Works (114)

Updated: October 26th, 2024 05:02

2024 journal article

A Survey on Software Vulnerability Exploitability Assessment

ACM COMPUTING SURVEYS, 56(8).

By: S. Elder n, M. Rahman n, G. Fringer n, K. Kapoor n & L. Williams n

author keywords: Exploitability; software vulnerability
Source: Web Of Science
Added: June 11, 2024

2024 article

Just another copy and paste? Comparing the security vulnerabilities of ChatGPT generated code and StackOverflow answers

PROCEEDINGS 45TH IEEE SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS, SPW 2024, pp. 87–94.

By: S. Hamer n, M. d'Amorim n & L. Williams n

author keywords: Software Engineering Security; Empirical Study; Large Language Models; Software Supply Chain; Code Generation
Sources: Web Of Science, NC State University Libraries
Added: August 26, 2024

2024 article

MalwareBench: Malware samples are not enough

2024 IEEE/ACM 21ST INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES, MSR, pp. 728–732.

By: N. Zahan n, P. Burckhardt, M. Lysenko, F. Aboukhadijeh & L. Williams n

author keywords: Software Engineering Security; Software Supply Chain; Software Supply Chain Security; npm and PyPI Ecosystems; Malicious Packages; Benchmark Dataset
Sources: Web Of Science, ORCID, NC State University Libraries
Added: July 8, 2024

2024 journal article

Narrowing the Software Supply Chain Attack Vectors: The SSDF Is Wonderful but not Enough

IEEE SECURITY & PRIVACY, 22(2), 4–7.

By: L. Williams n

Source: Web Of Science
Added: April 22, 2024

2024 journal article

Paving a Path for a Combined Family of Feature Toggle and Configuration Option Research

ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 33(7).

author keywords: Feature toggle; configuration option; software configuration; Software engineering
Source: Web Of Science
Added: October 21, 2024

2023 review

Are Your Dependencies Code Reviewed?: Measuring Code Review Coverage in Dependency Updates

[Review of ]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 49(11), 4932–4945.

By: N. Imtiaz n & L. Williams n

author keywords: Codes; Phantoms; Software; Software development management; Source coding; Security; Supply chains; Software supply chain security; open source security; dependency analysis
TL;DR: Depdive, an update audit tool for packages in Crates.io, npm, PyPI, and RubyGems registry, is implemented and it is found that phantom artifacts are not uncommon in the updates, indicating that even the most used packages can introduce non-reviewed code in the software supply chain. (via Semantic Scholar)
Source: Web Of Science
Added: December 18, 2023

2023 article

Do Software Security Practices Yield Fewer Vulnerabilities?

2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE, ICSE-SEIP, pp. 292–303.

By: N. Zahan n, S. Shohan n, D. Harris n & L. Williams n

TL;DR: Five supervised machine learning models for npm and PyPI packages were developed using the OpenSSF Scorecard security practices scores and aggregate security scores as predictors and the number of externally-reported vulnerabilities as a target variable, finding that four security practices were the most important practices influencing vulnerability count. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries
Added: August 21, 2023

2023 journal article

OpenSSF Scorecard: On the Path Toward Ecosystem-Wide Automated Security Metrics

IEEE SECURITY & PRIVACY, 21(6), 76–88.

By: N. Zahan n, P. Kanakiya*, B. Hambleton n, S. Shohan* & L. Williams n

author keywords: Security; Software measurement; Software development management; Open source software; Ecosystems; Task analysis; Standards
TL;DR: This study evaluates the applicability of the Scorecard tool and compares the security practices and gaps in the npm and PyPI ecosystems. (via Semantic Scholar)
UN Sustainable Development Goal Categories
15. Life on Land (OpenAlex)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: February 11, 2024

2023 article

SecretBench: A Dataset of Software Secrets

2023 IEEE/ACM 20TH INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES, MSR, pp. 347–351.

By: S. Basak n, L. Neil n, B. Reaves n & L. Williams n

TL;DR: The goal of this paper is to aid researchers and tool developers in evaluating and improving secret detection tools by curating a benchmark dataset of secrets through a systematic collection of secrets from open-source repositories. (via Semantic Scholar)
Source: Web Of Science
Added: September 5, 2023

2023 article

Software Supply Chain Security

Massacci, F., & Williams, L. (2023, November). IEEE SECURITY & PRIVACY, Vol. 21, pp. 8–10.

By: F. Massacci* & L. Williams n

author keywords: Special issues and sections; Computer security; Supply chain management; Software
Source: Web Of Science
Added: February 26, 2024

2023 journal article

What Are the Attackers Doing Now? Automating Cyberthreat Intelligence Extraction from Text on Pace with the Changing Threat Landscape: A Survey

ACM COMPUTING SURVEYS, 55(12).

By: M. Rahman n, R. Hezaveh n & L. Williams n

author keywords: Cyberthreat intelligence; CTI extraction; CTI mining; IoC extraction; TTPs; extraction; attack pattern extraction; threat reports; tactical threat intelligence; technical threat intelligence
TL;DR: The goal of this article is to aid cybersecurity researchers in understanding the current techniques used for cyberthreat intelligence extraction from text through a survey of relevant studies in the literature, finding 11 types of extraction purposes and 7 types of textual sources for CTI extraction. (via Semantic Scholar)
Source: Web Of Science
Added: April 24, 2023

2023 article

What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts?

2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ICSE, pp. 1635–1647.

By: S. Basak n, L. Neil n, B. Reaves n & L. Williams n

TL;DR: The findings indicate that the same solution has been mentioned to mitigate multiple challenges, and an increasing trend in questions lacking accepted solutions substantiating the need for future research and tool automation on managing secrets. (via Semantic Scholar)
Source: Web Of Science
Added: September 5, 2023

2022 article

Dazzle: Using Optimized Generative Adversarial Networks to Address Security Data Class Imbalance Issue

2022 MINING SOFTWARE REPOSITORIES CONFERENCE (MSR 2022), pp. 144–155.

By: R. Shu n, T. Xia n, L. Williams n & T. Menzies n

author keywords: Security Vulnerability Prediction; Class Imbalance; Hyperparameter Optimization; Generative Adversarial Networks
TL;DR: The use of optimized GANs are suggested as an alternative method for security vulnerability data class imbalanced issues and further help build better prediction models with resampled datasets. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries
Added: September 19, 2022

2022 journal article

Do I really need all this work to find vulnerabilities? An empirical case study comparing vulnerability detection techniques on a Java application

EMPIRICAL SOFTWARE ENGINEERING, 27(6).

By: S. Elder n, N. Zahan n, R. Shu n, M. Metro n, V. Kozarev n, T. Menzies n, L. Williams n

author keywords: Vulnerability Management; Web Application Security; Penetration Testing; Vulnerability Scanners
TL;DR: The goal of this research is to assist managers and other decision-makers in making informed choices about the use of software vulnerability detection techniques through an empirical study of the efficiency and effectiveness of four techniques on a Java-based web application. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 22, 2022

2022 article

Exploring the Shift in Security Responsibility

Weir, C., Migues, S., & Williams, L. (2022, March 9). IEEE SECURITY & PRIVACY.

By: C. Weir*, S. Migues* & L. Williams n

author keywords: Security; Software; Companies; Satellites; Standards organizations; Data models; Training
Source: Web Of Science
Added: March 28, 2022

2022 journal article

Feature toggles as code: Heuristics and metrics for structuring feature toggles

INFORMATION AND SOFTWARE TECHNOLOGY, 145.

By: R. Mahdavi-Hezaveh n, N. Ajmeri* & L. Williams n

author keywords: Feature toggle; Continuous integration; Continuous development; Open source repository; Heuristic; Metric
TL;DR: This research proposes 7 heuristics to guide structuring feature toggles in the codebase by proposing and evaluating a set of heuristics and corresponding complexity, comprehensibility, and maintainability metrics based upon an empirical study of open source repositories. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: May 2, 2022

2022 journal article

Open or Sneaky? Fast or Slow? Light or Heavy?: Investigating Security Releases of Open Source Packages

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 49(4), 1540–1560.

By: N. Imtiaz n, A. Khanom n & L. Williams n

author keywords: Security; Codes; Delays; Ecosystems; Databases; Semantics; Supply chains; Empirical study; open source security; supply chain security
TL;DR: The time lag between fix and release, how security fixes are documented in the release notes; code change characteristics (size and semantic versioning) of the release; and the time lagBetween the release and an advisory publication for security releases are studied over a dataset of 4,377 security advisories across seven package ecosystems. (via Semantic Scholar)
UN Sustainable Development Goal Categories
10. Reduced Inequalities (OpenAlex)
Source: Web Of Science
Added: May 30, 2023

2022 journal article

Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations

IEEE SECURITY & PRIVACY, 20(2), 96–100.

By: W. Enck n & L. Williams n

TL;DR: Three summits are held with a diverse set of organizations and the top five challenges in software supply chain security are reported on. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: May 31, 2022

2022 article

What are Weak Links in the npm Supply Chain?

2022 ACM/IEEE 44TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE (ICSE-SEIP 2022), pp. 331–340.

By: N. Zahan n, T. Zimmermann*, P. Godefroid*, B. Murphy*, C. Maddila* & L. Williams n

author keywords: Software Ecosystem; Supply Chain Security; npm; Weak link Signal
TL;DR: The metadata of 1.63 million JavaScript npm packages was analyzed and six signals of security weaknesses in a software supply chain, such as the presence of install scripts, maintainer accounts associated with an expired email domain, and inactive packages with inactive maintainers were proposed. (via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: September 19, 2022

2022 article

What are the Practices for Secret Management in Software Artifacts?

2022 IEEE SECURE DEVELOPMENT CONFERENCE (SECDEV 2022), pp. 69–76.

By: S. Basak n, L. Neil n, B. Reaves n & L. Williams n

author keywords: secret management; practices; empirical study; grey literature; secure development
TL;DR: The goal of this paper is to aid practitioners in avoiding the exposure of secrets by identifying secret management practices in software artifacts through a systematic derivation of practices disseminated in Internet artifacts. (via Semantic Scholar)
Source: Web Of Science
Added: February 20, 2023

2022 journal article

Why secret detection tools are not enough: It's not just about false positives-An industrial case study

EMPIRICAL SOFTWARE ENGINEERING, 27(3).

By: M. Rahman n, N. Imtiaz n, M. Storey* & L. Williams n

author keywords: Secret detection tool; Hardcoded secrets; Secrets in repositories; Credentials in repositories
TL;DR: It is found that, despite developers classified 50% of the warning as false positive, developers also bypassed the warning due to time constraints, working with non-shipping projects, technical challenges of eliminating secrets completely from the version control history, technical debts, and perceptions that check-ins are low risk. (via Semantic Scholar)
Source: Web Of Science
Added: April 4, 2022

2021 journal article

Different Kind of Smells: Security Smells in Infrastructure as Code Scripts

IEEE SECURITY & PRIVACY, 19(3), 33–41.

By: A. Rahman* & L. Williams n

TL;DR: This article summarizes the recent research findings related to infrastructure as code (IaC) scripts, where 67,801 occurrences of security smells that include 9,175 hard-coded passwords are identified. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: June 10, 2021

2021 journal article

How to Better Distinguish Security Bug Reports (Using Dual Hyperparameter Optimization)

EMPIRICAL SOFTWARE ENGINEERING, 26(3).

By: R. Shu, T. Xia, J. Chen, L. Williams & T. Menzies

author keywords: Hyperparameter Optimization; Data pre-processing; Security bug report
TL;DR: The SWIFT’s dual optimization of both pre-processor and learner is more useful than optimizing each of them individually, and this approach can quickly optimize models that achieve better recalls than the prior state-of-the-art. (via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: May 3, 2021

2021 article

Infiltrating Security into Development: Exploring the World' Largest Software Security Study

PROCEEDINGS OF THE 29TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE '21), pp. 1326–1336.

By: C. Weir, S. Migues, M. Ware & L. Williams

author keywords: Software engineering; Software security; Developer centered security; Software security group; Secure software development lifecycle; SDLC; DevSecOps
Source: Web Of Science
Added: March 7, 2022

2021 journal article

Omni: automated ensemble with unexpected models against adversarial evasion attack

EMPIRICAL SOFTWARE ENGINEERING, 27(1).

By: R. Shu n, T. Xia n, L. Williams n & T. Menzies n

author keywords: Hyperparameter optimization; Ensemble defense; Adversarial evasion attack
TL;DR: Omni is a promising approach as a defense strategy against adversarial attacks when compared with other baseline treatments, and it is suggested to create ensemble with unexpected models that are distant from the attacker’s expected model through methods such as hyperparameter optimization. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: December 6, 2021

2021 journal article

Security Smells in Ansible and Chef Scripts: A Replication Study

ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 30(1).

By: A. Rahman*, M. Rahman n, C. Parnin n & L. Williams n

TL;DR: This article identifies two security smells not reported in prior work: missing default in case statement and no integrity check and recommends practitioners to rigorously inspect the presence of the identified security smells in Ansible and Chef scripts using code review, and static analysis tools. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: March 8, 2021

2021 journal article

Software development with feature toggles: practices used by practitioners

EMPIRICAL SOFTWARE ENGINEERING, 26(1).

By: R. Mahdavi-Hezaveh n, J. Dremann n & L. Williams n

author keywords: Continuous integration; Continuous delivery; Feature toggle; Practice
TL;DR: The feature toggle development practices discovered and enumerated in this work can help practitioners more effectively use feature toggles and can enable future mining of code repositories to automatically identify feature toggle practices. (via Semantic Scholar)
Source: Web Of Science
Added: February 8, 2021

2021 article

Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard

2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: JOINT TRACK ON SOFTWARE ENGINEERING EDUCATION AND TRAINING (ICSE-JSEET 2021), pp. 95–104.

By: S. Elder n, N. Zahan n, V. Kozarev n, R. Shu n, T. Menzies n & L. Williams n

author keywords: Security and Protection; Computer and Information Science Education; Industry-Standards
TL;DR: A theme of the course assignments was to map vulnerability discovery to the security controls of the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS), and this mapping may have increased students' depth of understanding of a wider range of security topics. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: November 1, 2021

2020 article

A Literature Review on Mining Cyberthreat Intelligence from Unstructured Texts

20TH IEEE INTERNATIONAL CONFERENCE ON DATA MINING WORKSHOPS (ICDMW 2020), pp. 516–525.

By: M. Rahman n, R. Mahdavi-Hezaveh n & L. Williams n

TL;DR: It is found that the most prominent sources of unstructured threat data are the threat reports, Twitter feeds, and posts from hackers and security experts, and natural language processing (NLP) based approaches: topic classification; keyword identification; and semantic relationship extraction among the keywords are mostly availed in the selected studies to mine CTI information from un Structured threat sources. (via Semantic Scholar)
Source: Web Of Science
Added: July 12, 2021

2020 article

Gang of Eight: A Defect Taxonomy for Infrastructure as Code Scripts

2020 ACM/IEEE 42ND INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2020), pp. 752–764.

By: A. Rahman*, E. Farhana n, C. Parnin n & L. Williams n

author keywords: bug; category; configuration as code; configuration scripts; defect; devops; infrastructure as code; puppet; software quality; taxonomy
TL;DR: A taxonomy of IaC defects is developed by applying qualitative analysis on 1,448 defect-related commits collected from open source software (OSS) repositories of the Openstack organization and the quantified frequency of the defect categories may help in advancing the science of IAC script quality. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: June 21, 2021

2020 journal article

The 'as code' activities: development anti-patterns for infrastructure as code

EMPIRICAL SOFTWARE ENGINEERING, 25(5), 3430–3467.

By: A. Rahman*, E. Farhana n & L. Williams n

author keywords: Anti-pattern; Bugs; Configuration script; Continuous deployment; Defect; Devops; Infrastructure as code; Practice; Puppet; Quality
TL;DR: Five development anti-patterns of infrastructure as code (IaC) scripts, namely, ‘boss is not around’, “many cooks spoil”, � ‘minors are spoiler‚, ’silos‚ and ‘unfocused contribution’ are identified. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: September 7, 2020

2019 journal article

Better together: Comparing vulnerability prediction models

INFORMATION AND SOFTWARE TECHNOLOGY, 119.

By: C. Theisen n & L. Williams n

author keywords: Security; Vulnerabilities; Prediction model; Software engineering
TL;DR: This paper compares VPMs on Mozilla Firefox with 28,750 source code files featuring 271 vulnerabilities using software metrics, text mining, and crash data to help security practitioners and researchers choose appropriate features for vulnerability prediction through a comparison of Vulnerability Prediction Models. (via Semantic Scholar)
Source: Web Of Science
Added: March 2, 2020

2019 article

How Do Developers Act on Static Analysis Alerts? An Empirical Study of Coverity Usage

2019 IEEE 30TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE), pp. 323–333.

By: N. Imtiaz n, B. Murphy* & L. Williams n

author keywords: static analysis; tools; alerts; warnings; developer action
TL;DR: The goal of this paper is to aid researchers and tool makers in improving the utility of static analysis tools through an empirical study of developer action on the alerts detected by Coverity, a state-of-the-art static analysis tool. (via Semantic Scholar)
Source: Web Of Science
Added: July 13, 2020

2019 journal article

Improving Vulnerability Inspection Efficiency Using Active Learning

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 47(11), 2401–2420.

By: Z. Yu n, C. Theisen*, L. Williams n & T. Menzies n

author keywords: Inspection; Software; Tools; Security; Predictive models; Error correction; NIST; Active learning; security; vulnerabilities; software engineering; error correction
TL;DR: HARMLESS is an incremental support vector machine tool that builds a vulnerability prediction model from the source code inspected to date, then suggests what source code files should be inspected next, then provides feedback on when to stop. (via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: November 12, 2021

2019 article

Share, But Be Aware: Security Smells in Python Gists

2019 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE AND EVOLUTION (ICSME 2019), pp. 536–540.

By: M. Rahman n, A. Rahman* & L. Williams n

author keywords: GitHub; Gist; Python; Security; Security Smell; Static Analysis; Software Security
TL;DR: This paper finds 13 types of security smells with 4,403 occurrences in 5,822 publicly-available Python Gists and finds no significance relation between the presence of these security smells and the reputation of the Gist author. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: Web Of Science
Added: April 14, 2020

2019 journal article

Source code properties of defective infrastructure as code scripts

INFORMATION AND SOFTWARE TECHNOLOGY, 112, 148–163.

By: A. Rahman n & L. Williams n

author keywords: Configuration as code; Continuous deployment; Defect prediction; Devops; Empirical study; Infrastructure as code; Puppet
TL;DR: This paper applies qualitative analysis on defect-related commits mined from open source software repositories to identify source code properties that correlate with defective IaC scripts and constructs defect prediction models using the identified properties. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: June 17, 2019

2019 article

The Seven Sins: Security Smells in Infrastructure as Code Scripts

2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2019), pp. 164–175.

By: A. Rahman n, C. Parnin n & L. Williams n

author keywords: devops; devsecops; empirical study; infrastructure as code; puppet; security; smell; static analysis
TL;DR: The goal of this paper is to help practitioners avoid insecure coding practices while developing infrastructure as code (IaC) scripts through an empirical study of security smells in IaC scripts. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: September 7, 2020

2018 journal article

A systematic mapping study of infrastructure as code research

INFORMATION AND SOFTWARE TECHNOLOGY, 108, 65–77.

By: A. Rahman n, R. Mandavi-Hezaveh & L. Williams n

author keywords: Devops; Configuration as code; Configuration script; Continuous deployment; Infrastructure as code; Software engineering; Systematic mapping study
TL;DR: The findings suggest that framework or tools is a well-studied topic in IaC research, as defects and security flaws can have serious consequences for the deployment and development environments in DevOps. (via Semantic Scholar)
Source: Web Of Science
Added: March 11, 2019

2018 article

Are Vulnerabilities Discovered and Resolved like Other Defects?

PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), pp. 498–498.

By: P. Morrison n, R. Pandita*, X. Xiao*, R. Chillarege* & L. Williams n

Source: Web Of Science
Added: January 21, 2019

2018 review

Attack surface definitions: A systematic literature review

[Review of ]. INFORMATION AND SOFTWARE TECHNOLOGY, 104, 94–103.

author keywords: Attack surface; Vulnerabilities; Software engineering; Systematic literature review
TL;DR: This systematic literature review reviewed 644 works from prior literature that use the phrase attack surface and categorized them into those that provided their own definition; cited another definition; or expected the reader to intuitively understand the phrase. (via Semantic Scholar)
Source: Web Of Science
Added: November 19, 2018

2018 article

Characterizing Defective Configuration Scripts Used for Continuous Deployment

2018 IEEE 11TH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION (ICST), pp. 34–45.

By: A. Rahman n & L. Williams n

TL;DR: This paper uses text mining techniques to extract text features from infrastructure as code (IaC) scripts and identifies three properties that characterize defective IaC scripts: filesystem operations, infrastructure provisioning, and managing user accounts. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: August 6, 2018

2018 article

Continuously Integrating Security

2018 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SECURITY AWARENESS FROM DESIGN TO DEPLOYMENT (SEAD), pp. 1–2.

By: L. Williams n

author keywords: Continuous deployment; software security; DevOps; DevSecOps
TL;DR: This short paper will describe the practices and environment used by these companies as they strive to develop secure and privacy-preserving products while making ultra-fast changes. (via Semantic Scholar)
Source: Web Of Science
Added: October 29, 2018

2018 article

Identifying Security Issues in Software Development: Are Keywords Enough?

PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING - COMPANION (ICSE-COMPANION, pp. 426–427.

By: P. Morrison n, T. Oyetoyan* & L. Williams n

author keywords: Security; vocabulary; classification model; CVE; Prediction
TL;DR: The goal of this research is to support researchers and practitioners in identifying security issues in software development project artifacts by defining and evaluating a systematic scheme for identifying project-specific security vocabularies that can be used for keyword-based classification. (via Semantic Scholar)
Source: Web Of Science
Added: December 3, 2018

2018 journal article

Mapping the field of software life cycle security metrics

INFORMATION AND SOFTWARE TECHNOLOGY, 102, 146–159.

By: P. Morrison n, D. Moye n, R. Pandita n & L. Williams n

author keywords: Metrics; Measurement; Security
TL;DR: The field of software life cycle security metrics has yet to converge on an accepted set of metrics, and the most-cited and most used metric, vulnerability count, has multiple definitions and operationalizations. (via Semantic Scholar)
Source: Web Of Science
Added: October 19, 2018

2018 article

Poster: Defect Prediction Metrics for Infrastructure as Code Scripts in DevOps

PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING - COMPANION (ICSE-COMPANION, pp. 414–415.

By: A. Rahman n, J. Stallings & L. Williams n

author keywords: Continuous Deployment; DevOps; Infrastructure as Code; Metrics
TL;DR: The goal of this paper is to help software practitioners in prioritizing their inspection efforts for infrastructure as code (IaC) scripts by proposing defect prediction model-related metrics, and applies Constructivist Grounded Theory on defect-related commits mined from version control systems to identify metrics suitable for IaC scripts. (via Semantic Scholar)
UN Sustainable Development Goal Categories
9. Industry, Innovation and Infrastructure (OpenAlex)
Source: Web Of Science
Added: December 3, 2018

2018 article

What Questions Do Programmers Ask About Configuration as Code?

PROCEEDINGS 2018 IEEE/ACM 4TH INTERNATIONAL WORKSHOP ON RAPID CONTINUOUS SOFTWARE ENGINEERING (RCOSE), pp. 16–22.

By: A. Rahman n, A. Partho, P. Morrison n & L. Williams n

author keywords: challenge; configuration as code; continuous deployment; devops; infrastructure as code; programming; puppet; question; stack over-flow
TL;DR: This paper extracts 2,758 Puppet-related questions asked by programmers from January 2010 to December 2016, posted on Stack Overflow, and applies qualitative analysis to identify the questions programmers ask about Puppet. (via Semantic Scholar)
Source: Web Of Science
Added: January 21, 2019

2017 journal article

Are vulnerabilities discovered and resolved like other defects?

EMPIRICAL SOFTWARE ENGINEERING, 23(3), 1383–1421.

By: P. Morrison n, R. Pandita n, X. Xiao, R. Chillarege & L. Williams n

author keywords: Software development; Measurement; Process improvement; Security; Orthogonal Defect Classification (ODC)
TL;DR: ODC + V was applied to classify 583 vulnerabilities and 583 defects across 133 releases of three open-source projects (Firefox, phpMyAdmin, and Chrome), indicating opportunities may exist for more efficient vulnerability detection and resolution. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2017 article

Highlights of the ACM Student Research Competition

Williams, L., & Baldwin, D. (2017, November). COMMUNICATIONS OF THE ACM, Vol. 60, pp. 5–5.

By: L. Williams n & D. Baldwin*

Source: Web Of Science
Added: August 6, 2018

2017 journal article

TMAP: Discovering relevant API methods through text mining of API documentation

Journal of Software: Evolution and Process, 29(12), e1845.

By: R. Pandita n, R. Jetley*, S. Sudarsan*, T. Menzies n & L. Williams n

author keywords: API documents; API mappings; text mining
TL;DR: Text mining based approach (TMAP) is proposed to discover relevant API mappings using text mining on the natural language API method descriptions to support software developers in migrating an application from a source API to a target API by automatically discovering relevant method mappings. (via Semantic Scholar)
Sources: Crossref, NC State University Libraries
Added: February 24, 2020

2017 article

The Rising Tide Lifts All Boats: The Advancement of Science in Cyber Security (Invited Talk)

ESEC/FSE 2017: PROCEEDINGS OF THE 2017 11TH JOINT MEETING ON FOUNDATIONS OF SOFTWARE ENGINEERING, pp. 1–1.

By: L. Williams n

author keywords: Systems security; Software and application security; Human and societal aspects of security and privacy; Trust frameworks
TL;DR: This talk will reflect on the structure of the collaborative research efforts of the Lablets, lessons learned in the transition to more scientific concepts to cybersecurity, research results in solving five hard security problems, and methods that are being used for the measurement of scientific progress of theLablet research. (via Semantic Scholar)
UN Sustainable Development Goal Categories
4. Quality Education (Web of Science)
10. Reduced Inequalities (Web of Science)
Source: Web Of Science
Added: August 6, 2018

2017 journal article

The Top 10 Adages in Continuous Deployment

IEEE SOFTWARE, 34(3), 86–95.

By: C. Parnin n, E. Helms*, C. Atlee, H. Boughton, M. Ghattas*, A. Glover*, J. Holman, J. Micco* ...

TL;DR: To understand the emerging practices surrounding continuous deployment, researchers facilitated a one-day Continuous Deployment Summit at the Facebook campus in July 2015, at which participants from 10 companies described how they used continuous deployment. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2017 journal article

Twist-3 Distribution Amplitudes of Pion in the Light-Front Quark Model

Few-Body Systems, 58(2).

By: H. Choi* & C. Ji n

Sources: Web Of Science, Crossref, NC State University Libraries
Added: August 6, 2018

2016 conference paper

ICON: Inferring temporal constraints from natural language API descriptions

32nd ieee international conference on software maintenance and evolution (icsme 2016), 378–388.

By: R. Pandita, K. Taneja, T. Tung & L. Williams

Source: NC State University Libraries
Added: August 6, 2018

2016 journal article

Identifying the implied: Findings from three differentiated replications on the use of security requirements templates

EMPIRICAL SOFTWARE ENGINEERING, 22(4), 2127–2178.

By: M. Riaz n, J. King n, J. Slankas n, L. Williams n, F. Massacci*, C. Quesada-Lopez*, M. Jenkins*

author keywords: Security requirements; Controlled experiment; Replication; Requirements engineering; Templates; Patterns; Automation
TL;DR: Qualitative findings indicate that participants may be able to differentiate between relevant and extraneous templates suggestions and be more inclined to fill in the templates with additional support, supporting the findings of the original study. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 6, 2018

2016 article

NANE: Identifying Misuse Cases Using Temporal Norm Enactments

2016 IEEE 24TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE), pp. 136–145.

By: O. Kafali n, M. Singh n & L. Williams n

Contributors: L. Williams n, O. Kafali n & M. Singh n

author keywords: Security requirements; sociotechnical systems
TL;DR: Nane is proposed, a formal framework for identifying misuse cases using a semiautomated process and it is demonstrated how Nane enables monitoring of potential misuses on a healthcare scenario. (via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: August 6, 2018

2016 article

Software Security in DevOps: Synthesizing Practitioners' Perceptions and Practices

INTERNATIONAL WORKSHOP ON CONTINUOUS SOFTWARE EVOLUTION AND DELIVERY, CSED 2016, pp. 70–76.

By: A. Rahman n & L. Williams n

author keywords: DevOps; security; software practices; survey
TL;DR: The goal of this paper is to aid software practitioners in integrating security and DevOps by summarizing experiences in utilizing security practices in a DevOps environment by analyzing a selected set of Internet artifacts. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2016 journal article

Stack traces reveal attack surfaces

Perspectives on Data Science for Software Engineering, 73–76.

By: C. Theisen & L. Williams

Source: NC State University Libraries
Added: August 6, 2018

2016 journal article

To log, or not to log: using heuristics to identify mandatory log events - a controlled experiment

EMPIRICAL SOFTWARE ENGINEERING, 22(5), 2684–2717.

By: J. King n, J. Stallings, M. Riaz n & L. Williams n

author keywords: Logging; User activity logs; Security; Controlled experiment; User study; Mandatory log events
TL;DR: The results indicate additional training and enforcement may be necessary to ensure subjects understand and consistently apply the assigned methods for identifying MLEs, as well as support security analysts in performing forensic analysis by evaluating the use of a heuristics-driven method for identifying mandatory log events. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries, ORCID
Added: August 6, 2018

2016 journal article

Towards characterization of photo-excited electron transfer and catalysis in natural and artificial systems using XFELs

FARADAY DISCUSSIONS, 194, 621–638.

MeSH headings : Catalysis; Crystallography, X-Ray; Electrons; Lasers; X-Rays
TL;DR: This work has developed methodology for simultaneously collecting X-ray diffraction data andX-ray emission spectra, using an energy dispersive spectrometer, at ambient conditions, and used this approach to study the room temperature structure and intermediate states of the photosynthetic water oxidizing metallo-protein, photosystem II. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries
Added: August 6, 2018

2016 conference paper

Tutorial: text analytics for security

Symposium and Bootcamp on the Science of Security, 124–125.

By: T. Xie & W. Enck

Source: NC State University Libraries
Added: August 6, 2018

2016 conference paper

systematically developing prevention, detection, and response patterns for security requirements

2016 IEEE 24th International Requirements Engineering Conference Workshops (REW), 62–67.

Maria Riaz; Sarah Elder; Laurie Williams

Source: NC State University Libraries
Added: August 6, 2018

2015 conference paper

Discovering likely mappings between APIs using text mining

Ieee international working conference on source code analysis and, 231–240.

By: R. Pandita n, R. Jetley*, S. Sudarsan* & L. Williams n

TL;DR: This paper proposes TMAP: Text Mining based approach to discover likely API mappings using the similarity in the textual description of the source and target API documents to address the shortcoming of manually writingAPI mappings. (via Semantic Scholar)
Source: NC State University Libraries
Added: August 6, 2018

2015 journal article

How have we evaluated software pattern application? A systematic mapping study of research design practices

INFORMATION AND SOFTWARE TECHNOLOGY, 65, 14–38.

By: M. Riaz n, T. Breaux* & L. Williams n

author keywords: Software pattern; Mapping study; Systematic review; Empirical evaluation; Empirical design
TL;DR: Establishing baselines for participants’ experience level, providing appropriate training, standardizing problem sets, and employing commonly used measures to evaluate performance can support replication and comparison of results across studies. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2015 article

Synthesizing Continuous Deployment Practices Used in Software Development

2015 AGILE CONFERENCE, pp. 1–10.

By: A. Ur Rahman, E. Helms n, L. Williams n & C. Parnin n

author keywords: agile; continuous deployment; continuous delivery; industry practices; internet artifacts; follow-up inquiries
TL;DR: It is observed that continuous deployment necessitates the consistent use of sound software engineering practices such as automated testing, automated deployment, and code review, which are used by software companies. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2014 chapter

Agile Software Development in Practice

In Lecture Notes in Business Information Processing (pp. 32–45).

By: M. Doyle*, L. Williams n, M. Cohn & K. Rubin*

TL;DR: Subject to sampling issues, successful teams report more positive results for agile practices with the most important practice being teams knowing their velocity. (via Semantic Scholar)
Source: Crossref
Added: January 5, 2021

2014 conference paper

Hidden in plain sight: Automatically identifying security requirements from natural language artifacts

2014 ieee 22nd international requirements engineering conference (re), 183–192.

By: M. Riaz n, J. King n, J. Slankas n & L. Williams n

TL;DR: A tool-assisted process that automatically identifies security-relevant sentences in natural language requirements artifacts and classifies them according to the security objectives, either explicitly stated or implied by the sentences. (via Semantic Scholar)
Sources: NC State University Libraries, NC State University Libraries, ORCID
Added: August 6, 2018

2014 article

On Coverage-Based Attack Profiles

2014 IEEE EIGHTH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY - COMPANION (SERE-C 2014), pp. 5–6.

By: A. Rivers n, M. Vouk n & L. Williams n

author keywords: security; coverage; models; attack; profile
TL;DR: A hypergeometric process model is presented that describes automated cyber attacks and web request signatures from the logs of a production web server were used to assess the applicability of the model. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2014 conference paper

Towards a framework to measure security expertise in requirements analysis

2014 IEEE 1st Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), 13–18.

By: H. Hibshi*, T. Breaux, M. Riaz n & L. Williams n

TL;DR: Preliminary results of analyzing two interviews reveal possible decision-making patterns that could characterize how analysts perceive, comprehend and project future threats which leads them to decide upon requirements and their specifications, in addition to how experts use assumptions to overcome ambiguity in specifications. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: NC State University Libraries
Added: August 6, 2018

2013 article

Access Control Policy Extraction from Unconstrained Natural Language Text

2013 ASE/IEEE INTERNATIONAL CONFERENCE ON SOCIAL COMPUTING (SOCIALCOM), pp. 435–440.

By: J. Slankas n & L. Williams n

author keywords: access control; documentation; machine learning; natural language processing; relation extraction; security
TL;DR: This research proposes a machine-learning based process to parse existing, unaltered natural language documents, such as requirement or technical specifications to extract the relevant subjects, actions, and resources for an access control policy. (via Semantic Scholar)
UN Sustainable Development Goal Categories
4. Quality Education (OpenAlex)
Source: Web Of Science
Added: August 6, 2018

2013 conference paper

Automated extraction of non-functional requirements in available documentation

2013 1st International Workshop on Natural Language Analysis in Software Engineering (NaturaLiSE), 9–16.

By: J. Slankas n & L. Williams n

TL;DR: To aid analysts in more effectively extracting relevant non-functional requirements in available unconstrained natural language documents through automated natural language processing, this research examines which document types contain NFRs categorized to 14 NFR categories. (via Semantic Scholar)
Source: NC State University Libraries
Added: August 6, 2018

2013 conference paper

Non-operational testing of software for security issues

2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), 21–22.

By: S. Subramani n, M. Vouk n & L. Williams n

TL;DR: This work combines “classical” reliability modeling, when applied to reported vulnerabilities found under “normal” operational profile conditions, with safety oriented fault management processes, with open source Fedora software. (via Semantic Scholar)
Source: NC State University Libraries
Added: August 6, 2018

2013 article

Proposing Regulatory-Driven Automated Test Suites

2013 AGILE CONFERENCE (AGILE), pp. 11–21.

By: P. Morrison n, C. Holmgreen n, A. Massey n & L. Williams n

author keywords: Behavior-Driven-Development; Healthcare IT; Regulatory Compliance; Security; Software Engineering; Software Testing
TL;DR: This research found that it was possible to create scenarios and system-specific code supporting scenario execution on three systems, that iTrust can be shown to be noncompliant, and that emergency access procedures are not defined clearly enough by the regulation to determine compliance or non-compliance. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2013 conference paper

Proposing regulatory-driven automated test suites for electronic health record systems

2013 5th international workshop on software engineering in health care (sehc), 46–49.

By: P. Morrison n, C. Holmgreen n, A. Massey n & L. Williams n

TL;DR: The use of Behavior-Driven-Development scenarios are proposed as the basis of an automated compliance test suite for standards such as regulation and interoperability and could become a shared asset for use by all systems subject to these regulations and standards. (via Semantic Scholar)
Source: NC State University Libraries
Added: August 6, 2018

2013 journal article

Towards the prioritization of system test cases

Software Testing, Verification and Reliability, 24(4), 320–337.

By: H. Srikanth*, S. Banerjee*, L. Williams n & J. Osborne n

author keywords: software testing and reliability; software quality; software quality; system-level testing
TL;DR: The results show that PORT improves the rate of detection of severe failures over random prioritization and indicates that customer priority was the most important contributor towards improved rate of failure detection. (via Semantic Scholar)
Sources: Web Of Science, Crossref
Added: August 6, 2018

2012 journal article

A comparison of the efficiency and effectiveness of vulnerability discovery techniques

INFORMATION AND SOFTWARE TECHNOLOGY, 55(7), 1279–1288.

By: A. Austin n, C. Holmgreen n & L. Williams n

author keywords: Security; Vulnerability; Static analysis; Penetration testing; Black box testing; White box testing
TL;DR: The results show that employing a single technique for vulnerability discovery is insufficient for finding all types of vulnerabilities, and suggest that in order to discover the greatest variety of vulnerability types, at least systematic manual penetration testing and automated static analysis should be performed. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2012 journal article

Validating Software Metrics: A Spectrum of Philosophies

ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 21(4).

By: A. Meneely n, B. Smith n & L. Williams n

author keywords: Measurement; Theory; Software metrics; validation criterion; systematic literature review
TL;DR: The objective of this article is to guide researchers in making sound contributions to the field of software engineering metrics by providing a practical summary of the metrics validation criteria found in the academic literature. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2012 journal article

What Agile Teams Think of Agile Principles

COMMUNICATIONS OF THE ACM, 55(4), 71–76.

By: L. Williams n

TL;DR: Even after almost a dozen years, these books still deliver solid guidance for software development teams and their projects. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2011 journal article

Can traditional fault prediction models be used for vulnerability prediction?

EMPIRICAL SOFTWARE ENGINEERING, 18(1), 25–59.

By: Y. Shin* & L. Williams n

author keywords: Software metrics; Complexity metrics; Fault prediction; Vulnerability prediction; Open source project; Automated text classification
TL;DR: The results suggest that fault prediction models based upon traditional metrics can substitute for specialized vulnerability prediction models, however, both fault prediction andulnerability prediction models require significant improvement to reduce false positives while providing high recall. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: Web Of Science
Added: August 6, 2018

2011 conference paper

Socio-technical developer networks: Should we trust our measurements?

2011 33rd International Conference on Software Engineering (ICSE), 281–290.

By: A. Meneely n & L. Williams n

TL;DR: The results substantiate that SNA metrics represent socio-technical relationships in open source development projects, while also clarifying how the developer network can be interpreted by researchers and practitioners. (via Semantic Scholar)
Source: NC State University Libraries
Added: August 6, 2018

2010 review

A systematic literature review of actionable alert identification techniques for automated static code analysis

[Review of ]. INFORMATION AND SOFTWARE TECHNOLOGY, 53(4), 363–387.

By: S. Heckman n & L. Williams n

author keywords: Automated static analysis; Systematic literature review; Actionable alert identification; Unactionable alert mitigation; Warning prioritization; Actionable alert prediction
TL;DR: This work proposes building on an actionable alert identification benchmark for comparison and evaluation of AAIT from literature on a standard set of subjects and utilizing a common set of evaluation metrics. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2010 journal article

Agile software development methodologies and practices

Advances in Computers, Vol 80, 80, 1–44.

By: L. Williams

Source: NC State University Libraries
Added: August 6, 2018

2010 article

Guest editorial: Special issue on software reliability engineering

Williams, L. (2010, August). EMPIRICAL SOFTWARE ENGINEERING, Vol. 15, pp. 321–322.

By: L. Williams n

TL;DR: This special issue of the Empirical Software Engineering journal is devoted to four papers selected from the 19th International Symposium on Software Reliability Engineering (ISSRE) that was held in Redmond, Washington on the Microsoft campus in 2008 due to the quality, novelty, and sound empirical analysis of the papers. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2010 chapter

Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks

In F. Massacci, D. Wallach, & N. Zannone (Eds.), Engineering Secure Software and Systems. ESSoS 2010 (pp. 192–200).

By: B. Smith n, L. Williams n & A. Austin n

Ed(s): F. Massacci, D. Wallach & N. Zannone

TL;DR: Although no SQL injection vulnerabilities were discovered, the results suggest that security testers who use an iterative, test-driven development process should compose system level rather than unit level tests. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: Crossref
Added: August 14, 2021

2010 conference paper

Idea: Using system level testing for revealing SQL injection-related error message information leaks

Engineering secure software and systems, proceedings, 5965, 192–200.

By: B. Smith, L. Williams & A. Austin

Source: NC State University Libraries
Added: August 6, 2018

2010 journal article

Protection Poker: The New Software Security "Game"

IEEE SECURITY & PRIVACY, 8(3), 14–20.

By: L. Williams n, A. Meneely n & G. Shipley*

TL;DR: The Protection Poker "game" is a collaborative means for guiding this prioritization of security fortification efforts and has the potential to improve software security practices and team software security knowledge. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2009 chapter

Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer

In F. Massacci, S. T. Redwine, & N. Zannone (Eds.), Engineering Secure Software and Systems. ESSoS 2009 (pp. 122–134).

By: L. Williams n, M. Gegick n & A. Meneely n

Ed(s): F. Massacci, S. Redwine & N. Zannone

TL;DR: The Protection Poker activity is proposed as a collaborative and informal form of misuse case development and threat modeling that plays off the diversity of knowledge and perspective of the participants and lead to a more effective software security learning experience. (via Semantic Scholar)
Source: Crossref
Added: August 14, 2021

2009 conference paper

Secure open source collaboration: An empirical study of linus' law

CCS'09: Proceedings of the 16th ACM Conference on Computer and Communications Security, 453–462.

By: A. Meneely n & L. Williams n

TL;DR: This study examines the security of an open source project in the context of developer collaboration by analyzing version control logs and quantifying notions of Linus' Law as well as the "too many cooks in the kitchen" viewpoint into developer activity metrics. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Source: NC State University Libraries
Added: August 6, 2018

2009 journal article

Should software testers use mutation analysis to augment a test set?

JOURNAL OF SYSTEMS AND SOFTWARE, 82(11), 1819–1832.

By: B. Smith n & L. Williams n

author keywords: Mutation testing; Empirical effectiveness; User study; Mutation analysis; Test adequacy; Web application; Open source; Unit testing; Mutation testing tool
TL;DR: It is shown that mutation analysis can be used by software testers to effectively produce new test cases and to improve statement coverage scores in a feasible amount of time and that the choice of mutation tool and operator set can play an important role in determining how efficient mutation analysis is for producing newtest cases. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2009 chapter

Toward Non-security Failures as a Predictor of Security Faults and Failures

In F. Massacci, S. T. Redwine, & N. Zannone (Eds.), Engineering Secure Software and Systems. ESSoS 2009. (pp. 135–149).

By: M. Gegick n, P. Rotella* & L. Williams n

Ed(s): F. Massacci, S. Redwine & N. Zannone

TL;DR: It is found that 57% of the vulnerable components were in the top nine percent of the total component ranking, but with a 48% false positive rate, indicating that non-security failures can be used as one of the input variables for security-related prediction models. (via Semantic Scholar)
Source: Crossref
Added: August 14, 2021

2008 journal article

Addressing diverse needs through a balance of agile and plan-driven software development methodologies in the core software engineering course

International Journal of Engineering Education, 24(4), 659–670.

By: L. Layman, L. Williams, K. Slaten, S. Berenson & M. Vouk

Source: NC State University Libraries
Added: August 6, 2018

2008 journal article

On automated prepared statement generation to remove SQL injection vulnerabilities

INFORMATION AND SOFTWARE TECHNOLOGY, 51(3), 589–598.

By: S. Thomas n, L. Williams n & T. Xie n

author keywords: SQL injection; Prepared statement; Fix automation
TL;DR: An algorithm of prepared statement replacement for removing SQLIVs by replacing SQL statements with prepared statements is presented and a corresponding tool for automated fix generation is created. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2008 journal article

On guiding the augmentation of an automated test suite via mutation analysis

EMPIRICAL SOFTWARE ENGINEERING, 14(3), 341–369.

By: B. Smith n & L. Williams n

author keywords: Mutation testing; Line coverage; Fault injection; Empirical effectiveness; Test case augmentation; Mutation analysis; Mutation testing tool; Statement coverage; Test adequacy; Web application; Open source; Unit testing
TL;DR: An empirical study of the use of mutation analysis on two open source projects indicates that a focused effort on increasing mutation score leads to a corresponding increase in line and branch coverage to the point that line coverage, branch coverage and mutation score reach a maximum but leave some types of code structures uncovered. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2008 journal article

Realizing quality improvement through test driven development: results and experiences of four industrial teams

EMPIRICAL SOFTWARE ENGINEERING, 13(3), 289–302.

By: N. Nagappan*, E. Maximilien*, T. Bhat* & L. Williams n

author keywords: test driven development; empirical study; defects/faults; development time
TL;DR: Case studies were conducted with three development teams at Microsoft and one at IBM that have adopted TDD and indicate that the pre-release defect density of the four products decreased between 40% and 90% relative to similar projects that did not use the TDD practice. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2007 chapter

Industry-Research Collaboration Working Group Results

In V. R. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl, & R. W. Selby (Eds.), Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 153–157).

By: L. Prechelt & L. Williams*

Ed(s): V. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl & R. Selby

TL;DR: The agreed-upon deliverable from this session was for a subset of the group to submit a longer version of this report to IEEE Software or the Empirical Software Engineering journal as a set of guidelines. (via Semantic Scholar)
Source: Crossref
Added: September 18, 2021

2007 chapter

Roadmapping Working Group 4 Results

In V. R. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl, & R. W. Selby (Eds.), Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 181–183).

By: L. Williams*, H. Erdogmus & R. Selby

Ed(s): V. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl & R. Selby

TL;DR: The group carefully considered the factors involved with the maturity of the field of Empirical Software Engineering and found that the progress to move linearly along an axis is not proportional to the amount of work that must take place. (via Semantic Scholar)
Source: Crossref
Added: September 18, 2021

2007 chapter

Structuring Families of Industrial Case Studies

In V. R. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl, & R. W. Selby (Eds.), Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 134–134).

By: L. Williams*

Ed(s): V. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl & R. Selby

TL;DR: Groups of researchers interested in the same research question(s) can customize and evolve an evaluation framework for the technology under study, which consists of templates for specific quantitative measures to collect with associated instructions on what to include/exclude for consistent measurement collection. (via Semantic Scholar)
Source: Crossref
Added: August 14, 2021

2006 journal article

Essential communication practices for Extreme Programming in a global software development team

INFORMATION AND SOFTWARE TECHNOLOGY, 48(9), 781–794.

By: L. Layman n, L. Williams n, D. Damian* & H. Bures

author keywords: global software development; Extreme Programming; case study
TL;DR: An industrial case study of a distributed team in the USA and the Czech Republic that used Extreme Programming suggests that, if critical enabling factors are addressed, methodologies dependent on informal communication can be used on global software development projects. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2006 article

Motivations and measurements in an agile case study

Layman, L., Williams, L., & Cunningham, L. (2006, November). JOURNAL OF SYSTEMS ARCHITECTURE, Vol. 52, pp. 654–667.

By: L. Layman n, L. Williams n & L. Cunningham*

author keywords: software engineering; case study; agile software development; extreme programming
Source: Web Of Science
Added: August 6, 2018

2006 journal article

On the design of more secure software-intensive systems by use of attack patterns

INFORMATION AND SOFTWARE TECHNOLOGY, 49(4), 381–397.

By: M. Gegick n & L. Williams n

author keywords: software and system safety; patterns
TL;DR: Regular expression-based attack patterns that show the sequential events that occur during an attack are created by creating a Security Analysis for Existing Threats (SAFE-T), a architectural analysis that identifies security vulnerabilities early in the software process. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2006 journal article

On the value of static analysis for fault detection in software

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 32(4), 240–253.

By: J. Zheng n, L. Williams n, N. Nagappan*, W. Snipes*, J. Hudepohl* & M. Vouk*

author keywords: code inspections; walkthroughs
Source: Web Of Science
Added: August 6, 2018

2004 conference paper

On understanding compatibility of student pair programmers

Proceedings of the 35th SIGCSE technical symposium on Computer science education - SIGCSE '04. Presented at the the 35th SIGCSE technical symposium.

By: N. Katira n, L. Williams n, E. Wiebe n, C. Miller n, S. Balik n & E. Gehringer n

Event: the 35th SIGCSE technical symposium

TL;DR: It is found that the students' perception of their partner's skill level has a significant influence on their compatibility, and students' self-esteem does not appear to be a major contributor to pair compatibility. (via Semantic Scholar)
Sources: NC State University Libraries, Crossref, NC State University Libraries
Added: August 6, 2018

2003 article

A structured experiment of test-driven development

George, B., & Williams, L. (2004, April 15). INFORMATION AND SOFTWARE TECHNOLOGY, Vol. 46, pp. 337–342.

By: B. George* & L. Williams n

author keywords: software engineering; test driven development; extreme programming; agile methodologies
TL;DR: Experimental results tend to indicate that TDD programmers produce higher quality code because they passed 18% more functional black-box test cases and took 16% more time, which supports the perception thatTDD has the potential for increasing the level of unit testing in the software industry. (via Semantic Scholar)
Source: Web Of Science
Added: August 6, 2018

2003 chapter

Pair learning: With an eye toward future success

In Extreme programming and agile methods: XP/Agile Universe 2003: Third XP Agile Universe Conference, New Orleans, LA, USA, August 10-13, 2003 (Vol. 2753, pp. 185–198).

By: N. Nagappan n, L. Williams n, E. Wiebe n, C. Miller n, S. Balik n, M. Ferzli n, J. Petlick n

TL;DR: An experiment was run at North Carolina State University to assess the efficacy of pair programming as an alternative educational technique in an introductory programming course and found that the retention rate of the students in the introductory programming courses is equal to or better than that of theStudents in the solo programming courses. (via Semantic Scholar)
Sources: NC State University Libraries, NC State University Libraries
Added: August 6, 2018

2003 journal article

The Economics of Software Development by Pair Programmers

The Engineering Economist, 48(4), 283–319.

By: H. Erdogmus* & L. Williams n

TL;DR: A comparative economic evaluation that strengthens the case for pair programming and recommends that organizations engaged in software development consider adopting pair programming as a practice that could improve their bottom line. (via Semantic Scholar)
Source: Crossref
Added: September 18, 2021

2003 article

The XP programmer: The few-minutes programmer

IEEE SOFTWARE, Vol. 20, pp. 16–20.

By: L. Williams n

Source: Web Of Science
Added: August 6, 2018

2002 report

Distributed Pair Programming: Empirical Studies and Supporting Environments

(pp. TR02–010). Chapel Hill, NC: Dept. of Computer Science, University of North Carolina.

By: P. Baheti, L. Williams, E. Gehringer, D. Stotts & J. Smith

Source: NC State University Libraries
Added: August 6, 2018

2002 book

Extreme programming and agile methods XP/Agile Universe 2002 : Second XP Universe and First Agile Universe Conference, Chicago, IL, USA, August 4-7, 2002 : proceedings

Berlin ;|aNew York: Springer.

Laurie Williams

Source: NC State University Libraries
Added: August 6, 2018

2002 journal article

In support of paired programming in the introductory computer science course

Computer Science Education, 12(3), 197–212.

By: L. Williams*, E. Wiebe*, K. Yang*, M. Ferzli* & C. Miller n

UN Sustainable Development Goal Categories
4. Quality Education (OpenAlex)
Sources: NC State University Libraries, NC State University Libraries
Added: August 6, 2018

2002 journal article

Integrating Agile Practices into Software Engineering Courses

Computer Science Education, 12(3), 169–185.

By: G. Hislop, M. Lutz, J. Naveda, W. McCracken, N. Mead & L. Williams*

Source: Crossref
Added: September 18, 2021

2002 personal communication

Letters - Try it, you'll like it

By: L. Williams

Source: NC State University Libraries
Added: August 6, 2018

2002 conference paper

Pair programming in an introductory computer science course: Initial results and recommendations

OOPSLA 2002: 17th ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications : conference proceedings: November 4-8, 2002, Washington State Convention and Trade Center, Seattle, Washington, USA. New York, NY: ACM Press.

By: L. Williams, K. Yang, E. Wiebe, M. Ferzli & C. Miller

Source: NC State University Libraries
Added: August 6, 2018

2002 article

Teaching PSP: Challenges and lessons learned

IEEE SOFTWARE, Vol. 19, pp. 42-+.

By: J. Borstler*, D. Carrington*, G. Hislop*, S. Lisack*, K. Olson* & L. Williams n

TL;DR: Five universities used the personal software process to teach software engineering concepts in a variety of contexts to help students learn about the size and complexity of modern software systems and the techniques available for managing these difficulties. (via Semantic Scholar)
UN Sustainable Development Goal Categories
4. Quality Education (OpenAlex)
Source: Web Of Science
Added: August 6, 2018

2001 journal article

Experiments with Industry's “Pair-Programming” Model in the Computer Science Classroom

Computer Science Education, 11(1), 7–20.

By: L. Williams n & R. Kessler*

Source: Crossref
Added: September 18, 2021

2000 journal article

Strengthening the case for pair programming

IEEE SOFTWARE, 17(4), 19-+.

By: L. Williams n, R. Kessler*, W. Cunningham & R. Jeffries

Source: Web Of Science
Added: August 6, 2018

Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.

Certain data included herein are derived from the Web of Science© and InCites© (2024) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.