis

2014 IEEE 1st Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), 13โ€“18.

By: H. Hibshi*, T. Breaux, M. Riaz n & L. Williams n

co-author countries: Saudi Arabia ๐Ÿ‡ธ๐Ÿ‡ฆ United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: NC State University Libraries
Added: August 6, 2018

2013 journal article

A comparison of the efficiency and effectiveness of vulnerability discovery techniques

INFORMATION AND SOFTWARE TECHNOLOGY, 55(7), 1279โ€“1288.

By: A. Austin n, C. Holmgreen n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Security; Vulnerability; Static analysis; Penetration testing; Black box testing; White box testing
Source: Web Of Science
Added: August 6, 2018

2013 article

Access Control Policy Extraction from Unconstrained Natural Language Text

2013 ASE/IEEE INTERNATIONAL CONFERENCE ON SOCIAL COMPUTING (SOCIALCOM), pp. 435โ€“440.

By: J. Slankas n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: access control; documentation; machine learning; natural language processing; relation extraction; security
Source: Web Of Science
Added: August 6, 2018

2013 conference paper

Automated extraction of non-functional requirements in available documentation

2013 1st International Workshop on Natural Language Analysis in Software Engineering (NaturaLiSE), 9โ€“16.

By: J. Slankas n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: NC State University Libraries
Added: August 6, 2018

2013 journal article

Can traditional fault prediction models be used for vulnerability prediction?

EMPIRICAL SOFTWARE ENGINEERING, 18(1), 25โ€“59.

By: Y. Shin* & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Software metrics; Complexity metrics; Fault prediction; Vulnerability prediction; Open source project; Automated text classification
Source: Web Of Science
Added: August 6, 2018

2013 conference paper

Non-operational testing of software for security issues

2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), 21โ€“22.

By: S. Subramani n, M. Vouk n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: NC State University Libraries
Added: August 6, 2018

2013 article

Proposing Regulatory-Driven Automated Test Suites

2013 AGILE CONFERENCE (AGILE), pp. 11โ€“21.

By: P. Morrison n, C. Holmgreen n, A. Massey n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Behavior-Driven-Development; Healthcare IT; Regulatory Compliance; Security; Software Engineering; Software Testing
Source: Web Of Science
Added: August 6, 2018

2013 conference paper

Proposing regulatory-driven automated test suites for electronic health record systems

2013 5th international workshop on software engineering in health care (sehc), 46โ€“49.

By: P. Morrison n, C. Holmgreen n, A. Massey n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: NC State University Libraries
Added: August 6, 2018

2013 journal article

Towards the prioritization of system test cases

Software Testing, Verification and Reliability, 24(4), 320โ€“337.

By: H. Srikanth*, S. Banerjeeโ€‰*, L. Williams n & J. Osborne n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: software testing and reliability; software quality; software quality; system-level testing
Sources: Web Of Science, Crossref
Added: August 6, 2018

2012 journal article

Validating Software Metrics: A Spectrum of Philosophies

ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 21(4).

By: A. Meneelyโ€‰ n, B. Smithโ€‰ n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Measurement; Theory; Software metrics; validation criterion; systematic literature review
Source: Web Of Science
Added: August 6, 2018

2012 journal article

What Agile Teams Think of Agile Principles

COMMUNICATIONS OF THE ACM, 55(4), 71โ€“76.

By: L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: August 6, 2018

2011 review

A systematic literature review of actionable alert identification techniques for automated static code analysis

[Review of ]. INFORMATION AND SOFTWARE TECHNOLOGY, 53(4), 363โ€“387.

By: S. Heckmanโ€‰ n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Automated static analysis; Systematic literature review; Actionable alert identification; Unactionable alert mitigation; Warning prioritization; Actionable alert prediction
Source: Web Of Science
Added: August 6, 2018

2011 conference paper

Socio-technical developer networks: Should we trust our measurements?

2011 33rd International Conference on Software Engineering (ICSE), 281โ€“290.

By: A. Meneely n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: NC State University Libraries
Added: August 6, 2018

2010 journal article

Agile software development methodologies and practices

Advances in Computers, Vol 80, 80, 1โ€“44.

By: L. Williams

Source: NC State University Libraries
Added: August 6, 2018

2010 article

Guest editorial: Special issue on software reliability engineering

Williams, L. (2010, August). EMPIRICAL SOFTWARE ENGINEERING, Vol. 15, pp. 321โ€“322.

By: L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: August 6, 2018

2010 chapter

Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks

In F. Massacci, D. Wallach, & N. Zannone (Eds.), Engineering Secure Software and Systems. ESSoS 2010 (pp. 192โ€“200).

By: B. Smithโ€‰ n, L. Williams n & A. Austinโ€‰ n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ

Ed(s): F. Massacci, D. Wallach & N. Zannone

Source: Crossref
Added: August 14, 2021

2010 conference paper

Idea: Using system level testing for revealing SQL injection-related error message information leaks

Engineering secure software and systems, proceedings, 5965, 192โ€“200.

By: B. Smith, L. Williams & A. Austin

Source: NC State University Libraries
Added: August 6, 2018

2010 journal article

Protection Poker: The New Software Security "Game"

IEEE SECURITY & PRIVACY, 8(3), 14โ€“20.

By: L. Williams n, A. Meneelyโ€‰ n & G. Shipley*

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: August 6, 2018

2009 journal article

On automated prepared statement generation to remove SQL injection vulnerabilities

INFORMATION AND SOFTWARE TECHNOLOGY, 51(3), 589โ€“598.

By: S. Thomas n, L. Williams n & T. Xie n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: SQL injection; Prepared statement; Fix automation
Source: Web Of Science
Added: August 6, 2018

2009 journal article

On guiding the augmentation of an automated test suite via mutation analysis

EMPIRICAL SOFTWARE ENGINEERING, 14(3), 341โ€“369.

By: B. Smithโ€‰ n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Mutation testing; Line coverage; Fault injection; Empirical effectiveness; Test case augmentation; Mutation analysis; Mutation testing tool; Statement coverage; Test adequacy; Web application; Open source; Unit testing
Source: Web Of Science
Added: August 6, 2018

2009 chapter

Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer

In F. Massacci, S. T. Redwine, & N. Zannone (Eds.), Engineering Secure Software and Systems. ESSoS 2009 (pp. 122โ€“134).

By: L. Williams n, M. Gegick n & A. Meneelyโ€‰ n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ

Ed(s): F. Massacci, S. Redwine & N. Zannone

Source: Crossref
Added: August 14, 2021

2009 conference paper

Secure open source collaboration: An empirical study of linus' law

CCS'09: Proceedings of the 16th ACM Conference on Computer and Communications Security, 453โ€“462.

By: A. Meneely n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: NC State University Libraries
Added: August 6, 2018

2009 journal article

Should software testers use mutation analysis to augment a test set?

JOURNAL OF SYSTEMS AND SOFTWARE, 82(11), 1819โ€“1832.

By: B. Smithโ€‰ n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: Mutation testing; Empirical effectiveness; User study; Mutation analysis; Test adequacy; Web application; Open source; Unit testing; Mutation testing tool
Source: Web Of Science
Added: August 6, 2018

2009 chapter

Toward Non-security Failures as a Predictor of Security Faults and Failures

In F. Massacci, S. T. Redwine, & N. Zannone (Eds.), Engineering Secure Software and Systems. ESSoS 2009. (pp. 135โ€“149).

By: M. Gegick n, P. Rotella* & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ

Ed(s): F. Massacci, S. Redwine & N. Zannone

Source: Crossref
Added: August 14, 2021

2008 journal article

Addressing diverse needs through a balance of agile and plan-driven software development methodologies in the core software engineering course

International Journal of Engineering Education, 24(4), 659โ€“670.

By: L. Layman, L. Williams, K. Slaten, S. Berenson & M. Vouk

Source: NC State University Libraries
Added: August 6, 2018

2008 journal article

Realizing quality improvement through test driven development: results and experiences of four industrial teams

EMPIRICAL SOFTWARE ENGINEERING, 13(3), 289โ€“302.

By: N. Nagappan*, E. Maximilien*, T. Bhat* & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: test driven development; empirical study; defects/faults; development time
Source: Web Of Science
Added: August 6, 2018

2007 chapter

Industry-Research Collaboration Working Group Results

In V. R. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl, & R. W. Selby (Eds.), Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 153โ€“157).

By: L. Prechelt & L. Williams*

Ed(s): V. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl & R. Selby

Source: Crossref
Added: September 18, 2021

2007 journal article

On the design of more secure software-intensive systems by use of attack patterns

INFORMATION AND SOFTWARE TECHNOLOGY, 49(4), 381โ€“397.

By: M. Gegick n & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: software and system safety; patterns
Source: Web Of Science
Added: August 6, 2018

2007 chapter

Roadmapping Working Group 4 Results

In V. R. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl, & R. W. Selby (Eds.), Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 181โ€“183).

By: L. Williams*, H. Erdogmus & R. Selby

Ed(s): V. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl & R. Selby

Source: Crossref
Added: September 18, 2021

2007 chapter

Structuring Families of Industrial Case Studies

In V. R. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl, & R. W. Selby (Eds.), Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 134โ€“134).

By: L. Williams*

Ed(s): V. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl & R. Selby

Source: Crossref
Added: August 14, 2021

2006 journal article

Essential communication practices for Extreme Programming in a global software development team

INFORMATION AND SOFTWARE TECHNOLOGY, 48(9), 781โ€“794.

By: L. Laymanโ€‰ n, L. Williams n, D. Damian* & H. Bures*

co-author countries: Canada ๐Ÿ‡จ๐Ÿ‡ฆ United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: global software development; Extreme Programming; case study
Source: Web Of Science
Added: August 6, 2018

2006 article

Motivations and measurements in an agile case study

Layman, L., Williams, L., & Cunningham, L. (2006, November). JOURNAL OF SYSTEMS ARCHITECTURE, Vol. 52, pp. 654โ€“667.

By: L. Layman n, L. Williams n & L. Cunningham*

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: software engineering; case study; agile software development; extreme programming
Source: Web Of Science
Added: August 6, 2018

2006 journal article

On the value of static analysis for fault detection in software

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 32(4), 240โ€“253.

By: J. Zheng n, L. Williams n, N. Nagappanโ€‰*, W. Snipes, J. Hudepohl & M. Vouk n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: code inspections; walkthroughs
Source: Web Of Science
Added: August 6, 2018

2004 article

A structured experiment of test-driven development

George, B., & Williams, L. (2004, April 15). INFORMATION AND SOFTWARE TECHNOLOGY, Vol. 46, pp. 337โ€“342.

By: B. George* & L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
author keywords: software engineering; test driven development; extreme programming; agile methodologies
Source: Web Of Science
Added: August 6, 2018

2004 conference paper

On understanding compatibility of student pair programmers

Proceedings of the 35th SIGCSE technical symposium on Computer science education - SIGCSE '04. Presented at the the 35th SIGCSE technical symposium.

By: N. Katira n, L. Williams n, E. Wiebe nโ€‰, C. Miller n, S. Balik n & E. Gehringer nโ€‰

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ

Event: the 35th SIGCSE technical symposium

Sources: NC State University Libraries, Crossref, ORCID
Added: August 6, 2018

2003 chapter

Pair learning: With an eye toward future success

In Extreme programming and agile methods: XP/Agile Universe 2003: Third XP Agile Universe Conference, New Orleans, LA, USA, August 10-13, 2003 (Vol. 2753, pp. 185โ€“198).

By: N. Nagappan n, L. Williams n, E. Wiebe nโ€‰, C. Miller n, S. Balik n, M. Ferzli n, J. Petlick n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Sources: NC State University Libraries, ORCID
Added: August 6, 2018

2003 journal article

The Economics of Software Development by Pair Programmers

The Engineering Economist, 48(4), 283โ€“319.

By: H. Erdogmus & L. Williams*

Source: Crossref
Added: September 18, 2021

2003 article

The XP programmer: The few-minutes programmer

IEEE SOFTWARE, Vol. 20, pp. 16โ€“20.

By: L. Williams n

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: August 6, 2018

2002 report

Distributed Pair Programming: Empirical Studies and Supporting Environments

(pp. TR02โ€“010). Chapel Hill, NC: Dept. of Computer Science, University of North Carolina.

By: P. Baheti, L. Williams, E. Gehringerโ€‰, D. Stotts & J. Smith

Source: NC State University Libraries
Added: August 6, 2018

2002 book

Extreme programming and agile methods XP/Agile Universe 2002 : Second XP Universe and First Agile Universe Conference, Chicago, IL, USA, August 4-7, 2002 : proceedings

Berlin ;|aNew York: Springer.

Source: NC State University Libraries
Added: August 6, 2018

2002 journal article

In support of paired programming in the introductory computer science course

Computer Science Education, 12(3), 197โ€“212.

By: L. Williams*, E. Wiebe*โ€‰, K. Yang*, M. Ferzli* & C. Miller*

Sources: NC State University Libraries, ORCID
Added: August 6, 2018

2002 journal article

Integrating Agile Practices into Software Engineering Courses

Computer Science Education, 12(3), 169โ€“185.

By: G. Hislop, M. Lutz, J. Naveda, W. McCracken, N. Mead & L. Williams*

Source: Crossref
Added: September 18, 2021

2002 personal communication

Letters - Try it, you'll like it

By: L. Williams

Source: NC State University Libraries
Added: August 6, 2018

2002 conference paper

Pair programming in an introductory computer science course: Initial results and recommendations

OOPSLA 2002: 17th ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications : conference proceedings: November 4-8, 2002, Washington State Convention and Trade Center, Seattle, Washington, USA. New York, NY: ACM Press.

By: L. Williams, K. Yang, E. Wiebeโ€‰, M. Ferzli & C. Miller

Source: NC State University Libraries
Added: August 6, 2018

2002 article

Teaching PSP: Challenges and lessons learned

IEEE SOFTWARE, Vol. 19, pp. 42-+.

By: J. Borstlerโ€‰*, D. Carrington, G. Hislop, S. Lisack, K. Olson & L. Williams*

co-author countries: Sweden ๐Ÿ‡ธ๐Ÿ‡ช
Source: Web Of Science
Added: August 6, 2018

2001 journal article

Experiments with Industry's โ€œPair-Programmingโ€ Model in the Computer Science Classroom

Computer Science Education, 11(1), 7โ€“20.

By: L. Williams* & R. Kessler

Source: Crossref
Added: September 18, 2021

2000 journal article

Strengthening the case for pair programming

IEEE SOFTWARE, 17(4), 19-+.

By: L. Williams n, R. Kessler*, W. Cunningham & R. Jeffries

co-author countries: United States of America ๐Ÿ‡บ๐Ÿ‡ธ
Source: Web Of Science
Added: August 6, 2018