Is this your profile?
Claim your Citation Index profile in order to display more information about you and gain access to Libraries services. Just create or connect your ORCID iD.
Create or connect your ORCID iD
Works (110)
Updated: April 26th, 2024 09:58
2024 journal article
Narrowing the Software Supply Chain Attack Vectors: The SSDF Is Wonderful but not Enough
IEEE SECURITY & PRIVACY, 22(2), 4–7.
Source: Web Of Science
Added: April 22, 2024
2023 review
Are Your Dependencies Code Reviewed?: Measuring Code Review Coverage in Dependency Updates
[Review of ]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 49(11), 4932–4945.
author keywords: Codes; Phantoms; Software; Software development management; Source coding; Security; Supply chains; Software supply chain security; open source security; dependency analysis
TL;DR:
Depdive, an update audit tool for packages in Crates.io, npm, PyPI, and RubyGems registry, is implemented and it is found that phantom artifacts are not uncommon in the updates, indicating that even the most used packages can introduce non-reviewed code in the software supply chain.
(via Semantic Scholar)
arxiv.org (repository)
Source: Web Of Science
Added: December 18, 2023
2023 article
Do Software Security Practices Yield Fewer Vulnerabilities?
2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE, ICSE-SEIP, pp. 292–303.
TL;DR:
Five supervised machine learning models for npm and PyPI packages were developed using the OpenSSF Scorecard security practices scores and aggregate security scores as predictors and the number of externally-reported vulnerabilities as a target variable, finding that four security practices were the most important practices influencing vulnerability count.
(via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries
Added: August 21, 2023
2023 journal article
Open or Sneaky? Fast or Slow? Light or Heavy?: Investigating Security Releases of Open Source Packages
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 49(4), 1540–1560.
author keywords: Security; Codes; Delays; Ecosystems; Databases; Semantics; Supply chains; Empirical study; open source security; supply chain security
TL;DR:
The time lag between fix and release, how security fixes are documented in the release notes; code change characteristics (size and semantic versioning) of the release; and the time lagBetween the release and an advisory publication for security releases are studied over a dataset of 4,377 security advisories across seven package ecosystems.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
10. Reduced Inequalities
(OpenAlex)
Source: Web Of Science
Added: May 30, 2023
2023 journal article
OpenSSF Scorecard: On the Path Toward Ecosystem-Wide Automated Security Metrics
IEEE SECURITY & PRIVACY, 21(6), 76–88.
author keywords: Security; Software measurement; Software development management; Open source software; Ecosystems; Task analysis; Standards
TL;DR:
This study evaluates the applicability of the Scorecard tool and compares the security practices and gaps in the npm and PyPI ecosystems.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
15. Life on Land
(OpenAlex)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: February 11, 2024
2023 article
SecretBench: A Dataset of Software Secrets
2023 IEEE/ACM 20TH INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES, MSR, pp. 347–351.
TL;DR:
The goal of this paper is to aid researchers and tool developers in evaluating and improving secret detection tools by curating a benchmark dataset of secrets through a systematic collection of secrets from open-source repositories.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
3. Good Health and Well-being
(Web of Science)
Source: Web Of Science
Added: September 5, 2023
2023 article
Software Supply Chain Security
Massacci, F., & Williams, L. (2023, November). IEEE SECURITY & PRIVACY, Vol. 21, pp. 8–10.
author keywords: Special issues and sections; Computer security; Supply chain management; Software
Source: Web Of Science
Added: February 26, 2024
2023 journal article
What Are the Attackers Doing Now? Automating Cyberthreat Intelligence Extraction from Text on Pace with the Changing Threat Landscape: A Survey
ACM COMPUTING SURVEYS, 55(12).
author keywords: Cyberthreat intelligence; CTI extraction; CTI mining; IoC extraction; TTPs; extraction; attack pattern extraction; threat reports; tactical threat intelligence; technical threat intelligence
TL;DR:
The goal of this article is to aid cybersecurity researchers in understanding the current techniques used for cyberthreat intelligence extraction from text through a survey of relevant studies in the literature, finding 11 types of extraction purposes and 7 types of textual sources for CTI extraction.
(via Semantic Scholar)
Source: Web Of Science
Added: April 24, 2023
2023 article
What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts?
2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ICSE, pp. 1635–1647.
TL;DR:
The findings indicate that the same solution has been mentioned to mitigate multiple challenges, and an increasing trend in questions lacking accepted solutions substantiating the need for future research and tool automation on managing secrets.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
3. Good Health and Well-being
(Web of Science)
Source: Web Of Science
Added: September 5, 2023
2022 article
Dazzle: Using Optimized Generative Adversarial Networks to Address Security Data Class Imbalance Issue
2022 MINING SOFTWARE REPOSITORIES CONFERENCE (MSR 2022), pp. 144–155.
author keywords: Security Vulnerability Prediction; Class Imbalance; Hyperparameter Optimization; Generative Adversarial Networks
TL;DR:
The use of optimized GANs are suggested as an alternative method for security vulnerability data class imbalanced issues and further help build better prediction models with resampled datasets.
(via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries
Added: September 19, 2022
2022 journal article
Do I really need all this work to find vulnerabilities? An empirical case study comparing vulnerability detection techniques on a Java application
EMPIRICAL SOFTWARE ENGINEERING, 27(6).
author keywords: Vulnerability Management; Web Application Security; Penetration Testing; Vulnerability Scanners
TL;DR:
The goal of this research is to assist managers and other decision-makers in making informed choices about the use of software vulnerability detection techniques through an empirical study of the efficiency and effectiveness of four techniques on a Java-based web application.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
3. Good Health and Well-being
(Web of Science)
16. Peace, Justice and Strong Institutions
(OpenAlex)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 22, 2022
2022 article
Exploring the Shift in Security Responsibility
Weir, C., Migues, S., & Williams, L. (2022, March 9). IEEE SECURITY & PRIVACY.
author keywords: Security; Software; Companies; Satellites; Standards organizations; Data models; Training
Source: Web Of Science
Added: March 28, 2022
2022 journal article
Feature toggles as code: Heuristics and metrics for structuring feature toggles
INFORMATION AND SOFTWARE TECHNOLOGY, 145.
author keywords: Feature toggle; Continuous integration; Continuous development; Open source repository; Heuristic; Metric
TL;DR:
This research proposes 7 heuristics to guide structuring feature toggles in the codebase by proposing and evaluating a set of heuristics and corresponding complexity, comprehensibility, and maintainability metrics based upon an empirical study of open source repositories.
(via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: May 2, 2022
2022 journal article
Omni: automated ensemble with unexpected models against adversarial evasion attack
EMPIRICAL SOFTWARE ENGINEERING, 27(1).
author keywords: Hyperparameter optimization; Ensemble defense; Adversarial evasion attack
TL;DR:
Omni is a promising approach as a defense strategy against adversarial attacks when compared with other baseline treatments, and it is suggested to create ensemble with unexpected models that are distant from the attacker’s expected model through methods such as hyperparameter optimization.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions
(OpenAlex)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: December 6, 2021
2022 journal article
Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations
IEEE SECURITY & PRIVACY, 20(2), 96–100.
TL;DR:
Three summits are held with a diverse set of organizations and the top five challenges in software supply chain security are reported on.
(via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: May 31, 2022
2022 article
What are Weak Links in the npm Supply Chain?
2022 ACM/IEEE 44TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE (ICSE-SEIP 2022), pp. 331–340.
author keywords: Software Ecosystem; Supply Chain Security; npm; Weak link Signal
TL;DR:
The metadata of 1.63 million JavaScript npm packages was analyzed and six signals of security weaknesses in a software supply chain, such as the presence of install scripts, maintainer accounts associated with an expired email domain, and inactive packages with inactive maintainers were proposed.
(via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: September 19, 2022
2022 article
What are the Practices for Secret Management in Software Artifacts?
2022 IEEE SECURE DEVELOPMENT CONFERENCE (SECDEV 2022), pp. 69–76.
author keywords: secret management; practices; empirical study; grey literature; secure development
TL;DR:
The goal of this paper is to aid practitioners in avoiding the exposure of secrets by identifying secret management practices in software artifacts through a systematic derivation of practices disseminated in Internet artifacts.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
3. Good Health and Well-being
(Web of Science)
Source: Web Of Science
Added: February 20, 2023
2022 journal article
Why secret detection tools are not enough: It's not just about false positives-An industrial case study
EMPIRICAL SOFTWARE ENGINEERING, 27(3).
author keywords: Secret detection tool; Hardcoded secrets; Secrets in repositories; Credentials in repositories
TL;DR:
It is found that, despite developers classified 50% of the warning as false positive, developers also bypassed the warning due to time constraints, working with non-shipping projects, technical challenges of eliminating secrets completely from the version control history, technical debts, and perceptions that check-ins are low risk.
(via Semantic Scholar)
Source: Web Of Science
Added: April 4, 2022
2021 journal article
Different Kind of Smells: Security Smells in Infrastructure as Code Scripts
IEEE SECURITY & PRIVACY, 19(3), 33–41.
TL;DR:
This article summarizes the recent research findings related to infrastructure as code (IaC) scripts, where 67,801 occurrences of security smells that include 9,175 hard-coded passwords are identified.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure
(OpenAlex)
Source: Web Of Science
Added: June 10, 2021
2021 journal article
How to Better Distinguish Security Bug Reports (Using Dual Hyperparameter Optimization)
EMPIRICAL SOFTWARE ENGINEERING, 26(3).
author keywords: Hyperparameter Optimization; Data pre-processing; Security bug report
TL;DR:
The SWIFT’s dual optimization of both pre-processor and learner is more useful than optimizing each of them individually, and this approach can quickly optimize models that achieve better recalls than the prior state-of-the-art.
(via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: May 3, 2021
2021 journal article
Improving Vulnerability Inspection Efficiency Using Active Learning
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 47(11), 2401–2420.
author keywords: Inspection; Software; Tools; Security; Predictive models; Error correction; NIST; Active learning; security; vulnerabilities; software engineering; error correction
TL;DR:
HARMLESS is an incremental support vector machine tool that builds a vulnerability prediction model from the source code inspected to date, then suggests what source code files should be inspected next, then provides feedback on when to stop.
(via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: November 12, 2021
2021 article
Infiltrating Security into Development: Exploring the World' Largest Software Security Study
PROCEEDINGS OF THE 29TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE '21), pp. 1326–1336.
author keywords: Software engineering; Software security; Developer centered security; Software security group; Secure software development lifecycle; SDLC; DevSecOps
Source: Web Of Science
Added: March 7, 2022
2021 journal article
Security Smells in Ansible and Chef Scripts: A Replication Study
ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 30(1).
TL;DR:
This article identifies two security smells not reported in prior work: missing default in case statement and no integrity check and recommends practitioners to rigorously inspect the presence of the identified security smells in Ansible and Chef scripts using code review, and static analysis tools.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure
(OpenAlex)
Source: Web Of Science
Added: March 8, 2021
2021 journal article
Software development with feature toggles: practices used by practitioners
EMPIRICAL SOFTWARE ENGINEERING, 26(1).
author keywords: Continuous integration; Continuous delivery; Feature toggle; Practice
TL;DR:
The feature toggle development practices discovered and enumerated in this work can help practitioners more effectively use feature toggles and can enable future mining of code repositories to automatically identify feature toggle practices.
(via Semantic Scholar)
Source: Web Of Science
Added: February 8, 2021
2021 article
Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard
2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: JOINT TRACK ON SOFTWARE ENGINEERING EDUCATION AND TRAINING (ICSE-JSEET 2021), pp. 95–104.
author keywords: Security and Protection; Computer and Information Science Education; Industry-Standards
TL;DR:
A theme of the course assignments was to map vulnerability discovery to the security controls of the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS), and this mapping may have increased students' depth of understanding of a wider range of security topics.
(via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: November 1, 2021
2020 article
A Literature Review on Mining Cyberthreat Intelligence from Unstructured Texts
20TH IEEE INTERNATIONAL CONFERENCE ON DATA MINING WORKSHOPS (ICDMW 2020), pp. 516–525.
TL;DR:
It is found that the most prominent sources of unstructured threat data are the threat reports, Twitter feeds, and posts from hackers and security experts, and natural language processing (NLP) based approaches: topic classification; keyword identification; and semantic relationship extraction among the keywords are mostly availed in the selected studies to mine CTI information from un Structured threat sources.
(via Semantic Scholar)
Source: Web Of Science
Added: July 12, 2021
2020 journal article
Better together: Comparing vulnerability prediction models
INFORMATION AND SOFTWARE TECHNOLOGY, 119.
author keywords: Security; Vulnerabilities; Prediction model; Software engineering
TL;DR:
This paper compares VPMs on Mozilla Firefox with 28,750 source code files featuring 271 vulnerabilities using software metrics, text mining, and crash data to help security practitioners and researchers choose appropriate features for vulnerability prediction through a comparison of Vulnerability Prediction Models.
(via Semantic Scholar)
Source: Web Of Science
Added: March 2, 2020
2020 article
Gang of Eight: A Defect Taxonomy for Infrastructure as Code Scripts
2020 ACM/IEEE 42ND INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2020), pp. 752–764.
author keywords: bug; category; configuration as code; configuration scripts; defect; devops; infrastructure as code; puppet; software quality; taxonomy
TL;DR:
A taxonomy of IaC defects is developed by applying qualitative analysis on 1,448 defect-related commits collected from open source software (OSS) repositories of the Openstack organization and the quantified frequency of the defect categories may help in advancing the science of IAC script quality.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure
(OpenAlex)
Source: Web Of Science
Added: June 21, 2021
2020 journal article
The 'as code' activities: development anti-patterns for infrastructure as code
EMPIRICAL SOFTWARE ENGINEERING, 25(5), 3430–3467.
author keywords: Anti-pattern; Bugs; Configuration script; Continuous deployment; Defect; Devops; Infrastructure as code; Practice; Puppet; Quality
TL;DR:
Five development anti-patterns of infrastructure as code (IaC) scripts, namely, ‘boss is not around’, “many cooks spoil”, � ‘minors are spoiler‚, ’silos‚ and ‘unfocused contribution’ are identified.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure
(OpenAlex)
Source: Web Of Science
Added: September 7, 2020
2019 journal article
A systematic mapping study of infrastructure as code research
INFORMATION AND SOFTWARE TECHNOLOGY, 108, 65–77.
author keywords: Devops; Configuration as code; Configuration script; Continuous deployment; Infrastructure as code; Software engineering; Systematic mapping study
TL;DR:
The findings suggest that framework or tools is a well-studied topic in IaC research, as defects and security flaws can have serious consequences for the deployment and development environments in DevOps.
(via Semantic Scholar)
Source: Web Of Science
Added: March 11, 2019
2019 article
How Do Developers Act on Static Analysis Alerts? An Empirical Study of Coverity Usage
2019 IEEE 30TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE), pp. 323–333.
author keywords: static analysis; tools; alerts; warnings; developer action
TL;DR:
The goal of this paper is to aid researchers and tool makers in improving the utility of static analysis tools through an empirical study of developer action on the alerts detected by Coverity, a state-of-the-art static analysis tool.
(via Semantic Scholar)
Source: Web Of Science
Added: July 13, 2020
2019 article
Share, But Be Aware: Security Smells in Python Gists
2019 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE AND EVOLUTION (ICSME 2019), pp. 536–540.
author keywords: GitHub; Gist; Python; Security; Security Smell; Static Analysis; Software Security
TL;DR:
This paper finds 13 types of security smells with 4,403 occurrences in 5,822 publicly-available Python Gists and finds no significance relation between the presence of these security smells and the reputation of the Gist author.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions
(OpenAlex)
Source: Web Of Science
Added: April 14, 2020
2019 journal article
Source code properties of defective infrastructure as code scripts
INFORMATION AND SOFTWARE TECHNOLOGY, 112, 148–163.
author keywords: Configuration as code; Continuous deployment; Defect prediction; Devops; Empirical study; Infrastructure as code; Puppet
TL;DR:
This paper applies qualitative analysis on defect-related commits mined from open source software repositories to identify source code properties that correlate with defective IaC scripts and constructs defect prediction models using the identified properties.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure
(OpenAlex)
Source: Web Of Science
Added: June 17, 2019
2019 article
The Seven Sins: Security Smells in Infrastructure as Code Scripts
2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2019), pp. 164–175.
author keywords: devops; devsecops; empirical study; infrastructure as code; puppet; security; smell; static analysis
TL;DR:
The goal of this paper is to help practitioners avoid insecure coding practices while developing infrastructure as code (IaC) scripts through an empirical study of security smells in IaC scripts.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure
(OpenAlex)
Source: Web Of Science
Added: September 7, 2020
2018 article
Are Vulnerabilities Discovered and Resolved like Other Defects?
PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), pp. 498–498.
Source: Web Of Science
Added: January 21, 2019
2018 journal article
Are vulnerabilities discovered and resolved like other defects?
EMPIRICAL SOFTWARE ENGINEERING, 23(3), 1383–1421.
author keywords: Software development; Measurement; Process improvement; Security; Orthogonal Defect Classification (ODC)
TL;DR:
ODC + V was applied to classify 583 vulnerabilities and 583 defects across 133 releases of three open-source projects (Firefox, phpMyAdmin, and Chrome), indicating opportunities may exist for more efficient vulnerability detection and resolution.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2018 review
Attack surface definitions: A systematic literature review
[Review of ]. INFORMATION AND SOFTWARE TECHNOLOGY, 104, 94–103.
author keywords: Attack surface; Vulnerabilities; Software engineering; Systematic literature review
TL;DR:
This systematic literature review reviewed 644 works from prior literature that use the phrase attack surface and categorized them into those that provided their own definition; cited another definition; or expected the reader to intuitively understand the phrase.
(via Semantic Scholar)
Source: Web Of Science
Added: November 19, 2018
2018 article
Characterizing Defective Configuration Scripts Used for Continuous Deployment
2018 IEEE 11TH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION (ICST), pp. 34–45.
TL;DR:
This paper uses text mining techniques to extract text features from infrastructure as code (IaC) scripts and identifies three properties that characterize defective IaC scripts: filesystem operations, infrastructure provisioning, and managing user accounts.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure
(OpenAlex)
Source: Web Of Science
Added: August 6, 2018
2018 article
Continuously Integrating Security
2018 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SECURITY AWARENESS FROM DESIGN TO DEPLOYMENT (SEAD), pp. 1–2.
author keywords: Continuous deployment; software security; DevOps; DevSecOps
TL;DR:
This short paper will describe the practices and environment used by these companies as they strive to develop secure and privacy-preserving products while making ultra-fast changes.
(via Semantic Scholar)
Source: Web Of Science
Added: October 29, 2018
2018 article
Identifying Security Issues in Software Development: Are Keywords Enough?
PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING - COMPANION (ICSE-COMPANION, pp. 426–427.
author keywords: Security; vocabulary; classification model; CVE; Prediction
TL;DR:
The goal of this research is to support researchers and practitioners in identifying security issues in software development project artifacts by defining and evaluating a systematic scheme for identifying project-specific security vocabularies that can be used for keyword-based classification.
(via Semantic Scholar)
Source: Web Of Science
Added: December 3, 2018
2018 journal article
Mapping the field of software life cycle security metrics
INFORMATION AND SOFTWARE TECHNOLOGY, 102, 146–159.
author keywords: Metrics; Measurement; Security
TL;DR:
The field of software life cycle security metrics has yet to converge on an accepted set of metrics, and the most-cited and most used metric, vulnerability count, has multiple definitions and operationalizations.
(via Semantic Scholar)
Source: Web Of Science
Added: October 19, 2018
2018 article
Poster: Defect Prediction Metrics for Infrastructure as Code Scripts in DevOps
PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING - COMPANION (ICSE-COMPANION, pp. 414–415.
author keywords: Continuous Deployment; DevOps; Infrastructure as Code; Metrics
TL;DR:
The goal of this paper is to help software practitioners in prioritizing their inspection efforts for infrastructure as code (IaC) scripts by proposing defect prediction model-related metrics, and applies Constructivist Grounded Theory on defect-related commits mined from version control systems to identify metrics suitable for IaC scripts.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure
(OpenAlex)
Source: Web Of Science
Added: December 3, 2018
2018 article
What Questions Do Programmers Ask About Configuration as Code?
PROCEEDINGS 2018 IEEE/ACM 4TH INTERNATIONAL WORKSHOP ON RAPID CONTINUOUS SOFTWARE ENGINEERING (RCOSE), pp. 16–22.
author keywords: challenge; configuration as code; continuous deployment; devops; infrastructure as code; programming; puppet; question; stack over-flow
TL;DR:
This paper extracts 2,758 Puppet-related questions asked by programmers from January 2010 to December 2016, posted on Stack Overflow, and applies qualitative analysis to identify the questions programmers ask about Puppet.
(via Semantic Scholar)
Source: Web Of Science
Added: January 21, 2019
2017 article
Highlights of the ACM Student Research Competition
Williams, L., & Baldwin, D. (2017, November). COMMUNICATIONS OF THE ACM, Vol. 60, pp. 5–5.
Source: Web Of Science
Added: August 6, 2018
2017 journal article
Identifying the implied: Findings from three differentiated replications on the use of security requirements templates
EMPIRICAL SOFTWARE ENGINEERING, 22(4), 2127–2178.
author keywords: Security requirements; Controlled experiment; Replication; Requirements engineering; Templates; Patterns; Automation
TL;DR:
Qualitative findings indicate that participants may be able to differentiate between relevant and extraneous templates suggestions and be more inclined to fill in the templates with additional support, supporting the findings of the original study.
(via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 6, 2018
2017 journal article
TMAP: Discovering relevant API methods through text mining of API documentation
Journal of Software: Evolution and Process, 29(12), e1845.
author keywords: API documents; API mappings; text mining
TL;DR:
Text mining based approach (TMAP) is proposed to discover relevant API mappings using text mining on the natural language API method descriptions to support software developers in migrating an application from a source API to a target API by automatically discovering relevant method mappings.
(via Semantic Scholar)
Sources: Crossref, NC State University Libraries
Added: February 24, 2020
2017 article
The Rising Tide Lifts All Boats: The Advancement of Science in Cyber Security (Invited Talk)
ESEC/FSE 2017: PROCEEDINGS OF THE 2017 11TH JOINT MEETING ON FOUNDATIONS OF SOFTWARE ENGINEERING, pp. 1–1.
author keywords: Systems security; Software and application security; Human and societal aspects of security and privacy; Trust frameworks
TL;DR:
This talk will reflect on the structure of the collaborative research efforts of the Lablets, lessons learned in the transition to more scientific concepts to cybersecurity, research results in solving five hard security problems, and methods that are being used for the measurement of scientific progress of theLablet research.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
4. Quality Education
(Web of Science)
10. Reduced Inequalities
(Web of Science)
Source: Web Of Science
Added: August 6, 2018
2017 journal article
The Top 10 Adages in Continuous Deployment
IEEE SOFTWARE, 34(3), 86–95.
TL;DR:
To understand the emerging practices surrounding continuous deployment, researchers facilitated a one-day Continuous Deployment Summit at the Facebook campus in July 2015, at which participants from 10 companies described how they used continuous deployment.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2017 journal article
To log, or not to log: using heuristics to identify mandatory log events - a controlled experiment
EMPIRICAL SOFTWARE ENGINEERING, 22(5), 2684–2717.
author keywords: Logging; User activity logs; Security; Controlled experiment; User study; Mandatory log events
TL;DR:
The results indicate additional training and enforcement may be necessary to ensure subjects understand and consistently apply the assigned methods for identifying MLEs, as well as support security analysts in performing forensic analysis by evaluating the use of a heuristics-driven method for identifying mandatory log events.
(via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 6, 2018
2017 journal article
Twist-3 Distribution Amplitudes of Pion in the Light-Front Quark Model
Few-Body Systems, 58(2).
UN Sustainable Development Goal Categories
11. Sustainable Cities and Communities
(Web of Science)
Sources: Web Of Science, Crossref, NC State University Libraries
Added: August 6, 2018
2016 conference paper
ICON: Inferring temporal constraints from natural language API descriptions
32nd ieee international conference on software maintenance and evolution (icsme 2016), 378–388.
Source: NC State University Libraries
Added: August 6, 2018
2016 article
NANE: Identifying Misuse Cases Using Temporal Norm Enactments
2016 IEEE 24TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE), pp. 136–145.
Contributors: *, O. Kafali n & M. Singh*
author keywords: Security requirements; sociotechnical systems
TL;DR:
Nane is proposed, a formal framework for identifying misuse cases using a semiautomated process and it is demonstrated how Nane enables monitoring of potential misuses on a healthcare scenario.
(via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: August 6, 2018
2016 article
Software Security in DevOps: Synthesizing Practitioners' Perceptions and Practices
INTERNATIONAL WORKSHOP ON CONTINUOUS SOFTWARE EVOLUTION AND DELIVERY, CSED 2016, pp. 70–76.
author keywords: DevOps; security; software practices; survey
TL;DR:
The goal of this paper is to aid software practitioners in integrating security and DevOps by summarizing experiences in utilizing security practices in a DevOps environment by analyzing a selected set of Internet artifacts.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2016 journal article
Stack traces reveal attack surfaces
Perspectives on Data Science for Software Engineering, 73–76.
Source: NC State University Libraries
Added: August 6, 2018
2016 journal article
Towards characterization of photo-excited electron transfer and catalysis in natural and artificial systems using XFELs
FARADAY DISCUSSIONS, 194, 621–638.
MeSH headings : Catalysis; Crystallography, X-Ray; Electrons; Lasers; X-Rays
TL;DR:
This work has developed methodology for simultaneously collecting X-ray diffraction data andX-ray emission spectra, using an energy dispersive spectrometer, at ambient conditions, and used this approach to study the room temperature structure and intermediate states of the photosynthetic water oxidizing metallo-protein, photosystem II.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
3. Good Health and Well-being
(Web of Science)
Sources: Web Of Science, NC State University Libraries
Added: August 6, 2018
2016 conference paper
Tutorial: text analytics for security
Symposium and Bootcamp on the Science of Security, 124–125.
Source: NC State University Libraries
Added: August 6, 2018
2016 conference paper
systematically developing prevention, detection, and response patterns for security requirements
2016 IEEE 24th International Requirements Engineering Conference Workshops (REW), 62–67.
Source: NC State University Libraries
Added: August 6, 2018
2015 conference paper
Discovering likely mappings between APIs using text mining
Ieee international working conference on source code analysis and, 231–240.
TL;DR:
This paper proposes TMAP: Text Mining based approach to discover likely API mappings using the similarity in the textual description of the source and target API documents to address the shortcoming of manually writingAPI mappings.
(via Semantic Scholar)
Source: NC State University Libraries
Added: August 6, 2018
2015 journal article
How have we evaluated software pattern application? A systematic mapping study of research design practices
INFORMATION AND SOFTWARE TECHNOLOGY, 65, 14–38.
author keywords: Software pattern; Mapping study; Systematic review; Empirical evaluation; Empirical design
TL;DR:
Establishing baselines for participants’ experience level, providing appropriate training, standardizing problem sets, and employing commonly used measures to evaluate performance can support replication and comparison of results across studies.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2015 article
Synthesizing Continuous Deployment Practices Used in Software Development
2015 AGILE CONFERENCE, pp. 1–10.
author keywords: agile; continuous deployment; continuous delivery; industry practices; internet artifacts; follow-up inquiries
TL;DR:
It is observed that continuous deployment necessitates the consistent use of sound software engineering practices such as automated testing, automated deployment, and code review, which are used by software companies.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2014 chapter
Agile Software Development in Practice
In Lecture Notes in Business Information Processing (pp. 32–45).
TL;DR:
Subject to sampling issues, successful teams report more positive results for agile practices with the most important practice being teams knowing their velocity.
(via Semantic Scholar)
Source: Crossref
Added: January 5, 2021
2014 conference paper
Hidden in plain sight: Automatically identifying security requirements from natural language artifacts
2014 ieee 22nd international requirements engineering conference (re), 183–192.
TL;DR:
A tool-assisted process that automatically identifies security-relevant sentences in natural language requirements artifacts and classifies them according to the security objectives, either explicitly stated or implied by the sentences.
(via Semantic Scholar)
Sources: NC State University Libraries, NC State University Libraries, ORCID
Added: August 6, 2018
2014 article
On Coverage-Based Attack Profiles
2014 IEEE EIGHTH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY - COMPANION (SERE-C 2014), pp. 5–6.
author keywords: security; coverage; models; attack; profile
TL;DR:
A hypergeometric process model is presented that describes automated cyber attacks and web request signatures from the logs of a production web server were used to assess the applicability of the model.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2014 conference paper
Towards a framework to measure security expertise in requirements analysis
2014 IEEE 1st Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), 13–18.
TL;DR:
Preliminary results of analyzing two interviews reveal possible decision-making patterns that could characterize how analysts perceive, comprehend and project future threats which leads them to decide upon requirements and their specifications, in addition to how experts use assumptions to overcome ambiguity in specifications.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions
(OpenAlex)
Source: NC State University Libraries
Added: August 6, 2018
2013 journal article
A comparison of the efficiency and effectiveness of vulnerability discovery techniques
INFORMATION AND SOFTWARE TECHNOLOGY, 55(7), 1279–1288.
author keywords: Security; Vulnerability; Static analysis; Penetration testing; Black box testing; White box testing
TL;DR:
The results show that employing a single technique for vulnerability discovery is insufficient for finding all types of vulnerabilities, and suggest that in order to discover the greatest variety of vulnerability types, at least systematic manual penetration testing and automated static analysis should be performed.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2013 article
Access Control Policy Extraction from Unconstrained Natural Language Text
2013 ASE/IEEE INTERNATIONAL CONFERENCE ON SOCIAL COMPUTING (SOCIALCOM), pp. 435–440.
author keywords: access control; documentation; machine learning; natural language processing; relation extraction; security
TL;DR:
This research proposes a machine-learning based process to parse existing, unaltered natural language documents, such as requirement or technical specifications to extract the relevant subjects, actions, and resources for an access control policy.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
4. Quality Education
(OpenAlex)
Source: Web Of Science
Added: August 6, 2018
2013 conference paper
Automated extraction of non-functional requirements in available documentation
2013 1st International Workshop on Natural Language Analysis in Software Engineering (NaturaLiSE), 9–16.
TL;DR:
To aid analysts in more effectively extracting relevant non-functional requirements in available unconstrained natural language documents through automated natural language processing, this research examines which document types contain NFRs categorized to 14 NFR categories.
(via Semantic Scholar)
Source: NC State University Libraries
Added: August 6, 2018
2013 journal article
Can traditional fault prediction models be used for vulnerability prediction?
EMPIRICAL SOFTWARE ENGINEERING, 18(1), 25–59.
author keywords: Software metrics; Complexity metrics; Fault prediction; Vulnerability prediction; Open source project; Automated text classification
TL;DR:
The results suggest that fault prediction models based upon traditional metrics can substitute for specialized vulnerability prediction models, however, both fault prediction andulnerability prediction models require significant improvement to reduce false positives while providing high recall.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions
(OpenAlex)
Source: Web Of Science
Added: August 6, 2018
2013 conference paper
Non-operational testing of software for security issues
2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), 21–22.
TL;DR:
This work combines “classical” reliability modeling, when applied to reported vulnerabilities found under “normal” operational profile conditions, with safety oriented fault management processes, with open source Fedora software.
(via Semantic Scholar)
Source: NC State University Libraries
Added: August 6, 2018
2013 article
Proposing Regulatory-Driven Automated Test Suites
2013 AGILE CONFERENCE (AGILE), pp. 11–21.
author keywords: Behavior-Driven-Development; Healthcare IT; Regulatory Compliance; Security; Software Engineering; Software Testing
TL;DR:
This research found that it was possible to create scenarios and system-specific code supporting scenario execution on three systems, that iTrust can be shown to be noncompliant, and that emergency access procedures are not defined clearly enough by the regulation to determine compliance or non-compliance.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2013 conference paper
Proposing regulatory-driven automated test suites for electronic health record systems
2013 5th international workshop on software engineering in health care (sehc), 46–49.
TL;DR:
The use of Behavior-Driven-Development scenarios are proposed as the basis of an automated compliance test suite for standards such as regulation and interoperability and could become a shared asset for use by all systems subject to these regulations and standards.
(via Semantic Scholar)
Source: NC State University Libraries
Added: August 6, 2018
2013 journal article
Towards the prioritization of system test cases
Software Testing, Verification and Reliability, 24(4), 320–337.
author keywords: software testing and reliability; software quality; software quality; system-level testing
TL;DR:
The results show that PORT improves the rate of detection of severe failures over random prioritization and indicates that customer priority was the most important contributor towards improved rate of failure detection.
(via Semantic Scholar)
Sources: Web Of Science, Crossref
Added: August 6, 2018
2012 journal article
Validating Software Metrics: A Spectrum of Philosophies
ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 21(4).
author keywords: Measurement; Theory; Software metrics; validation criterion; systematic literature review
TL;DR:
The objective of this article is to guide researchers in making sound contributions to the field of software engineering metrics by providing a practical summary of the metrics validation criteria found in the academic literature.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2012 journal article
What Agile Teams Think of Agile Principles
COMMUNICATIONS OF THE ACM, 55(4), 71–76.
TL;DR:
Even after almost a dozen years, these books still deliver solid guidance for software development teams and their projects.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2011 review
A systematic literature review of actionable alert identification techniques for automated static code analysis
[Review of ]. INFORMATION AND SOFTWARE TECHNOLOGY, 53(4), 363–387.
author keywords: Automated static analysis; Systematic literature review; Actionable alert identification; Unactionable alert mitigation; Warning prioritization; Actionable alert prediction
TL;DR:
This work proposes building on an actionable alert identification benchmark for comparison and evaluation of AAIT from literature on a standard set of subjects and utilizing a common set of evaluation metrics.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2011 conference paper
Socio-technical developer networks: Should we trust our measurements?
2011 33rd International Conference on Software Engineering (ICSE), 281–290.
TL;DR:
The results substantiate that SNA metrics represent socio-technical relationships in open source development projects, while also clarifying how the developer network can be interpreted by researchers and practitioners.
(via Semantic Scholar)
Source: NC State University Libraries
Added: August 6, 2018
2010 journal article
Agile software development methodologies and practices
Advances in Computers, Vol 80, 80, 1–44.
Source: NC State University Libraries
Added: August 6, 2018
2010 article
Guest editorial: Special issue on software reliability engineering
Williams, L. (2010, August). EMPIRICAL SOFTWARE ENGINEERING, Vol. 15, pp. 321–322.
TL;DR:
This special issue of the Empirical Software Engineering journal is devoted to four papers selected from the 19th International Symposium on Software Reliability Engineering (ISSRE) that was held in Redmond, Washington on the Microsoft campus in 2008 due to the quality, novelty, and sound empirical analysis of the papers.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2010 chapter
Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks
In F. Massacci, D. Wallach, & N. Zannone (Eds.), Engineering Secure Software and Systems. ESSoS 2010 (pp. 192–200).
Ed(s): F. Massacci, D. Wallach & N. Zannone
TL;DR:
Although no SQL injection vulnerabilities were discovered, the results suggest that security testers who use an iterative, test-driven development process should compose system level rather than unit level tests.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions
(OpenAlex)
Source: Crossref
Added: August 14, 2021
2010 conference paper
Idea: Using system level testing for revealing SQL injection-related error message information leaks
Engineering secure software and systems, proceedings, 5965, 192–200.
Source: NC State University Libraries
Added: August 6, 2018
2010 journal article
Protection Poker: The New Software Security "Game"
IEEE SECURITY & PRIVACY, 8(3), 14–20.
TL;DR:
The Protection Poker "game" is a collaborative means for guiding this prioritization of security fortification efforts and has the potential to improve software security practices and team software security knowledge.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2009 journal article
On automated prepared statement generation to remove SQL injection vulnerabilities
INFORMATION AND SOFTWARE TECHNOLOGY, 51(3), 589–598.
author keywords: SQL injection; Prepared statement; Fix automation
TL;DR:
An algorithm of prepared statement replacement for removing SQLIVs by replacing SQL statements with prepared statements is presented and a corresponding tool for automated fix generation is created.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2009 journal article
On guiding the augmentation of an automated test suite via mutation analysis
EMPIRICAL SOFTWARE ENGINEERING, 14(3), 341–369.
author keywords: Mutation testing; Line coverage; Fault injection; Empirical effectiveness; Test case augmentation; Mutation analysis; Mutation testing tool; Statement coverage; Test adequacy; Web application; Open source; Unit testing
TL;DR:
An empirical study of the use of mutation analysis on two open source projects indicates that a focused effort on increasing mutation score leads to a corresponding increase in line and branch coverage to the point that line coverage, branch coverage and mutation score reach a maximum but leave some types of code structures uncovered.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2009 chapter
Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer
In F. Massacci, S. T. Redwine, & N. Zannone (Eds.), Engineering Secure Software and Systems. ESSoS 2009 (pp. 122–134).
Ed(s): F. Massacci, S. Redwine & N. Zannone
TL;DR:
The Protection Poker activity is proposed as a collaborative and informal form of misuse case development and threat modeling that plays off the diversity of knowledge and perspective of the participants and lead to a more effective software security learning experience.
(via Semantic Scholar)
Source: Crossref
Added: August 14, 2021
2009 conference paper
Secure open source collaboration: An empirical study of linus' law
CCS'09: Proceedings of the 16th ACM Conference on Computer and Communications Security, 453–462.
TL;DR:
This study examines the security of an open source project in the context of developer collaboration by analyzing version control logs and quantifying notions of Linus' Law as well as the "too many cooks in the kitchen" viewpoint into developer activity metrics.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions
(OpenAlex)
Source: NC State University Libraries
Added: August 6, 2018
2009 journal article
Should software testers use mutation analysis to augment a test set?
JOURNAL OF SYSTEMS AND SOFTWARE, 82(11), 1819–1832.
author keywords: Mutation testing; Empirical effectiveness; User study; Mutation analysis; Test adequacy; Web application; Open source; Unit testing; Mutation testing tool
TL;DR:
It is shown that mutation analysis can be used by software testers to effectively produce new test cases and to improve statement coverage scores in a feasible amount of time and that the choice of mutation tool and operator set can play an important role in determining how efficient mutation analysis is for producing newtest cases.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2009 chapter
Toward Non-security Failures as a Predictor of Security Faults and Failures
In F. Massacci, S. T. Redwine, & N. Zannone (Eds.), Engineering Secure Software and Systems. ESSoS 2009. (pp. 135–149).
Ed(s): F. Massacci, S. Redwine & N. Zannone
TL;DR:
It is found that 57% of the vulnerable components were in the top nine percent of the total component ranking, but with a 48% false positive rate, indicating that non-security failures can be used as one of the input variables for security-related prediction models.
(via Semantic Scholar)
Source: Crossref
Added: August 14, 2021
2008 journal article
Addressing diverse needs through a balance of agile and plan-driven software development methodologies in the core software engineering course
International Journal of Engineering Education, 24(4), 659–670.
Source: NC State University Libraries
Added: August 6, 2018
2008 journal article
Realizing quality improvement through test driven development: results and experiences of four industrial teams
EMPIRICAL SOFTWARE ENGINEERING, 13(3), 289–302.
author keywords: test driven development; empirical study; defects/faults; development time
TL;DR:
Case studies were conducted with three development teams at Microsoft and one at IBM that have adopted TDD and indicate that the pre-release defect density of the four products decreased between 40% and 90% relative to similar projects that did not use the TDD practice.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2007 chapter
Industry-Research Collaboration Working Group Results
In V. R. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl, & R. W. Selby (Eds.), Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 153–157).
Ed(s): V. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl & R. Selby
TL;DR:
The agreed-upon deliverable from this session was for a subset of the group to submit a longer version of this report to IEEE Software or the Empirical Software Engineering journal as a set of guidelines.
(via Semantic Scholar)
Source: Crossref
Added: September 18, 2021
2007 journal article
On the design of more secure software-intensive systems by use of attack patterns
INFORMATION AND SOFTWARE TECHNOLOGY, 49(4), 381–397.
author keywords: software and system safety; patterns
TL;DR:
Regular expression-based attack patterns that show the sequential events that occur during an attack are created by creating a Security Analysis for Existing Threats (SAFE-T), a architectural analysis that identifies security vulnerabilities early in the software process.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2007 chapter
Roadmapping Working Group 4 Results
In V. R. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl, & R. W. Selby (Eds.), Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 181–183).
Ed(s): V. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl & R. Selby
TL;DR:
The group carefully considered the factors involved with the maturity of the field of Empirical Software Engineering and found that the progress to move linearly along an axis is not proportional to the amount of work that must take place.
(via Semantic Scholar)
Source: Crossref
Added: September 18, 2021
2007 chapter
Structuring Families of Industrial Case Studies
In V. R. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl, & R. W. Selby (Eds.), Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 134–134).
Ed(s): V. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl & R. Selby
TL;DR:
Groups of researchers interested in the same research question(s) can customize and evolve an evaluation framework for the technology under study, which consists of templates for specific quantitative measures to collect with associated instructions on what to include/exclude for consistent measurement collection.
(via Semantic Scholar)
Source: Crossref
Added: August 14, 2021
2006 journal article
Essential communication practices for Extreme Programming in a global software development team
INFORMATION AND SOFTWARE TECHNOLOGY, 48(9), 781–794.
author keywords: global software development; Extreme Programming; case study
TL;DR:
An industrial case study of a distributed team in the USA and the Czech Republic that used Extreme Programming suggests that, if critical enabling factors are addressed, methodologies dependent on informal communication can be used on global software development projects.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2006 article
Motivations and measurements in an agile case study
Layman, L., Williams, L., & Cunningham, L. (2006, November). JOURNAL OF SYSTEMS ARCHITECTURE, Vol. 52, pp. 654–667.
author keywords: software engineering; case study; agile software development; extreme programming
Source: Web Of Science
Added: August 6, 2018
2006 journal article
On the value of static analysis for fault detection in software
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 32(4), 240–253.
author keywords: code inspections; walkthroughs
Source: Web Of Science
Added: August 6, 2018
2004 article
A structured experiment of test-driven development
George, B., & Williams, L. (2004, April 15). INFORMATION AND SOFTWARE TECHNOLOGY, Vol. 46, pp. 337–342.
author keywords: software engineering; test driven development; extreme programming; agile methodologies
TL;DR:
Experimental results tend to indicate that TDD programmers produce higher quality code because they passed 18% more functional black-box test cases and took 16% more time, which supports the perception thatTDD has the potential for increasing the level of unit testing in the software industry.
(via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018
2004 conference paper
On understanding compatibility of student pair programmers
Proceedings of the 35th SIGCSE technical symposium on Computer science education - SIGCSE '04. Presented at the the 35th SIGCSE technical symposium.
Event: the 35th SIGCSE technical symposium
TL;DR:
It is found that the students' perception of their partner's skill level has a significant influence on their compatibility, and students' self-esteem does not appear to be a major contributor to pair compatibility.
(via Semantic Scholar)
Sources: NC State University Libraries, Crossref, NC State University Libraries
Added: August 6, 2018
2003 chapter
Pair learning: With an eye toward future success
In Extreme programming and agile methods: XP/Agile Universe 2003: Third XP Agile Universe Conference, New Orleans, LA, USA, August 10-13, 2003 (Vol. 2753, pp. 185–198).
TL;DR:
An experiment was run at North Carolina State University to assess the efficacy of pair programming as an alternative educational technique in an introductory programming course and found that the retention rate of the students in the introductory programming courses is equal to or better than that of theStudents in the solo programming courses.
(via Semantic Scholar)
Sources: NC State University Libraries, NC State University Libraries
Added: August 6, 2018
2003 journal article
The Economics of Software Development by Pair Programmers
The Engineering Economist, 48(4), 283–319.
TL;DR:
A comparative economic evaluation that strengthens the case for pair programming and recommends that organizations engaged in software development consider adopting pair programming as a practice that could improve their bottom line.
(via Semantic Scholar)
Source: Crossref
Added: September 18, 2021
2003 article
The XP programmer: The few-minutes programmer
IEEE SOFTWARE, Vol. 20, pp. 16–20.
Source: Web Of Science
Added: August 6, 2018
2002 report
Distributed Pair Programming: Empirical Studies and Supporting Environments
(pp. TR02–010). Chapel Hill, NC: Dept. of Computer Science, University of North Carolina.
Source: NC State University Libraries
Added: August 6, 2018
2002 book
Extreme programming and agile methods XP/Agile Universe 2002 : Second XP Universe and First Agile Universe Conference, Chicago, IL, USA, August 4-7, 2002 : proceedings
Berlin ;|aNew York: Springer.
Source: NC State University Libraries
Added: August 6, 2018
2002 journal article
In support of paired programming in the introductory computer science course
Computer Science Education, 12(3), 197–212.
UN Sustainable Development Goal Categories
4. Quality Education
(OpenAlex)
Sources: NC State University Libraries, NC State University Libraries
Added: August 6, 2018
2002 journal article
Integrating Agile Practices into Software Engineering Courses
Computer Science Education, 12(3), 169–185.
Source: Crossref
Added: September 18, 2021
2002 personal communication
Letters - Try it, you'll like it
Source: NC State University Libraries
Added: August 6, 2018
2002 conference paper
Pair programming in an introductory computer science course: Initial results and recommendations
OOPSLA 2002: 17th ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications : conference proceedings: November 4-8, 2002, Washington State Convention and Trade Center, Seattle, Washington, USA. New York, NY: ACM Press.
Source: NC State University Libraries
Added: August 6, 2018
2002 article
Teaching PSP: Challenges and lessons learned
IEEE SOFTWARE, Vol. 19, pp. 42-+.
TL;DR:
Five universities used the personal software process to teach software engineering concepts in a variety of contexts to help students learn about the size and complexity of modern software systems and the techniques available for managing these difficulties.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
4. Quality Education
(OpenAlex)
Source: Web Of Science
Added: August 6, 2018
2001 journal article
Experiments with Industry's “Pair-Programming” Model in the Computer Science Classroom
Computer Science Education, 11(1), 7–20.
Source: Crossref
Added: September 18, 2021
2000 journal article
Strengthening the case for pair programming
IEEE SOFTWARE, 17(4), 19-+.
Source: Web Of Science
Added: August 6, 2018
Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.
Certain data included herein are derived from the Web of Science© and InCites© (2024) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.
