Laurie A Williams

Works (124)

Updated: February 3rd, 2026 12:50

2025 article

Trusting Code in the Wild: Exploring Contributor Reputation Measures to Review Dependencies in the Rust Ecosystem

Hamer, S., Imtiaz, N., Tamanna, M., Shabrina, P., & Williams, L. (2025, March 18). IEEE Transactions on Software Engineering.

By: S. Hamer n, N. Imtiaz n, M. Tamanna n, P. Shabrina n & L. Williams n

author keywords: Reviews; Software; Supply chains; Codes; Ecosystems; Security; Social networking (online); Particle measurements; Atmospheric measurements; Collaboration; Open source security; software developer network; software measurement; software supply chain security
topics (OpenAlex): Political Influence and Corporate Strategies
Source: Web Of Science
Added: May 6, 2025

2025 article

Comparing effectiveness and efficiency of Interactive Application Security Testing (IAST) and Runtime Application Self-Protection (RASP) tools in a large java-based system

Seth, A., Bhattacharya, S., Zahan, N., & Williams, L. (2025, February 15). Empirical Software Engineering, Vol. 30.

By: A. Seth n, S. Bhattacharya*, N. Zahan n & L. Williams n

author keywords: Vulnerability management; Web application security; Security analysis tools; Vulnerability scanners; Interactive application security testing; Runtime application self-protection
topics (OpenAlex): Web Application Security Vulnerabilities; Advanced Malware Detection Techniques; Security and Verification in Computing
Sources: Web Of Science, NC State University Libraries
Added: February 24, 2025

2025 article

If you cannot Measure it, you cannot Secure it. A Case Study on Metrics for Informed Choice of Security Controls

Rahman, M. R., Rahman, I., & Williams, L. (2025, May 9). Journal of Information Security and Applications.

By: M. Rahman*, I. Rahman n & L. Williams n

author keywords: Security controls; Adversarial techniques; NIST SP800-53; ATT&CK; TTPs
topics (OpenAlex): Information and Cyber Security; Advanced Malware Detection Techniques; Network Security and Intrusion Detection
Source: Web Of Science
Added: May 27, 2025

2025 article proceedings

It Should Be Easy but... New Users' Experiences and Challenges with Secret Management Tools

By: L. Neil n, D. Mungara*, L. Williams n, Y. Acar* & B. Reaves n

topics (OpenAlex): User Authentication and Security Systems; Information and Cyber Security; Personal Information Management and User Behavior; Digital and Cyber Forensics
Sources: NC State University Libraries, Crossref
Added: November 23, 2025

2025 article

Mining temporal attack patterns from cyberthreat intelligence reports

Rahman, M. R., Wroblewski, B., Matthews, Q., Morgan, B., Menzies, T., & Williams, L. (2025, July 22). Knowledge and Information Systems, Vol. 7.

By: M. Rahman*, B. Wroblewski n, Q. Matthews n, B. Morgan n, T. Menzies n & L. Williams n

author keywords: Tactics; Techniques; Procedures; MITRE ATT&CK; Temporal relation; Cyberthreat intelligence; CTI reports; Knowledge graph; attack graph; TimeML
topics (OpenAlex): Network Security and Intrusion Detection; Spam and Phishing Detection; Data Quality and Management
Sources: Web Of Science, NC State University Libraries
Added: July 28, 2025

2025 article

Research Directions in Software Supply Chain Security

Williams, L., Benedetti, G., Hamer, S., Paramitha, R., Rahman, I., Tamanna, M., … Enck, W. (2025, January 27). ACM Transactions on Software Engineering and Methodology, Vol. 34.

By: L. Williams n, G. Benedetti*, S. Hamer n, R. Paramitha*, I. Rahman n, M. Tamanna n, G. Tystahl n, N. Zahan n ...

author keywords: Software security; Software supply chain security; Open source security
topics (OpenAlex): Information and Cyber Security; Advanced Malware Detection Techniques; Software Engineering Research
Sources: Web Of Science, ORCID, NC State University Libraries
Added: January 27, 2025

2025 article

SoK: An empirical investigation of malware techniques in advanced persistent threat attacks

Rahman, M. R., Basak, S. K., Hezaveh, R. M., & Williams, L. (2025, August 9). Computers & Security.

By: M. Rahman*, S. Basak n, R. Hezaveh n & L. Williams n

author keywords: Adversarial techniques; ATT&CK; TTPs; Advanced persistent threats; Malware
topics (OpenAlex): Advanced Malware Detection Techniques; Network Security and Intrusion Detection; Information and Cyber Security
Source: Web Of Science
Added: October 13, 2025

2025 article

Which Is Better For Reducing Outdated and Vulnerable Dependencies: Pinning or Floatingƒ

Rahman, I., Marley, J., Enck, W., & Williams, L. (2025, November 16). (Vol. 11). Vol. 11.

By: I. Rahman n, J. Marley n, W. Enck n & L. Williams n

topics (OpenAlex): Logic, programming, and type systems; Parallel Computing and Optimization Techniques; Distributed systems and fault tolerance; Software Engineering Research; Information and Cyber Security; Software System Performance and Reliability
Sources: NC State University Libraries, NC State University Libraries
Added: January 31, 2026

2025 article

Your Build Scripts Stink: The State of Code Smells in Build Scripts

Tamanna, M., Chandrani, Y., Burrows, M., Wroblewski, B., Williams, L., & Wermke, D. (2025, November 16). Proceedings of the 40th IEEE/ACM International Conference on Automated Software Engineering (ASE), Vol. 11.

By: M. Tamanna n, Y. Chandrani n, M. Burrows n, B. Wroblewski n, L. Williams n & D. Wermke n

topics (OpenAlex): Software Engineering and Design Patterns; Educational Leadership and Practices; Educational Assessment and Pedagogy; Software Engineering Research; Software Engineering Techniques and Practices; Software Testing and Debugging Techniques
Sources: NC State University Libraries, NC State University Libraries, ORCID
Added: January 31, 2026

2024 article

A Survey on Software Vulnerability Exploitability Assessment

Rahman, M. R., Fringer, G., Kapoor, K., & Williams, L. (2024, March 20). ACM Computing Surveys.

By: M. Rahman n, G. Fringer n, K. Kapoor n & L. Williams n

author keywords: Exploitability; software vulnerability
topics (OpenAlex): Software Reliability and Analysis Research; Software Engineering Research; Information and Cyber Security
Source: Web Of Science
Added: June 11, 2024

2024 article

Just another copy and paste? Comparing the security vulnerabilities of ChatGPT generated code and StackOverflow answers

Hamer, S., d’Amorim, M., & Williams, L. (2024, May 23). PROCEEDINGS 45TH IEEE SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS, SPW 2024, pp. 87–94.

By: S. Hamer n, M. d’Amorim n & L. Williams n

author keywords: Software Engineering Security; Empirical Study; Large Language Models; Software Supply Chain; Code Generation
topics (OpenAlex): Artificial Intelligence in Healthcare and Education; Ethics and Social Impacts of AI
Sources: Web Of Science, NC State University Libraries
Added: August 26, 2024

2024 article

MalwareBench: Malware samples are not enough

Zahan, N., Burckhardt, P., Lysenko, M., Aboukhadijeh, F., & Williams, L. (2024, April 15). 2024 IEEE/ACM 21ST INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES, MSR, pp. 728–732.

By: N. Zahan n, P. Burckhardt, M. Lysenko, F. Aboukhadijeh & L. Williams n

author keywords: Software Engineering Security; Software Supply Chain; Software Supply Chain Security; npm and PyPI Ecosystems; Malicious Packages; Benchmark Dataset
topics (OpenAlex): Advanced Malware Detection Techniques
Sources: Web Of Science, ORCID, NC State University Libraries
Added: July 8, 2024

2024 article

Narrowing the Software Supply Chain Attack Vectors: The SSDF Is Wonderful but not Enough

Williams, L. (2024, March 1). IEEE Security & Privacy.

By: L. Williams n

topics (OpenAlex): Digital Rights Management and Security; Advanced Malware Detection Techniques; Advanced Data Storage Technologies
Source: Web Of Science
Added: April 22, 2024

2024 article

Paving a Path for a Combined Family of Feature Toggle and Configuration Option Research

Mahdavi-Hezaveh, R., Fatima, S., & Williams, L. (2024, June 14). ACM Transactions on Software Engineering and Methodology.

By: R. Mahdavi-Hezaveh n, S. Fatima n & L. Williams n

author keywords: Feature toggle; configuration option; software configuration; Software engineering
topics (OpenAlex): Software Engineering Research; Advanced Software Engineering Methodologies; Software Engineering Techniques and Practices
Source: Web Of Science
Added: October 21, 2024

2024 article

Towards a Taxonomy of Challenges in Security Control Implementation

Rahman, M. R., Wroblewski, B., Tamanna, M., Rahman, I., Anufryienak, A., & Williams, L. (2024, December 9).

By: M. Rahman n, B. Wroblewski n, M. Tamanna n, I. Rahman n, A. Anufryienak* & L. Williams n

author keywords: Security controls; Taxonomy; Large Language Models; MITRE ATT&CK
topics (OpenAlex): Information and Cyber Security
Source: Web Of Science
Added: July 21, 2025

2023 article

Are Your Dependencies Code Reviewed?: Measuring Code Review Coverage in Dependency Updates

Imtiaz, N., & Williams, L. (2023, September 28). IEEE Transactions on Software Engineering.

By: N. Imtiaz n & L. Williams n

author keywords: Codes; Phantoms; Software; Software development management; Source coding; Security; Supply chains; Software supply chain security; open source security; dependency analysis
topics (OpenAlex): Software Engineering Research; Software System Performance and Reliability; Security and Verification in Computing
TL;DR: Depdive, an update audit tool for packages in Crates.io, npm, PyPI, and RubyGems registry, is implemented and it is found that phantom artifacts are not uncommon in the updates, indicating that even the most used packages can introduce non-reviewed code in the software supply chain. (via Semantic Scholar)
Source: Web Of Science
Added: December 18, 2023

2023 article

Do Software Security Practices Yield Fewer Vulnerabilities?

Zahan, N., Shohan, S., Harris, D., & Williams, L. (2023, May 1). 2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE, ICSE-SEIP, pp. 292–303.

By: N. Zahan n, S. Shohan n, D. Harris n & L. Williams n

topics (OpenAlex): Software Engineering Research; Software Reliability and Analysis Research; Information and Cyber Security
TL;DR: Five supervised machine learning models for npm and PyPI packages were developed using the OpenSSF Scorecard security practices scores and aggregate security scores as predictors and the number of externally-reported vulnerabilities as a target variable, finding that four security practices were the most important practices influencing vulnerability count. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries
Added: August 21, 2023

2023 article

OpenSSF Scorecard: On the Path Toward Ecosystem-Wide Automated Security Metrics

Zahan, N., Kanakiya, P., Hambleton, B., Shohan, S., & Williams, L. (2023, June 26). IEEE Security & Privacy, Vol. 21, pp. 76–88.

By: N. Zahan n, P. Kanakiya*, B. Hambleton n, S. Shohan* & L. Williams n

author keywords: Security; Software measurement; Software development management; Open source software; Ecosystems; Task analysis; Standards
topics (OpenAlex): Open Source Software Innovations; Scientific Computing and Data Management; Software Engineering Research
TL;DR: This study evaluates the applicability of the Scorecard tool and compares the security practices and gaps in the npm and PyPI ecosystems. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
15. Life on Land (OpenAlex)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: February 11, 2024

2023 article proceedings

SecretBench: A Dataset of Software Secrets

By: S. Basak n, L. Neil n, B. Reaves n & L. Williams n

topics (OpenAlex): Advanced Malware Detection Techniques; Digital and Cyber Forensics; Data Quality and Management
TL;DR: The goal of this paper is to aid researchers and tool developers in evaluating and improving secret detection tools by curating a benchmark dataset of secrets through a systematic collection of secrets from open-source repositories. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
Sources: Web Of Science, NC State University Libraries, Crossref
Added: September 5, 2023

2023 article

Software Supply Chain Security [Guest Editors’ Introduction]

Massacci, F., & Williams, L. (2023, November 1). IEEE Security & Privacy.

By: F. Massacci* & L. Williams n

author keywords: Special issues and sections; Computer security; Supply chain management; Software
topics (OpenAlex): Information and Cyber Security; Advanced Malware Detection Techniques; Network Security and Intrusion Detection
Source: Web Of Science
Added: February 26, 2024

2023 article proceedings

What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts?

Basak, S. K., Neil, L., Reaves, B., & Williams, L. (2023, May 1). 2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ICSE, pp. 1635–1647.

By: S. Basak n, L. Neil n, B. Reaves n & L. Williams n

topics (OpenAlex): Software Engineering Research; Mobile Crowdsensing and Crowdsourcing; Privacy-Preserving Technologies in Data
TL;DR: The findings indicate that the same solution has been mentioned to mitigate multiple challenges, and an increasing trend in questions lacking accepted solutions substantiating the need for future research and tool automation on managing secrets. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
Sources: Web Of Science, NC State University Libraries, Crossref
Added: September 5, 2023

2022 article

Dazzle

Shu, R., Xia, T., Williams, L., & Menzies, T. (2022, May 23). 2022 MINING SOFTWARE REPOSITORIES CONFERENCE (MSR 2022), pp. 144–155.

By: R. Shu n, T. Xia n, L. Williams n & T. Menzies n

author keywords: Security Vulnerability Prediction; Class Imbalance; Hyperparameter Optimization; Generative Adversarial Networks
topics (OpenAlex): Software Engineering Research; Advanced Malware Detection Techniques; Software Reliability and Analysis Research
TL;DR: The use of optimized GANs are suggested as an alternative method for security vulnerability data class imbalanced issues and further help build better prediction models with resampled datasets. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries
Added: September 19, 2022

2022 article

Do I really need all this work to find vulnerabilities?

Zahan, N., Shu, R., Metro, M., Kozarev, V., Menzies, T., & Williams, L. (2022, August 6). Empirical Software Engineering, Vol. 27.

By: N. Zahan n, R. Shu n, M. Metro n, V. Kozarev n, T. Menzies n & L. Williams n

author keywords: Vulnerability Management; Web Application Security; Penetration Testing; Vulnerability Scanners
topics (OpenAlex): Software Engineering Research; Software System Performance and Reliability; Web Application Security Vulnerabilities
TL;DR: The goal of this research is to assist managers and other decision-makers in making informed choices about the use of software vulnerability detection techniques through an empirical study of the efficiency and effectiveness of four techniques on a Java-based web application. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 22, 2022

2022 article

Exploring the Shift in Security Responsibility

Weir, C., Migues, S., & Williams, L. (2022, March 10). IEEE Security & Privacy.

By: C. Weir*, S. Migues* & L. Williams n

author keywords: Security; Software; Companies; Satellites; Standards organizations; Data models; Training
topics (OpenAlex): Information and Cyber Security; Software Engineering Techniques and Practices
Source: Web Of Science
Added: March 28, 2022

2022 article

Feature toggles as code: Heuristics and metrics for structuring feature toggles

Mahdavi-Hezaveh, R., Ajmeri, N., & Williams, L. (2022, January 14). Information and Software Technology, Vol. 5, pp. 1–14.

By: R. Mahdavi-Hezaveh n, N. Ajmeri* & L. Williams n

author keywords: Feature toggle; Continuous integration; Continuous development; Open source repository; Heuristic; Metric
topics (OpenAlex): Software Engineering Research; Advanced Software Engineering Methodologies; Software Reliability and Analysis Research
TL;DR: This research proposes 7 heuristics to guide structuring feature toggles in the codebase by proposing and evaluating a set of heuristics and corresponding complexity, comprehensibility, and maintainability metrics based upon an empirical study of open source repositories. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: May 2, 2022

2022 article

Open or Sneaky? Fast or Slow? Light or Heavy?: Investigating Security Releases of Open Source Packages

Imtiaz, N., Khanom, A., & Williams, L. (2022, June 9). IEEE Transactions on Software Engineering.

By: N. Imtiaz n, A. Khanom n & L. Williams n

author keywords: Security; Codes; Delays; Ecosystems; Databases; Semantics; Supply chains; Empirical study; open source security; supply chain security
topics (OpenAlex): Software Engineering Research; Advanced Malware Detection Techniques; Software Reliability and Analysis Research
TL;DR: The time lag between fix and release, how security fixes are documented in the release notes; code change characteristics (size and semantic versioning) of the release; and the time lagBetween the release and an advisory publication for security releases are studied over a dataset of 4,377 security advisories across seven package ecosystems. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
10. Reduced Inequalities (OpenAlex)
Source: Web Of Science
Added: May 30, 2023

2022 article

Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations

Enck, W., & Williams, L. (2022, March 1). IEEE Security & Privacy, Vol. 20, pp. 96–100.

By: W. Enck n & L. Williams n

topics (OpenAlex): Information and Cyber Security; Advanced Malware Detection Techniques; Software Reliability and Analysis Research
TL;DR: Three summits are held with a diverse set of organizations and the top five challenges in software supply chain security are reported on. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: May 31, 2022

2022 article

What Are the Attackers Doing Now? Automating Cyberthreat Intelligence Extraction from Text on Pace with the Changing Threat Landscape: A Survey

Rahman, M. R., Hezaveh, R. M., & Williams, L. (2022, November 22). ACM Computing Surveys.

By: M. Rahman n, R. Hezaveh n & L. Williams n

author keywords: Cyberthreat intelligence; CTI extraction; CTI mining; IoC extraction; TTPs; extraction; attack pattern extraction; threat reports; tactical threat intelligence; technical threat intelligence
topics (OpenAlex): Information and Cyber Security; Cybercrime and Law Enforcement Studies; Advanced Malware Detection Techniques
TL;DR: The goal of this article is to aid cybersecurity researchers in understanding the current techniques used for cyberthreat intelligence extraction from text through a survey of relevant studies in the literature, finding 11 types of extraction purposes and 7 types of textual sources for CTI extraction. (via Semantic Scholar)
Source: Web Of Science
Added: April 24, 2023

2022 article proceedings

What are the Practices for Secret Management in Software Artifacts?

By: S. Basak n, L. Neil n, B. Reaves n & L. Williams n

author keywords: secret management; practices; empirical study; grey literature; secure development
topics (OpenAlex): Advanced Malware Detection Techniques; Digital and Cyber Forensics; Information and Cyber Security
TL;DR: The goal of this paper is to aid practitioners in avoiding the exposure of secrets by identifying secret management practices in software artifacts through a systematic derivation of practices disseminated in Internet artifacts. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
Sources: Web Of Science, NC State University Libraries, Crossref
Added: February 20, 2023

2022 article

What are weak links in the npm supply chain?

Zahan, N., Zimmermann, T., Godefroid, P., Murphy, B., Maddila, C., & Williams, L. (2022, May 21). Proceedings of the 44th International Conference on Software Engineering: Software Engineering in Practice, pp. 331–340.

By: N. Zahan n, T. Zimmermann*, P. Godefroid*, B. Murphy*, C. Maddila* & L. Williams n

author keywords: Software Ecosystem; Supply Chain Security; npm; Weak link Signal
topics (OpenAlex): Advanced Malware Detection Techniques; Software Engineering Research; Information and Cyber Security
TL;DR: The metadata of 1.63 million JavaScript npm packages was analyzed and six signals of security weaknesses in a software supply chain, such as the presence of install scripts, maintainer accounts associated with an expired email domain, and inactive packages with inactive maintainers were proposed. (via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: September 19, 2022

2022 article

Why secret detection tools are not enough: It’s not just about false positives - An industrial case study

Rahman, M. R., Imtiaz, N., Storey, M.-A., & Williams, L. (2022, March 17). Empirical Software Engineering.

By: M. Rahman n, N. Imtiaz n, M. Storey* & L. Williams n

author keywords: Secret detection tool; Hardcoded secrets; Secrets in repositories; Credentials in repositories
topics (OpenAlex): Advanced Malware Detection Techniques; Software Engineering Research; Information and Cyber Security
TL;DR: It is found that, despite developers classified 50% of the warning as false positive, developers also bypassed the warning due to time constraints, working with non-shipping projects, technical challenges of eliminating secrets completely from the version control history, technical debts, and perceptions that check-ins are low risk. (via Semantic Scholar)
Source: Web Of Science
Added: April 4, 2022

2021 article

Different Kind of Smells: Security Smells in Infrastructure as Code Scripts

Rahman, A., & Williams, L. (2021, March 29). IEEE Security & Privacy.

By: A. Rahman* & L. Williams n

topics (OpenAlex): Advanced Malware Detection Techniques; Security and Verification in Computing; Information and Cyber Security
TL;DR: This article summarizes the recent research findings related to infrastructure as code (IaC) scripts, where 67,801 occurrences of security smells that include 9,175 hard-coded passwords are identified. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: June 10, 2021

2021 article

How to Better Distinguish Security Bug Reports (Using Dual Hyperparameter Optimization)

Shu, R., Xia, T., Chen, J., Williams, L., & Menzies, T. (2021, April 5). Empirical Software Engineering, Vol. 26.

By: R. Shu n, T. Xia n, J. Chen n, L. Williams n & T. Menzies n

author keywords: Hyperparameter Optimization; Data pre-processing; Security bug report
topics (OpenAlex): Software Engineering Research; Software Testing and Debugging Techniques; Machine Learning and Data Classification
TL;DR: The SWIFT’s dual optimization of both pre-processor and learner is more useful than optimizing each of them individually, and this approach can quickly optimize models that achieve better recalls than the prior state-of-the-art. (via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: May 3, 2021

2021 article

Infiltrating Security into Development: Exploring the World' Largest Software Security Study

Laurie Williams

author keywords: Software engineering; Software security; Developer centered security; Software security group; Secure software development lifecycle; SDLC; DevSecOps
topics (OpenAlex):
Source: Web Of Science
Added: March 7, 2022

2021 article

Omni: automated ensemble with unexpected models against adversarial evasion attack

Shu, R., Xia, T., Williams, L., & Menzies, T. (2021, November 30). Empirical Software Engineering, Vol. 27.

By: R. Shu n, T. Xia n, L. Williams n & T. Menzies n

author keywords: Hyperparameter optimization; Ensemble defense; Adversarial evasion attack
topics (OpenAlex): Adversarial Robustness in Machine Learning; Advanced Malware Detection Techniques; Network Security and Intrusion Detection
TL;DR: Omni is a promising approach as a defense strategy against adversarial attacks when compared with other baseline treatments, and it is suggested to create ensemble with unexpected models that are distant from the attacker’s expected model through methods such as hyperparameter optimization. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: December 6, 2021

2021 article

Security Smells in Ansible and Chef Scripts

Rahman, A., Rahman, M. R., Parnin, C., & Williams, L. (2021, January 20). ACM Transactions on Software Engineering and Methodology.

By: A. Rahman*, M. Rahman n, C. Parnin n & L. Williams n

topics (OpenAlex): Advanced Malware Detection Techniques; Information and Cyber Security; Software Engineering Research
TL;DR: This article identifies two security smells not reported in prior work: missing default in case statement and no integrity check and recommends practitioners to rigorously inspect the presence of the identified security smells in Ansible and Chef scripts using code review, and static analysis tools. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: March 8, 2021

2021 article

Software development with feature toggles: practices used by practitioners

Mahdavi-Hezaveh, R., Dremann, J., & Williams, L. (2021, January 1). Empirical Software Engineering.

By: R. Mahdavi-Hezaveh n, J. Dremann n & L. Williams n

author keywords: Continuous integration; Continuous delivery; Feature toggle; Practice
topics (OpenAlex): Software Engineering Research; Software Engineering Techniques and Practices; Software Reliability and Analysis Research
TL;DR: The feature toggle development practices discovered and enumerated in this work can help practitioners more effectively use feature toggles and can enable future mining of code repositories to automatically identify feature toggle practices. (via Semantic Scholar)
Source: Web Of Science
Added: February 8, 2021

2021 article

Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard

E., S., Zahan, N., Kozarev, V., Shu, R., Menzies, T., & Williams, L. (2021, May 1). 2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: JOINT TRACK ON SOFTWARE ENGINEERING EDUCATION AND TRAINING (ICSE-JSEET 2021), pp. 95–104.

By: S. E. n, N. Zahan n, V. Kozarev n, R. Shu n, T. Menzies n & L. Williams n

author keywords: Security and Protection; Computer and Information Science Education; Industry-Standards
topics (OpenAlex): Information and Cyber Security; Web Application Security Vulnerabilities; Software Reliability and Analysis Research
TL;DR: A theme of the course assignments was to map vulnerability discovery to the security controls of the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS), and this mapping may have increased students' depth of understanding of a wider range of security topics. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: November 1, 2021

2020 article

A Literature Review on Mining Cyberthreat Intelligence from Unstructured Texts

Rahman, M. R., Mahdavi-Hezaveh, R., & Williams, L. (2020, November 1).

By: M. Rahman n, R. Mahdavi-Hezaveh n & L. Williams n

topics (OpenAlex): Information and Cyber Security; Cybercrime and Law Enforcement Studies; Spam and Phishing Detection
TL;DR: It is found that the most prominent sources of unstructured threat data are the threat reports, Twitter feeds, and posts from hackers and security experts, and natural language processing (NLP) based approaches: topic classification; keyword identification; and semantic relationship extraction among the keywords are mostly availed in the selected studies to mine CTI information from un Structured threat sources. (via Semantic Scholar)
Source: Web Of Science
Added: July 12, 2021

2020 article

Gang of eight

Rahman, A., Farhana, E., Parnin, C., & Williams, L. (2020, June 27).

By: A. Rahman*, E. Farhana n, C. Parnin n & L. Williams n

author keywords: bug; category; configuration as code; configuration scripts; defect; devops; infrastructure as code; puppet; software quality; taxonomy
topics (OpenAlex): Software Engineering Research; Software System Performance and Reliability; Software Reliability and Analysis Research
TL;DR: A taxonomy of IaC defects is developed by applying qualitative analysis on 1,448 defect-related commits collected from open source software (OSS) repositories of the Openstack organization and the quantified frequency of the defect categories may help in advancing the science of IAC script quality. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: June 21, 2021

2020 article

The ‘as code’ activities: development anti-patterns for infrastructure as code

Rahman, A., Farhana, E., & Williams, L. (2020, August 17). Empirical Software Engineering.

By: A. Rahman*, E. Farhana n & L. Williams n

author keywords: Anti-pattern; Bugs; Configuration script; Continuous deployment; Defect; Devops; Infrastructure as code; Practice; Puppet; Quality
topics (OpenAlex): Software Engineering Research; Software System Performance and Reliability; Advanced Software Engineering Methodologies
TL;DR: Five development anti-patterns of infrastructure as code (IaC) scripts, namely, ‘boss is not around’, “many cooks spoil”, � ‘minors are spoiler‚, ’silos‚ and ‘unfocused contribution’ are identified. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: September 7, 2020

2019 article

Better together: Comparing vulnerability prediction models

Theisen, C., & Williams, L. (2019, November 5). Information and Software Technology.

By: C. Theisen n & L. Williams n

author keywords: Security; Vulnerabilities; Prediction model; Software engineering
topics (OpenAlex): Software Engineering Research; Software Reliability and Analysis Research; Advanced Malware Detection Techniques
TL;DR: This paper compares VPMs on Mozilla Firefox with 28,750 source code files featuring 271 vulnerabilities using software metrics, text mining, and crash data to help security practitioners and researchers choose appropriate features for vulnerability prediction through a comparison of Vulnerability Prediction Models. (via Semantic Scholar)
Source: Web Of Science
Added: March 2, 2020

2019 article

How Do Developers Act on Static Analysis Alerts? An Empirical Study of Coverity Usage

Imtiaz, N., Murphy, B., & Williams, L. (2019, October 1).

By: N. Imtiaz n, B. Murphy* & L. Williams n

author keywords: static analysis; tools; alerts; warnings; developer action
topics (OpenAlex): Software Engineering Research; Software System Performance and Reliability; Advanced Malware Detection Techniques
TL;DR: The goal of this paper is to aid researchers and tool makers in improving the utility of static analysis tools through an empirical study of developer action on the alerts detected by Coverity, a state-of-the-art static analysis tool. (via Semantic Scholar)
Source: Web Of Science
Added: July 13, 2020

2019 article

Improving Vulnerability Inspection Efficiency Using Active Learning

Yu, Z., Theisen, C., Williams, L., & Menzies, T. (2019, October 25). IEEE Transactions on Software Engineering, Vol. 47, pp. 2401–2420.

By: Z. Yu n, C. Theisen*, L. Williams n & T. Menzies n

author keywords: Inspection; Software; Tools; Security; Predictive models; Error correction; NIST; Active learning; security; vulnerabilities; software engineering; error correction
topics (OpenAlex): Advanced Malware Detection Techniques; Software Engineering Research; Web Application Security Vulnerabilities
TL;DR: HARMLESS is an incremental support vector machine tool that builds a vulnerability prediction model from the source code inspected to date, then suggests what source code files should be inspected next, then provides feedback on when to stop. (via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: November 12, 2021

2019 article

Share, But be Aware: Security Smells in Python Gists

Rahman, M. R., Rahman, A., & Williams, L. (2019, September 1).

By: M. Rahman n, A. Rahman* & L. Williams n

author keywords: GitHub; Gist; Python; Security; Security Smell; Static Analysis; Software Security
topics (OpenAlex): Software Engineering Research; Advanced Malware Detection Techniques; Security and Verification in Computing
TL;DR: This paper finds 13 types of security smells with 4,403 occurrences in 5,822 publicly-available Python Gists and finds no significance relation between the presence of these security smells and the reputation of the Gist author. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: Web Of Science
Added: April 14, 2020

2019 article

Source code properties of defective infrastructure as code scripts

Rahman, A., & Williams, L. (2019, May 2). Information and Software Technology.

By: A. Rahman n & L. Williams n

author keywords: Configuration as code; Continuous deployment; Defect prediction; Devops; Empirical study; Infrastructure as code; Puppet
topics (OpenAlex): Software Engineering Research; Software System Performance and Reliability; Software Reliability and Analysis Research
TL;DR: This paper applies qualitative analysis on defect-related commits mined from open source software repositories to identify source code properties that correlate with defective IaC scripts and constructs defect prediction models using the identified properties. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: June 17, 2019

2019 article

The Seven Sins: Security Smells in Infrastructure as Code Scripts

Rahman, A., Parnin, C., & Williams, L. (2019, May 1).

By: A. Rahman n, C. Parnin n & L. Williams n

author keywords: devops; devsecops; empirical study; infrastructure as code; puppet; security; smell; static analysis
topics (OpenAlex): Software Engineering Research; Advanced Malware Detection Techniques; Information and Cyber Security
TL;DR: The goal of this paper is to help practitioners avoid insecure coding practices while developing infrastructure as code (IaC) scripts through an empirical study of security smells in IaC scripts. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: September 7, 2020

2018 article

A systematic mapping study of infrastructure as code research

Rahman, A., Mahdavi-Hezaveh, R., & Williams, L. (2018, December 12). Information and Software Technology.

By: A. Rahman n, R. Mahdavi-Hezaveh n & L. Williams n

author keywords: Devops; Configuration as code; Configuration script; Continuous deployment; Infrastructure as code; Software engineering; Systematic mapping study
topics (OpenAlex): Information and Cyber Security; Advanced Malware Detection Techniques; Service-Oriented Architecture and Web Services
TL;DR: The findings suggest that framework or tools is a well-studied topic in IaC research, as defects and security flaws can have serious consequences for the deployment and development environments in DevOps. (via Semantic Scholar)
Source: Web Of Science
Added: March 11, 2019

2018 article

Are vulnerabilities discovered and resolved like other defects?

Morrison, P. J., Pandita, R., Xiao, X., Chillarege, R., & Williams, L. (2018, May 27).

By: P. Morrison n, R. Pandita*, X. Xiao*, R. Chillarege* & L. Williams n

topics (OpenAlex): Software Engineering Research; Software Engineering Techniques and Practices; Software Reliability and Analysis Research
Source: Web Of Science
Added: January 21, 2019

2018 article

Attack surface definitions: A systematic literature review

Theisen, C., Munaiah, N., Al-Zyoud, M., Carver, J. C., Meneely, A., & Williams, L. (2018, July 27). Information and Software Technology.

By: C. Theisen n, N. Munaiah*, M. Al-Zyoud*, J. Carver*, A. Meneely* & L. Williams n

author keywords: Attack surface; Vulnerabilities; Software engineering; Systematic literature review
topics (OpenAlex): Information and Cyber Security; Software Engineering Research; Software Reliability and Analysis Research
TL;DR: This systematic literature review reviewed 644 works from prior literature that use the phrase attack surface and categorized them into those that provided their own definition; cited another definition; or expected the reader to intuitively understand the phrase. (via Semantic Scholar)
Source: Web Of Science
Added: November 19, 2018

2018 article

Characterizing Defective Configuration Scripts Used for Continuous Deployment

Rahman, A., & Williams, L. (2018, April 1).

By: A. Rahman n & L. Williams n

topics (OpenAlex): Software Engineering Research; Software Reliability and Analysis Research; Software System Performance and Reliability
TL;DR: This paper uses text mining techniques to extract text features from infrastructure as code (IaC) scripts and identifies three properties that characterize defective IaC scripts: filesystem operations, infrastructure provisioning, and managing user accounts. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: August 6, 2018

2018 article

Continuously integrating security

Williams, L. (2018, May 27).

By: L. Williams n

author keywords: Continuous deployment; software security; DevOps; DevSecOps
topics (OpenAlex): Software Engineering Techniques and Practices; Advanced Malware Detection Techniques; Software System Performance and Reliability
TL;DR: This short paper will describe the practices and environment used by these companies as they strive to develop secure and privacy-preserving products while making ultra-fast changes. (via Semantic Scholar)
Source: Web Of Science
Added: October 29, 2018

2018 article

Defect prediction metrics for infrastructure as code scripts in DevOps

Rahman, A., Stallings, J., & Williams, L. (2018, May 27). Proceedings - International Conference on Software Engineering, pp. 414–415.

By: A. Rahman n, J. Stallings n & L. Williams n

Contributors: A. Rahman n, J. Stallings n & L. Williams n

author keywords: Continuous Deployment; DevOps; Infrastructure as Code; Metrics
topics (OpenAlex): Software System Performance and Reliability; Software Engineering Research; Service-Oriented Architecture and Web Services
TL;DR: The goal of this paper is to help software practitioners in prioritizing their inspection efforts for infrastructure as code (IaC) scripts by proposing defect prediction model-related metrics, and applies Constructivist Grounded Theory on defect-related commits mined from version control systems to identify metrics suitable for IaC scripts. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Sources: Web Of Science, ORCID
Added: December 3, 2018

2018 article

Identifying security issues in software development

Morrison, P., Oyetoyan, T. D., & Williams, L. (2018, May 27).

By: P. Morrison n, T. Oyetoyan* & L. Williams n

author keywords: Security; vocabulary; classification model; CVE; Prediction
topics (OpenAlex): Software Engineering Research; Software Reliability and Analysis Research; Web Application Security Vulnerabilities
TL;DR: The goal of this research is to support researchers and practitioners in identifying security issues in software development project artifacts by defining and evaluating a systematic scheme for identifying project-specific security vocabularies that can be used for keyword-based classification. (via Semantic Scholar)
Source: Web Of Science
Added: December 3, 2018

2018 article

Mapping the field of software life cycle security metrics

Morrison, P., Moye, D., Pandita, R., & Williams, L. (2018, May 30). Information and Software Technology.

By: P. Morrison n, D. Moye n, R. Pandita n & L. Williams n

author keywords: Metrics; Measurement; Security
topics (OpenAlex): Information and Cyber Security; Software Engineering Research; Software Reliability and Analysis Research
TL;DR: The field of software life cycle security metrics has yet to converge on an accepted set of metrics, and the most-cited and most used metric, vulnerability count, has multiple definitions and operationalizations. (via Semantic Scholar)
Source: Web Of Science
Added: October 19, 2018

2018 article

What questions do programmers ask about configuration as code?

Rahman, A., Partho, A., Morrison, P., & Williams, L. (2018, May 29).

By: A. Rahman n, A. Partho, P. Morrison n & L. Williams n

author keywords: challenge; configuration as code; continuous deployment; devops; infrastructure as code; programming; puppet; question; stack over-flow
topics (OpenAlex): Software Engineering Research; Software Engineering Techniques and Practices; Software System Performance and Reliability
TL;DR: This paper extracts 2,758 Puppet-related questions asked by programmers from January 2010 to December 2016, posted on Stack Overflow, and applies qualitative analysis to identify the questions programmers ask about Puppet. (via Semantic Scholar)
Source: Web Of Science
Added: January 21, 2019

2017 article

Are vulnerabilities discovered and resolved like other defects?

Morrison, P. J., Pandita, R., Xiao, X., Chillarege, R., & Williams, L. (2017, September 19). Empirical Software Engineering.

By: P. Morrison n, R. Pandita n, X. Xiao, R. Chillarege & L. Williams n

author keywords: Software development; Measurement; Process improvement; Security; Orthogonal Defect Classification (ODC)
topics (OpenAlex): Software Engineering Research; Software Reliability and Analysis Research; Software Engineering Techniques and Practices
TL;DR: ODC + V was applied to classify 583 vulnerabilities and 583 defects across 133 releases of three open-source projects (Firefox, phpMyAdmin, and Chrome), indicating opportunities may exist for more efficient vulnerability detection and resolution. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2017 article

Highlights of the ACM student research competition

Williams, L., & Baldwin, D. (2017, October 24). Communications of the ACM.

By: L. Williams n & D. Baldwin*

topics (OpenAlex): Big Data and Business Intelligence
Source: Web Of Science
Added: August 6, 2018

2017 journal article

TMAP: Discovering relevant API methods through text mining of API documentation

Journal of Software: Evolution and Process, 29(12), e1845.

By: R. Pandita n, R. Jetley*, S. Sudarsan*, T. Menzies n & L. Williams n

author keywords: API documents; API mappings; text mining
topics (OpenAlex): Software Engineering Research; Software Engineering Techniques and Practices; Software System Performance and Reliability
TL;DR: Text mining based approach (TMAP) is proposed to discover relevant API mappings using text mining on the natural language API method descriptions to support software developers in migrating an application from a source API to a target API by automatically discovering relevant method mappings. (via Semantic Scholar)
Sources: Crossref, NC State University Libraries
Added: February 24, 2020

2017 article

The Top 10 Adages in Continuous Deployment

Parnin, C., Helms, E., Atlee, C., Boughton, H., Ghattas, M., Glover, A., … Williams, L. (2017, May 1). IEEE Software.

By: C. Parnin n, E. Helms*, C. Atlee, H. Boughton, M. Ghattas*, A. Glover*, J. Holman, J. Micco* ...

topics (OpenAlex): Software Engineering Techniques and Practices; Software Engineering Research; Software System Performance and Reliability
TL;DR: To understand the emerging practices surrounding continuous deployment, researchers facilitated a one-day Continuous Deployment Summit at the Facebook campus in July 2015, at which participants from 10 companies described how they used continuous deployment. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2017 article

The rising tide lifts all boats: the advancement of science in cyber security (invited talk)

Williams, L. (2017, August 2).

By: L. Williams n

author keywords: Systems security; Software and application security; Human and societal aspects of security and privacy; Trust frameworks
topics (OpenAlex): Cybersecurity and Cyber Warfare Studies
TL;DR: This talk will reflect on the structure of the collaborative research efforts of the Lablets, lessons learned in the transition to more scientific concepts to cybersecurity, research results in solving five hard security problems, and methods that are being used for the measurement of scientific progress of theLablet research. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
Source: Web Of Science
Added: August 6, 2018

2017 journal article

Twist-3 Distribution Amplitudes of Pion in the Light-Front Quark Model

Few-Body Systems, 58(2).

By: H. Choi* & C. Ji n

topics (OpenAlex): Quantum Chromodynamics and Particle Interactions; Particle physics theoretical and experimental studies; High-Energy Particle Collisions Research
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
Sources: Web Of Science, Crossref, NC State University Libraries
Added: August 6, 2018

2016 conference paper

ICON: Inferring temporal constraints from natural language API descriptions

32nd ieee international conference on software maintenance and evolution (icsme 2016), 378–388.

By: R. Pandita, K. Taneja, T. Tung & L. Williams

Source: NC State University Libraries
Added: August 6, 2018

2016 article

Identifying the implied: Findings from three differentiated replications on the use of security requirements templates

Riaz, M., King, J., Slankas, J., Williams, L., Massacci, F., Quesada-López, C., & Jenkins, M. (2016, December 16). Empirical Software Engineering, Vol. 22, pp. 2127–2178.

By: M. Riaz n, J. King n, J. Slankas n, L. Williams n, F. Massacci*, C. Quesada-López*, M. Jenkins*

author keywords: Security requirements; Controlled experiment; Replication; Requirements engineering; Templates; Patterns; Automation
topics (OpenAlex): Information and Cyber Security; Software Engineering Research; Software Engineering Techniques and Practices
TL;DR: Qualitative findings indicate that participants may be able to differentiate between relevant and extraneous templates suggestions and be more inclined to fill in the templates with additional support, supporting the findings of the original study. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 6, 2018

2016 article

NANE: Identifying Misuse Cases Using Temporal Norm Enactments

Kafali, O., Singh, M. P., & Williams, L. (2016, September 1). IEEE 25TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE), pp. 136–145.

By: O. Kafali n, M. Singh n & L. Williams n

Contributors: L. Williams n, O. Kafali n & M. Singh n

author keywords: Security requirements; sociotechnical systems
topics (OpenAlex): Information and Cyber Security; Access Control and Trust; Advanced Malware Detection Techniques
TL;DR: Nane is proposed, a formal framework for identifying misuse cases using a semiautomated process and it is demonstrated how Nane enables monitoring of potential misuses on a healthcare scenario. (via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: August 6, 2018

2016 article

Software security in DevOps

Rahman, A. A. U., & Williams, L. (2016, May 14).

By: A. Rahman n & L. Williams n

author keywords: DevOps; security; software practices; survey
topics (OpenAlex): Software Engineering Techniques and Practices; Software Engineering Research; Information and Cyber Security
TL;DR: The goal of this paper is to aid software practitioners in integrating security and DevOps by summarizing experiences in utilizing security practices in a DevOps environment by analyzing a selected set of Internet artifacts. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2016 journal article

Stack traces reveal attack surfaces

Perspectives on Data Science for Software Engineering, 73–76.

By: C. Theisen & L. Williams

Source: NC State University Libraries
Added: August 6, 2018

2016 article

To log, or not to log: using heuristics to identify mandatory log events – a controlled experiment

King, J., Stallings, J., Riaz, M., & Williams, L. (2016, August 24). Empirical Software Engineering, Vol. 22, pp. 2684–2717.

By: J. King n, J. Stallings n, M. Riaz n & L. Williams n

Contributors: J. King n, J. Stallings n, M. Riaz n & L. Williams n

author keywords: Logging; User activity logs; Security; Controlled experiment; User study; Mandatory log events
topics (OpenAlex): Software Engineering Research; Information and Cyber Security; Digital and Cyber Forensics
TL;DR: The results indicate additional training and enforcement may be necessary to ensure subjects understand and consistently apply the assigned methods for identifying MLEs, as well as support security analysts in performing forensic analysis by evaluating the use of a heuristics-driven method for identifying mandatory log events. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 6, 2018

2016 article

Towards characterization of photo-excited electron transfer and catalysis in natural and artificial systems using XFELs

Alonso-Mori, R., Asa, K., Bergmann, U., Brewster, A. S., Chatterjee, R., Cooper, J. K., … Yano, J. (2016, January 1). Faraday Discussions, Vol. 194, pp. 621–638.

By: R. Alonso-Mori*, K. Asa*, U. Bergmann*, A. Brewster*, R. Chatterjee*, J. Cooper*, H. Frei*, F. Fuller* ...

MeSH headings : Catalysis; Crystallography, X-Ray; Electrons; Lasers; X-Rays
topics (OpenAlex): Photosynthetic Processes and Mechanisms; Advanced Electron Microscopy Techniques and Applications; Enzyme Structure and Function
TL;DR: This work has developed methodology for simultaneously collecting X-ray diffraction data andX-ray emission spectra, using an energy dispersive spectrometer, at ambient conditions, and used this approach to study the room temperature structure and intermediate states of the photosynthetic water oxidizing metallo-protein, photosystem II. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
Sources: Web Of Science, NC State University Libraries
Added: August 6, 2018

2016 conference paper

Tutorial: text analytics for security

Symposium and Bootcamp on the Science of Security, 124–125.

By: T. Xie & W. Enck

Source: NC State University Libraries
Added: August 6, 2018

2016 conference paper

systematically developing prevention, detection, and response patterns for security requirements

2016 IEEE 24th International Requirements Engineering Conference Workshops (REW), 62–67.

Maria Riaz; Sarah Elder; Laurie Williams

Source: NC State University Libraries
Added: August 6, 2018

2015 article

Discovering likely mappings between APIs using text mining

Pandita, R., Jetley, R. P., Sudarsan, S. D., & Williams, L. (2015, September 1).

By: R. Pandita n, R. Jetley*, S. Sudarsan* & L. Williams n

topics (OpenAlex): Software Engineering Research; Web Data Mining and Analysis; Advanced Malware Detection Techniques
TL;DR: This paper proposes TMAP: Text Mining based approach to discover likely API mappings using the similarity in the textual description of the source and target API documents to address the shortcoming of manually writingAPI mappings. (via Semantic Scholar)
Source: NC State University Libraries
Added: August 6, 2018

2015 article

How have we evaluated software pattern application? A systematic mapping study of research design practices

Riaz, M., Breaux, T., & Williams, L. (2015, April 11). Information and Software Technology.

By: M. Riaz n, T. Breaux* & L. Williams n

author keywords: Software pattern; Mapping study; Systematic review; Empirical evaluation; Empirical design
topics (OpenAlex): Software Engineering Research; Scientific Computing and Data Management; Advanced Software Engineering Methodologies
TL;DR: Establishing baselines for participants’ experience level, providing appropriate training, standardizing problem sets, and employing commonly used measures to evaluate performance can support replication and comparison of results across studies. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2015 article

Synthesizing Continuous Deployment Practices Used in Software Development

Rahman, A. A. U., Helms, E., Williams, L., & Parnin, C. (2015, August 1).

By: A. Rahman n, E. Helms n, L. Williams n & C. Parnin n

author keywords: agile; continuous deployment; continuous delivery; industry practices; internet artifacts; follow-up inquiries
topics (OpenAlex): Software Engineering Techniques and Practices; Software Engineering Research; Software System Performance and Reliability
TL;DR: It is observed that continuous deployment necessitates the consistent use of sound software engineering practices such as automated testing, automated deployment, and code review, which are used by software companies. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2014 chapter

Agile Software Development in Practice

In Lecture Notes in Business Information Processing (pp. 32–45).

By: M. Doyle*, L. Williams n, M. Cohn & K. Rubin*

topics (OpenAlex): Software Engineering Techniques and Practices; Software Engineering Research; Software Reliability and Analysis Research
TL;DR: Subject to sampling issues, successful teams report more positive results for agile practices with the most important practice being teams knowing their velocity. (via Semantic Scholar)
Source: Crossref
Added: January 5, 2021

2014 article

Hidden in plain sight: Automatically identifying security requirements from natural language artifacts

Riaz, M., King, J., Slankas, J., & Williams, L. (2014, August 1). 2014 Ieee 22nd International Requirements Engineering Conference (Re), pp. 183–192.

By: M. Riaz n, J. King n, J. Slankas n & L. Williams n

topics (OpenAlex): Information and Cyber Security; Software Engineering Research; Web Application Security Vulnerabilities
TL;DR: A tool-assisted process that automatically identifies security-relevant sentences in natural language requirements artifacts and classifies them according to the security objectives, either explicitly stated or implied by the sentences. (via Semantic Scholar)
Sources: NC State University Libraries, NC State University Libraries, ORCID
Added: August 6, 2018

2014 article

On Coverage-Based Attack Profiles

Rivers, A. T., Vouk, M. A., & Williams, L. A. (2014, June 1).

By: A. Rivers n, M. Vouk n & L. Williams n

author keywords: security; coverage; models; attack; profile
topics (OpenAlex): Software Engineering Research; Software Reliability and Analysis Research; Simulation Techniques and Applications
TL;DR: A hypergeometric process model is presented that describes automated cyber attacks and web request signatures from the logs of a production web server were used to assess the applicability of the model. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2014 article

Towards a framework to measure security expertise in requirements analysis

Hibshi, H., Breaux, T., Riaz, M., & Williams, L. (2014, August 1).

By: H. Hibshi*, T. Breaux, M. Riaz n & L. Williams n

topics (OpenAlex): Information and Cyber Security; Software Engineering Research; Software Engineering Techniques and Practices
TL;DR: Preliminary results of analyzing two interviews reveal possible decision-making patterns that could characterize how analysts perceive, comprehend and project future threats which leads them to decide upon requirements and their specifications, in addition to how experts use assumptions to overcome ambiguity in specifications. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: NC State University Libraries
Added: August 6, 2018

2013 article

Access Control Policy Extraction from Unconstrained Natural Language Text

Slankas, J., & Williams, L. (2013, September 1).

By: J. Slankas n & L. Williams n

author keywords: access control; documentation; machine learning; natural language processing; relation extraction; security
topics (OpenAlex): Access Control and Trust; Web Application Security Vulnerabilities; Software Engineering Research
TL;DR: This research proposes a machine-learning based process to parse existing, unaltered natural language documents, such as requirement or technical specifications to extract the relevant subjects, actions, and resources for an access control policy. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
4. Quality Education (OpenAlex)
Source: Web Of Science
Added: August 6, 2018

2013 article

Automated extraction of non-functional requirements in available documentation

Slankas, J., & Williams, L. (2013, May 1).

By: J. Slankas n & L. Williams n

topics (OpenAlex): Software Engineering Research; Software Engineering Techniques and Practices; Software Reliability and Analysis Research
TL;DR: To aid analysts in more effectively extracting relevant non-functional requirements in available unconstrained natural language documents through automated natural language processing, this research examines which document types contain NFRs categorized to 14 NFR categories. (via Semantic Scholar)
Source: NC State University Libraries
Added: August 6, 2018

2013 article

Non-operational testing of software for security issues

Subramani, S., Vouk, M., & Williams, L. (2013, November 1).

By: S. Subramani n, M. Vouk n & L. Williams n

topics (OpenAlex): Software Reliability and Analysis Research; Software Testing and Debugging Techniques; Safety Systems Engineering in Autonomy
TL;DR: This work combines “classical” reliability modeling, when applied to reported vulnerabilities found under “normal” operational profile conditions, with safety oriented fault management processes, with open source Fedora software. (via Semantic Scholar)
Source: NC State University Libraries
Added: August 6, 2018

2013 article

Proposing Regulatory-Driven Automated Test Suites

Morrison, P., Holmgreen, C., Massey, A., & Williams, L. (2013, August 1).

By: P. Morrison n, C. Holmgreen n, A. Massey n & L. Williams n

author keywords: Behavior-Driven-Development; Healthcare IT; Regulatory Compliance; Security; Software Engineering; Software Testing
topics (OpenAlex): Software Engineering Techniques and Practices; Advanced Software Engineering Methodologies; Business Process Modeling and Analysis
TL;DR: This research found that it was possible to create scenarios and system-specific code supporting scenario execution on three systems, that iTrust can be shown to be noncompliant, and that emergency access procedures are not defined clearly enough by the regulation to determine compliance or non-compliance. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2013 article

Proposing regulatory-driven automated test suites for electronic health record systems

Morrison, P., Holmgreen, C., Massey, A., & Williams, L. (2013, May 1).

By: P. Morrison n, C. Holmgreen n, A. Massey n & L. Williams n

topics (OpenAlex): Information and Cyber Security; Advanced Software Engineering Methodologies; Software Engineering Research
TL;DR: The use of Behavior-Driven-Development scenarios are proposed as the basis of an automated compliance test suite for standards such as regulation and interoperability and could become a shared asset for use by all systems subject to these regulations and standards. (via Semantic Scholar)
Source: NC State University Libraries
Added: August 6, 2018

2013 journal article

Towards the prioritization of system test cases

Software Testing, Verification and Reliability, 24(4), 320–337.

By: H. Srikanth*, S. Banerjee*, L. Williams n & J. Osborne n

author keywords: software testing and reliability; software quality; software quality; system-level testing
topics (OpenAlex): Software Engineering Research; Software Testing and Debugging Techniques; Software Reliability and Analysis Research
TL;DR: The results show that PORT improves the rate of detection of severe failures over random prioritization and indicates that customer priority was the most important contributor towards improved rate of failure detection. (via Semantic Scholar)
Sources: Web Of Science, Crossref
Added: August 6, 2018

2012 article

A comparison of the efficiency and effectiveness of vulnerability discovery techniques

Austin, A., Holmgreen, C., & Williams, L. (2012, December 8). Information and Software Technology.

By: A. Austin n, C. Holmgreen n & L. Williams n

author keywords: Security; Vulnerability; Static analysis; Penetration testing; Black box testing; White box testing
topics (OpenAlex): Web Application Security Vulnerabilities; Software Reliability and Analysis Research; Software Engineering Research
TL;DR: The results show that employing a single technique for vulnerability discovery is insufficient for finding all types of vulnerabilities, and suggest that in order to discover the greatest variety of vulnerability types, at least systematic manual penetration testing and automated static analysis should be performed. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2012 article

Validating software metrics

Meneely, A., Smith, B., & Williams, L. (2012, November 1). ACM Transactions on Software Engineering and Methodology.

By: A. Meneely n, B. Smith n & L. Williams n

author keywords: Measurement; Theory; Software metrics; validation criterion; systematic literature review
topics (OpenAlex): Software Engineering Research; Software Engineering Techniques and Practices; Software Reliability and Analysis Research
TL;DR: The objective of this article is to guide researchers in making sound contributions to the field of software engineering metrics by providing a practical summary of the metrics validation criteria found in the academic literature. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2012 article

What agile teams think of agile principles

Williams, L. (2012, March 23). Communications of the ACM.

By: L. Williams n

topics (OpenAlex): Software Engineering Techniques and Practices
TL;DR: Even after almost a dozen years, these books still deliver solid guidance for software development teams and their projects. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2011 article

Can traditional fault prediction models be used for vulnerability prediction?

Shin, Y., & Williams, L. (2011, December 8). Empirical Software Engineering.

By: Y. Shin* & L. Williams n

author keywords: Software metrics; Complexity metrics; Fault prediction; Vulnerability prediction; Open source project; Automated text classification
topics (OpenAlex): Software Engineering Research; Software Reliability and Analysis Research; Advanced Malware Detection Techniques
TL;DR: The results suggest that fault prediction models based upon traditional metrics can substitute for specialized vulnerability prediction models, however, both fault prediction andulnerability prediction models require significant improvement to reduce false positives while providing high recall. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: Web Of Science
Added: August 6, 2018

2011 article

Socio-technical developer networks

Meneely, A., & Williams, L. (2011, May 21).

By: A. Meneely n & L. Williams n

topics (OpenAlex): Software Engineering Research; Open Source Software Innovations; Wikis in Education and Collaboration
TL;DR: The results substantiate that SNA metrics represent socio-technical relationships in open source development projects, while also clarifying how the developer network can be interpreted by researchers and practitioners. (via Semantic Scholar)
Source: NC State University Libraries
Added: August 6, 2018

2010 article

A systematic literature review of actionable alert identification techniques for automated static code analysis

Heckman, S., & Williams, L. (2010, December 25). Information and Software Technology.

By: S. Heckman n & L. Williams n

author keywords: Automated static analysis; Systematic literature review; Actionable alert identification; Unactionable alert mitigation; Warning prioritization; Actionable alert prediction
topics (OpenAlex): Software Engineering Research; Software Reliability and Analysis Research; Software Testing and Debugging Techniques
TL;DR: This work proposes building on an actionable alert identification benchmark for comparison and evaluation of AAIT from literature on a standard set of subjects and utilizing a common set of evaluation metrics. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2010 journal article

Agile software development methodologies and practices

Advances in Computers, Vol 80, 80, 1–44.

By: L. Williams

Source: NC State University Libraries
Added: August 6, 2018

2010 article

Guest editorial: Special issue on software reliability engineering

Williams, L. (2010, April 25). Empirical Software Engineering.

By: L. Williams n

topics (OpenAlex): Software Reliability and Analysis Research
TL;DR: This special issue of the Empirical Software Engineering journal is devoted to four papers selected from the 19th International Symposium on Software Reliability Engineering (ISSRE) that was held in Redmond, Washington on the Microsoft campus in 2008 due to the quality, novelty, and sound empirical analysis of the papers. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2010 chapter

Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks

In F. Massacci, D. Wallach, & N. Zannone (Eds.), Engineering Secure Software and Systems. ESSoS 2010 (pp. 192–200).

By: B. Smith n, L. Williams n & A. Austin n

Ed(s): F. Massacci, D. Wallach & N. Zannone

topics (OpenAlex): Web Application Security Vulnerabilities; Security and Verification in Computing; Software Reliability and Analysis Research
TL;DR: Although no SQL injection vulnerabilities were discovered, the results suggest that security testers who use an iterative, test-driven development process should compose system level rather than unit level tests. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: Crossref
Added: August 14, 2021

2010 conference paper

Idea: Using system level testing for revealing SQL injection-related error message information leaks

Engineering secure software and systems, proceedings, 5965, 192–200.

By: B. Smith, L. Williams & A. Austin

Source: NC State University Libraries
Added: August 6, 2018

2010 article

Protection Poker: The New Software Security "Game";

Williams, L., Meneely, A., & Shipley, G. (2010, March 19). IEEE Security & Privacy.

By: L. Williams n, A. Meneely n & G. Shipley*

topics (OpenAlex): Information and Cyber Security; Software Engineering Research; Software Reliability and Analysis Research
TL;DR: The Protection Poker "game" is a collaborative means for guiding this prioritization of security fortification efforts and has the potential to improve software security practices and team software security knowledge. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2009 chapter

Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer

In F. Massacci, S. T. Redwine, & N. Zannone (Eds.), Engineering Secure Software and Systems. ESSoS 2009 (pp. 122–134).

By: L. Williams n, M. Gegick n & A. Meneely n

Ed(s): F. Massacci, S. Redwine & N. Zannone

topics (OpenAlex): Information and Cyber Security; Software Engineering Research; Software Reliability and Analysis Research
TL;DR: The Protection Poker activity is proposed as a collaborative and informal form of misuse case development and threat modeling that plays off the diversity of knowledge and perspective of the participants and lead to a more effective software security learning experience. (via Semantic Scholar)
Source: Crossref
Added: August 14, 2021

2009 article

Secure open source collaboration

Meneely, A., & Williams, L. (2009, November 9).

By: A. Meneely n & L. Williams n

topics (OpenAlex): Software Engineering Research; Information and Cyber Security; Open Source Software Innovations
TL;DR: This study examines the security of an open source project in the context of developer collaboration by analyzing version control logs and quantifying notions of Linus' Law as well as the "too many cooks in the kitchen" viewpoint into developer activity metrics. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: NC State University Libraries
Added: August 6, 2018

2009 article

Should software testers use mutation analysis to augment a test set?

Smith, B. H., & Williams, L. (2009, June 25). Journal of Systems and Software.

By: B. Smith n & L. Williams n

author keywords: Mutation testing; Empirical effectiveness; User study; Mutation analysis; Test adequacy; Web application; Open source; Unit testing; Mutation testing tool
topics (OpenAlex): Software Testing and Debugging Techniques; Software Reliability and Analysis Research; Software Engineering Research
TL;DR: It is shown that mutation analysis can be used by software testers to effectively produce new test cases and to improve statement coverage scores in a feasible amount of time and that the choice of mutation tool and operator set can play an important role in determining how efficient mutation analysis is for producing newtest cases. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2009 chapter

Toward Non-security Failures as a Predictor of Security Faults and Failures

In F. Massacci, S. T. Redwine, & N. Zannone (Eds.), Engineering Secure Software and Systems. ESSoS 2009. (pp. 135–149).

By: M. Gegick n, P. Rotella* & L. Williams n

Ed(s): F. Massacci, S. Redwine & N. Zannone

topics (OpenAlex): Software Engineering Research; Software Reliability and Analysis Research; Software System Performance and Reliability
TL;DR: It is found that 57% of the vulnerable components were in the top nine percent of the total component ranking, but with a 48% false positive rate, indicating that non-security failures can be used as one of the input variables for security-related prediction models. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
12. Responsible Consumption and Production (OpenAlex)
Source: Crossref
Added: August 14, 2021

2008 journal article

Addressing diverse needs through a balance of agile and plan-driven software development methodologies in the core software engineering course

International Journal of Engineering Education, 24(4), 659–670.

By: L. Layman, L. Williams, K. Slaten, S. Berenson & M. Vouk

Source: NC State University Libraries
Added: August 6, 2018

2008 article

On automated prepared statement generation to remove SQL injection vulnerabilities

Thomas, S., Williams, L., & Xie, T. (2008, September 29). Information and Software Technology.

By: S. Thomas n, L. Williams n & T. Xie n

author keywords: SQL injection; Prepared statement; Fix automation
topics (OpenAlex): Web Application Security Vulnerabilities; Security and Verification in Computing; Information and Cyber Security
TL;DR: An algorithm of prepared statement replacement for removing SQLIVs by replacing SQL statements with prepared statements is presented and a corresponding tool for automated fix generation is created. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2008 article

On guiding the augmentation of an automated test suite via mutation analysis

Smith, B. H., & Williams, L. (2008, August 20). Empirical Software Engineering.

By: B. Smith n & L. Williams n

author keywords: Mutation testing; Line coverage; Fault injection; Empirical effectiveness; Test case augmentation; Mutation analysis; Mutation testing tool; Statement coverage; Test adequacy; Web application; Open source; Unit testing
topics (OpenAlex): Software Testing and Debugging Techniques; Software Engineering Research; Software Reliability and Analysis Research
TL;DR: An empirical study of the use of mutation analysis on two open source projects indicates that a focused effort on increasing mutation score leads to a corresponding increase in line and branch coverage to the point that line coverage, branch coverage and mutation score reach a maximum but leave some types of code structures uncovered. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2008 article

Realizing quality improvement through test driven development: results and experiences of four industrial teams

Nagappan, N., Maximilien, E. M., Bhat, T., & Williams, L. (2008, February 26). Empirical Software Engineering.

By: N. Nagappan*, E. Maximilien*, T. Bhat* & L. Williams n

author keywords: test driven development; empirical study; defects/faults; development time
topics (OpenAlex): Software Engineering Research; Software Engineering Techniques and Practices; Software Testing and Debugging Techniques
TL;DR: Case studies were conducted with three development teams at Microsoft and one at IBM that have adopted TDD and indicate that the pre-release defect density of the four products decreased between 40% and 90% relative to similar projects that did not use the TDD practice. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2007 chapter

Industry-Research Collaboration Working Group Results

In V. R. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl, & R. W. Selby (Eds.), Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 153–157).

By: L. Prechelt & L. Williams*

Ed(s): V. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl & R. Selby

topics (OpenAlex):
TL;DR: The agreed-upon deliverable from this session was for a subset of the group to submit a longer version of this report to IEEE Software or the Empirical Software Engineering journal as a set of guidelines. (via Semantic Scholar)
Source: Crossref
Added: September 18, 2021

2007 chapter

Roadmapping Working Group 4 Results

In V. R. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl, & R. W. Selby (Eds.), Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 181–183).

By: L. Williams*, H. Erdogmus & R. Selby

Ed(s): V. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl & R. Selby

topics (OpenAlex): Software Engineering Research; Software Engineering Techniques and Practices
TL;DR: The group carefully considered the factors involved with the maturity of the field of Empirical Software Engineering and found that the progress to move linearly along an axis is not proportional to the amount of work that must take place. (via Semantic Scholar)
Source: Crossref
Added: September 18, 2021

2007 chapter

Structuring Families of Industrial Case Studies

In V. R. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl, & R. W. Selby (Eds.), Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 134–134).

By: L. Williams*

Ed(s): V. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl & R. Selby

topics (OpenAlex): Software Engineering Techniques and Practices; Software Engineering Research; Open Source Software Innovations
TL;DR: Groups of researchers interested in the same research question(s) can customize and evolve an evaluation framework for the technology under study, which consists of templates for specific quantitative measures to collect with associated instructions on what to include/exclude for consistent measurement collection. (via Semantic Scholar)
Source: Crossref
Added: August 14, 2021

2006 article

Essential communication practices for Extreme Programming in a global software development team

Layman, L., Williams, L., Damian, D., & Bures, H. (2006, March 10). Information and Software Technology.

By: L. Layman n, L. Williams n, D. Damian* & H. Bures

author keywords: global software development; Extreme Programming; case study
topics (OpenAlex): Software Engineering Techniques and Practices; Software Engineering Research; Systems Engineering Methodologies and Applications
TL;DR: An industrial case study of a distributed team in the USA and the Czech Republic that used Extreme Programming suggests that, if critical enabling factors are addressed, methodologies dependent on informal communication can be used on global software development projects. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2006 article

Motivations and measurements in an agile case study

Layman, L., Williams, L., & Cunningham, L. (2006, August 3). Journal of Systems Architecture.

By: L. Layman n, L. Williams n & L. Cunningham*

author keywords: software engineering; case study; agile software development; extreme programming
topics (OpenAlex): Software Engineering Techniques and Practices; Software Engineering Research; Software System Performance and Reliability
Source: Web Of Science
Added: August 6, 2018

2006 article

On the design of more secure software-intensive systems by use of attack patterns

Gegick, M., & Williams, L. (2006, August 7). Information and Software Technology.

By: M. Gegick n & L. Williams n

author keywords: software and system safety; patterns
topics (OpenAlex): Software Engineering Research; Information and Cyber Security; Advanced Software Engineering Methodologies
TL;DR: Regular expression-based attack patterns that show the sequential events that occur during an attack are created by creating a Security Analysis for Existing Threats (SAFE-T), a architectural analysis that identifies security vulnerabilities early in the software process. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2006 article

On the value of static analysis for fault detection in software

Zheng, J., Williams, L., Nagappan, N., Snipes, W., Hudepohl, J. P., & Vouk, M. A. (2006, April 1). IEEE Transactions on Software Engineering.

By: J. Zheng n, L. Williams n, N. Nagappan*, W. Snipes*, J. Hudepohl* & M. Vouk n

author keywords: code inspections; walkthroughs
topics (OpenAlex): Software Engineering Research; Software Reliability and Analysis Research; Software Testing and Debugging Techniques
Source: Web Of Science
Added: August 6, 2018

2004 conference paper

On understanding compatibility of student pair programmers

Proceedings of the 35th SIGCSE technical symposium on Computer science education - SIGCSE '04. Presented at the the 35th SIGCSE technical symposium.

By: N. Katira n, L. Williams n, E. Wiebe n, C. Miller n, S. Balik n & E. Gehringer n

topics (OpenAlex): Teaching and Learning Programming; Software Engineering Techniques and Practices; Software Testing and Debugging Techniques
TL;DR: It is found that the students' perception of their partner's skill level has a significant influence on their compatibility, and students' self-esteem does not appear to be a major contributor to pair compatibility. (via Semantic Scholar)
Sources: NC State University Libraries, Crossref, NC State University Libraries
Added: August 6, 2018

2003 article

A structured experiment of test-driven development

George, B., & Williams, L. (2003, October 29). Information and Software Technology.

By: B. George* & L. Williams n

author keywords: software engineering; test driven development; extreme programming; agile methodologies
topics (OpenAlex): Software Engineering Research; Software Engineering Techniques and Practices; Software Testing and Debugging Techniques
TL;DR: Experimental results tend to indicate that TDD programmers produce higher quality code because they passed 18% more functional black-box test cases and took 16% more time, which supports the perception thatTDD has the potential for increasing the level of unit testing in the software industry. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2003 article

Pair Learning: With an Eye Toward Future Success

Nagappan, N., Williams, L., Wiebe, E., Miller, C., Balik, S., Ferzli, M., & Petlick, J. (2003, January 1). Lecture Notes in Computer Science, Vol. 2753, pp. 185–198.

By: N. Nagappan n, L. Williams n, E. Wiebe n, C. Miller n, S. Balik n, M. Ferzli n, J. Petlick n

Ed(s):

topics (OpenAlex): Software Engineering Techniques and Practices; Teaching and Learning Programming; Open Source Software Innovations
TL;DR: An experiment was run at North Carolina State University to assess the efficacy of pair programming as an alternative educational technique in an introductory programming course and found that the retention rate of the students in the introductory programming courses is equal to or better than that of theStudents in the solo programming courses. (via Semantic Scholar)
Sources: NC State University Libraries, NC State University Libraries
Added: August 6, 2018

2003 journal article

The Economics of Software Development by Pair Programmers

The Engineering Economist, 48(4), 283–319.

By: H. Erdogmus* & L. Williams n

topics (OpenAlex): Software Engineering Research; Open Source Software Innovations; Software Engineering Techniques and Practices
TL;DR: A comparative economic evaluation that strengthens the case for pair programming and recommends that organizations engaged in software development consider adopting pair programming as a practice that could improve their bottom line. (via Semantic Scholar)
Source: Crossref
Added: September 18, 2021

2003 article

The xp programmer: the few-minutes programmer

Williams, L. (2003, May 1). IEEE Software.

By: L. Williams n

topics (OpenAlex): Experimental Learning in Engineering
Source: Web Of Science
Added: August 6, 2018

2002 report

Distributed Pair Programming: Empirical Studies and Supporting Environments

(pp. TR02–010). Chapel Hill, NC: Dept. of Computer Science, University of North Carolina.

By: P. Baheti, L. Williams, E. Gehringer, D. Stotts & J. Smith

Source: NC State University Libraries
Added: August 6, 2018

2002 book

Extreme programming and agile methods XP/Agile Universe 2002 : Second XP Universe and First Agile Universe Conference, Chicago, IL, USA, August 4-7, 2002 : proceedings

Berlin ;|aNew York: Springer.

Laurie Williams

Source: NC State University Libraries
Added: August 6, 2018

2002 article

In Support of Pair Programming in the Introductory Computer Science Course

Williams, L., Wiebe, E., Yang, K., Ferzli, M., & Miller, C. (2002, September 1). Computer Science Education, Vol. 12, pp. 197–212.

By: L. Williams*, E. Wiebe*, K. Yang*, M. Ferzli* & C. Miller n

topics (OpenAlex): Teaching and Learning Programming; Software Engineering Techniques and Practices; Innovative Teaching and Learning Methods
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
4. Quality Education (OpenAlex)
Sources: NC State University Libraries, NC State University Libraries
Added: August 6, 2018

2002 journal article

Integrating Agile Practices into Software Engineering Courses

Computer Science Education, 12(3), 169–185.

By: G. Hislop, M. Lutz, J. Naveda, W. McCracken, N. Mead & L. Williams*

topics (OpenAlex): Software Engineering Techniques and Practices; Software Engineering Research; Software Testing and Debugging Techniques
Source: Crossref
Added: September 18, 2021

2002 personal communication

Letters - Try it, you'll like it

By: L. Williams

Source: NC State University Libraries
Added: August 6, 2018

2002 conference paper

Pair programming in an introductory computer science course: Initial results and recommendations

OOPSLA 2002: 17th ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications : conference proceedings: November 4-8, 2002, Washington State Convention and Trade Center, Seattle, Washington, USA. New York, NY: ACM Press.

By: L. Williams, K. Yang, E. Wiebe, M. Ferzli & C. Miller

Source: NC State University Libraries
Added: August 6, 2018

2002 article

Teaching PSP: challenges and lessons learned

Borstler, J., Carrington, D., Hislop, G. W., Lisack, S., Olson, K., & Williams, L. (2002, September 1). IEEE Software.

By: J. Borstler*, D. Carrington*, G. Hislop*, S. Lisack*, K. Olson* & L. Williams n

topics (OpenAlex): Software Engineering Techniques and Practices; Software Engineering Research; Software Testing and Debugging Techniques
TL;DR: Five universities used the personal software process to teach software engineering concepts in a variety of contexts to help students learn about the size and complexity of modern software systems and the techniques available for managing these difficulties. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
4. Quality Education (OpenAlex)
Source: Web Of Science
Added: August 6, 2018

2001 journal article

Experiments with Industry's “Pair-Programming” Model in the Computer Science Classroom

Computer Science Education, 11(1), 7–20.

By: L. Williams n & R. Kessler*

topics (OpenAlex): Software Engineering Techniques and Practices; Teaching and Learning Programming; Open Source Software Innovations
Source: Crossref
Added: September 18, 2021

2000 article

Strengthening the case for pair programming

Williams, L., Kessler, R. R., Cunningham, W., & Jeffries, R. (2000, January 1). IEEE Software.

By: L. Williams n, R. Kessler*, W. Cunningham & R. Jeffries

topics (OpenAlex): Software Engineering Techniques and Practices; Software Engineering Research; Software Testing and Debugging Techniques
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
4. Quality Education (Web of Science)
Source: Web Of Science
Added: August 6, 2018

Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.

Certain data included herein are derived from the Web of Science© and InCites© (2026) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.