@article{shu_xia_williams_menzies_2022, title={Dazzle: Using Optimized Generative Adversarial Networks to Address Security Data Class Imbalance Issue}, ISSN={["2160-1852"]}, DOI={10.1145/3524842.3528437}, journal={2022 MINING SOFTWARE REPOSITORIES CONFERENCE (MSR 2022)}, author={Shu, Rui and Xia, Tianpei and Williams, Laurie and Menzies, Tim}, year={2022}, pages={144–155} } @article{elder_zahan_shu_metro_kozarev_menzies_williams_2022, title={Do I really need all this work to find vulnerabilities? An empirical case study comparing vulnerability detection techniques on a Java application}, volume={27}, ISSN={["1573-7616"]}, DOI={10.1007/s10664-022-10179-6}, number={6}, journal={EMPIRICAL SOFTWARE ENGINEERING}, author={Elder, Sarah and Zahan, Nusrat and Shu, Rui and Metro, Monica and Kozarev, Valeri and Menzies, Tim and Williams, Laurie}, year={2022}, month={Nov} } @article{weir_migues_williams_2022, title={Exploring the Shift in Security Responsibility}, ISSN={["1558-4046"]}, DOI={10.1109/MSEC.2022.3150238}, journal={IEEE SECURITY & PRIVACY}, author={Weir, Charles and Migues, Samuel and Williams, Laurie}, year={2022}, month={Mar} } @article{mahdavi-hezaveh_ajmeri_williams_2022, title={Feature toggles as code: Heuristics and metrics for structuring feature toggles}, volume={145}, ISSN={["1873-6025"]}, url={https://research-information.bris.ac.uk/en/publications/cf3267f4-7537-48f9-9f5d-39eae5b5ced6}, DOI={10.1016/j.infsof.2021.106813}, note={Funding Information: The first author is funded by North Carolina State University . The second author is funded by the National Security Agency (Science of Security Lablet) at North Carolina State University. We thank all the reviewers for their valuable feedback. We also thank the members of the RealSearch group. Publisher Copyright: \textcopyright 2022 Elsevier B.V.}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, publisher={Amsterdam:Elsevier}, author={Mahdavi-Hezaveh, Rezvan and Ajmeri, Nirav and Williams, Laurie}, year={2022}, month={May} } @article{shu_xia_williams_menzies_2022, title={Omni: automated ensemble with unexpected models against adversarial evasion attack}, volume={27}, ISSN={["1573-7616"]}, DOI={10.1007/s10664-021-10064-8}, number={1}, journal={EMPIRICAL SOFTWARE ENGINEERING}, author={Shu, Rui and Xia, Tianpei and Williams, Laurie and Menzies, Tim}, year={2022}, month={Jan} } @article{enck_williams_2022, title={Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations}, volume={20}, ISSN={["1558-4046"]}, DOI={10.1109/MSEC.2022.3142338}, number={2}, journal={IEEE SECURITY & PRIVACY}, author={Enck, William and Williams, Laurie}, year={2022}, pages={96–100} } @article{zahan_zimmermann_godefroid_murphy_maddila_williams_2022, title={What are Weak Links in the npm Supply Chain?}, DOI={10.1145/3510457.3513044}, journal={2022 ACM/IEEE 44TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE (ICSE-SEIP 2022)}, author={Zahan, Nusrat and Zimmermann, Thomas and Godefroid, Patrice and Murphy, Brendan and Maddila, Chandra and Williams, Laurie}, year={2022}, pages={331–340} } @article{basak_neil_reaves_williams_2022, title={What are the Practices for Secret Management in Software Artifacts?}, DOI={10.1109/SecDev53368.2022.00026}, journal={2022 IEEE SECURE DEVELOPMENT CONFERENCE (SECDEV 2022)}, author={Basak, Setu Kumar and Neil, Lorenzo and Reaves, Bradley and Williams, Laurie}, year={2022}, pages={69–76} } @article{rahman_imtiaz_storey_williams_2022, title={Why secret detection tools are not enough: It's not just about false positives-An industrial case study}, volume={27}, ISSN={["1573-7616"]}, DOI={10.1007/s10664-021-10109-y}, number={3}, journal={EMPIRICAL SOFTWARE ENGINEERING}, author={Rahman, Md Rayhanur and Imtiaz, Nasif and Storey, Margaret-Anne and Williams, Laurie}, year={2022}, month={May} } @article{rahman_williams_2021, title={Different Kind of Smells: Security Smells in Infrastructure as Code Scripts}, volume={19}, ISSN={["1558-4046"]}, DOI={10.1109/MSEC.2021.3065190}, number={3}, journal={IEEE SECURITY & PRIVACY}, author={Rahman, Akond and Williams, Laurie}, year={2021}, pages={33–41} } @article{shu_xia_chen_williams_menzies_2021, title={How to Better Distinguish Security Bug Reports (Using Dual Hyperparameter Optimization)}, volume={26}, ISSN={["1573-7616"]}, DOI={10.1007/s10664-020-09906-8}, number={3}, journal={EMPIRICAL SOFTWARE ENGINEERING}, author={Shu, Rui and Xia, Tianpei and Chen, Jianfeng and Williams, Laurie and Menzies, Tim}, year={2021}, month={May} } @article{yu_theisen_williams_menzies_2021, title={Improving Vulnerability Inspection Efficiency Using Active Learning}, volume={47}, ISSN={["1939-3520"]}, url={https://doi.org/10.1109/TSE.2019.2949275}, DOI={10.1109/TSE.2019.2949275}, number={11}, journal={IEEE TRANSACTIONS ON SOFTWARE ENGINEERING}, publisher={Institute of Electrical and Electronics Engineers (IEEE)}, author={Yu, Zhe and Theisen, Christopher and Williams, Laurie and Menzies, Tim}, year={2021}, month={Nov}, pages={2401–2420} } @article{weir_migues_ware_williams_2021, title={Infiltrating Security into Development: Exploring the World' Largest Software Security Study}, DOI={10.1145/34682643473926}, journal={PROCEEDINGS OF THE 29TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE '21)}, author={Weir, Charles and Migues, Sammy and Ware, Mike and Williams, Laurie}, year={2021}, pages={1326–1336} } @article{rahman_rahman_parnin_williams_2021, title={Security Smells in Ansible and Chef Scripts: A Replication Study}, volume={30}, ISBN={1557-7392}, DOI={10.1145/3408897}, number={1}, journal={ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY}, author={Rahman, Akond and Rahman, Md Rayhanur and Parnin, Chris and Williams, Laurie}, year={2021}, month={Jan} } @article{mahdavi-hezaveh_dremann_williams_2021, title={Software development with feature toggles: practices used by practitioners}, volume={26}, ISSN={["1573-7616"]}, DOI={10.1007/s10664-020-09901-z}, number={1}, journal={EMPIRICAL SOFTWARE ENGINEERING}, author={Mahdavi-Hezaveh, Rezvan and Dremann, Jacob and Williams, Laurie}, year={2021}, month={Jan} } @article{elder_zahan_kozarev_shu_menzies_williams_2021, title={Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard}, DOI={10.1109/ICSE-SEET52601.2021.00019}, journal={2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: JOINT TRACK ON SOFTWARE ENGINEERING EDUCATION AND TRAINING (ICSE-JSEET 2021)}, author={Elder, Sarah E. and Zahan, Nusrat and Kozarev, Val and Shu, Rui and Menzies, Tim and Williams, Laurie}, year={2021}, pages={95–104} } @article{rahman_mahdavi-hezaveh_williams_2020, title={A Literature Review on Mining Cyberthreat Intelligence from Unstructured Texts}, ISSN={["2375-9232"]}, DOI={10.1109/ICDMW51313.2020.00075}, journal={20TH IEEE INTERNATIONAL CONFERENCE ON DATA MINING WORKSHOPS (ICDMW 2020)}, author={Rahman, Md Rayhanur and Mahdavi-Hezaveh, Rezvan and Williams, Laurie}, year={2020}, pages={516–525} } @article{theisen_williams_2020, title={Better together: Comparing vulnerability prediction models}, volume={119}, ISSN={["1873-6025"]}, DOI={10.1016/j.infsof.2019.106204}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={Theisen, Christopher and Williams, Laurie}, year={2020}, month={Mar} } @article{rahman_farhana_parnin_williams_2020, title={Gang of Eight: A Defect Taxonomy for Infrastructure as Code Scripts}, ISSN={["0270-5257"]}, DOI={10.1145/3377811.3380409}, journal={2020 ACM/IEEE 42ND INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2020)}, author={Rahman, Akond and Farhana, Effat and Parnin, Chris and Williams, Laurie}, year={2020}, pages={752–764} } @article{rahman_farhana_williams_2020, title={The 'as code' activities: development anti-patterns for infrastructure as code}, volume={25}, ISSN={["1573-7616"]}, DOI={10.1007/s10664-020-09841-8}, number={5}, journal={EMPIRICAL SOFTWARE ENGINEERING}, author={Rahman, Akond and Farhana, Effat and Williams, Laurie}, year={2020}, month={Sep}, pages={3430–3467} } @article{rahman_mandavi-hezaveh_williams_2019, title={A systematic mapping study of infrastructure as code research}, volume={108}, ISSN={["1873-6025"]}, DOI={10.1016/j.infsof.2018.12.004}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={Rahman, Akond and Mandavi-Hezaveh, Rezvan and Williams, Laurie}, year={2019}, month={Apr}, pages={65–77} } @article{imtiaz_murphy_williams_2019, title={How Do Developers Act on Static Analysis Alerts? An Empirical Study of Coverity Usage}, ISSN={["1071-9458"]}, DOI={10.1109/ISSRE.2019.00040}, journal={2019 IEEE 30TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE)}, author={Imtiaz, Nasif and Murphy, Brendan and Williams, Laurie}, year={2019}, pages={323–333} } @article{rahman_rahman_williams_2019, title={Share, But Be Aware: Security Smells in Python Gists}, ISSN={["1063-6773"]}, DOI={10.1109/ICSME.2019.00087}, journal={2019 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE AND EVOLUTION (ICSME 2019)}, author={Rahman, Md Rayhanur and Rahman, Akond and Williams, Laurie}, year={2019}, pages={536–540} } @article{rahman_williams_2019, title={Source code properties of defective infrastructure as code scripts}, volume={112}, ISSN={["1873-6025"]}, DOI={10.1016/j.infsof.2019.04.013}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={Rahman, Akond and Williams, Laurie}, year={2019}, month={Aug}, pages={148–163} } @article{rahman_parnin_williams_2019, title={The Seven Sins: Security Smells in Infrastructure as Code Scripts}, ISSN={["0270-5257"]}, DOI={10.1109/ICSE.2019.00033}, journal={2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2019)}, author={Rahman, Akond and Parnin, Chris and Williams, Laurie}, year={2019}, pages={164–175} } @article{morrison_pandita_xiao_chillarege_williams_2018, title={Are Vulnerabilities Discovered and Resolved like Other Defects?}, DOI={10.1145/3180155.3182553}, journal={PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE)}, author={Morrison, Patrick J. and Pandita, Rahul and Xiao, Xusheng and Chillarege, Ram and Williams, Laurie}, year={2018}, pages={498–498} } @article{morrison_pandita_xiao_chillarege_williams_2018, title={Are vulnerabilities discovered and resolved like other defects?}, volume={23}, ISSN={["1573-7616"]}, DOI={10.1007/s10664-017-9541-1}, number={3}, journal={EMPIRICAL SOFTWARE ENGINEERING}, author={Morrison, Patrick J. and Pandita, Rahul and Xiao, Xusheng and Chillarege, Ram and Williams, Laurie}, year={2018}, month={Jun}, pages={1383–1421} } @misc{theisen_munaiah_al-zyoud_carver_meneely_williams_2018, title={Attack surface definitions: A systematic literature review}, volume={104}, ISSN={["1873-6025"]}, DOI={10.1016/j.infsof.2018.07.008}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={Theisen, Christopher and Munaiah, Nuthan and Al-Zyoud, Mahran and Carver, Jeffrey C. and Meneely, Andrew and Williams, Laurie}, year={2018}, month={Dec}, pages={94–103} } @article{rahman_williams_2018, title={Characterizing Defective Configuration Scripts Used for Continuous Deployment}, ISSN={["2381-2834"]}, DOI={10.1109/icst.2018.00014}, journal={2018 IEEE 11TH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION (ICST)}, author={Rahman, Akond and Williams, Laurie}, year={2018}, pages={34–45} } @article{williams_2018, title={Continuously Integrating Security}, DOI={10.1145/3194707.3194717}, journal={2018 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SECURITY AWARENESS FROM DESIGN TO DEPLOYMENT (SEAD)}, author={Williams, Laurie}, year={2018}, pages={1–2} } @article{morrison_oyetoyan_williams_2018, title={Identifying Security Issues in Software Development: Are Keywords Enough?}, ISSN={["2574-1926"]}, DOI={10.1145/3183440.3195040}, journal={PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING - COMPANION (ICSE-COMPANION}, author={Morrison, Patrick and Oyetoyan, Tosin Daniel and Williams, Laurie}, year={2018}, pages={426–427} } @article{morrison_moye_pandita_williams_2018, title={Mapping the field of software life cycle security metrics}, volume={102}, ISSN={["1873-6025"]}, DOI={10.1016/j.infsof.2018.05.011}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={Morrison, Patrick and Moye, David and Pandita, Rahul and Williams, Laurie}, year={2018}, month={Oct}, pages={146–159} } @article{rahman_stallings_williams_2018, title={Poster: Defect Prediction Metrics for Infrastructure as Code Scripts in DevOps}, ISSN={["2574-1926"]}, DOI={10.1145/3183440.3195034}, journal={PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING - COMPANION (ICSE-COMPANION}, author={Rahman, Akond and Stallings, Jonathan and Williams, Laurie}, year={2018}, pages={414–415} } @article{rahman_partho_morrison_williams_2018, title={What Questions Do Programmers Ask About Configuration as Code?}, DOI={10.1145/3194760.3194769}, journal={PROCEEDINGS 2018 IEEE/ACM 4TH INTERNATIONAL WORKSHOP ON RAPID CONTINUOUS SOFTWARE ENGINEERING (RCOSE)}, author={Rahman, Akond and Partho, Asif and Morrison, Patrick and Williams, Laurie}, year={2018}, pages={16–22} } @article{williams_baldwin_2017, title={Highlights of the ACM Student Research Competition}, volume={60}, ISSN={["1557-7317"]}, DOI={10.1145/3145811}, number={11}, journal={COMMUNICATIONS OF THE ACM}, author={Williams, Laurie and Baldwin, Doug}, year={2017}, month={Nov}, pages={5–5} } @article{riaz_king_slankas_williams_massacci_quesada-lopez_jenkins_2017, title={Identifying the implied: Findings from three differentiated replications on the use of security requirements templates}, volume={22}, ISSN={["1573-7616"]}, url={https://doi.org/10.1007/s10664-016-9481-1}, DOI={10.1007/s10664-016-9481-1}, number={4}, journal={EMPIRICAL SOFTWARE ENGINEERING}, author={Riaz, Maria and King, Jason and Slankas, John and Williams, Laurie and Massacci, Fabio and Quesada-Lopez, Christian and Jenkins, Marcelo}, year={2017}, month={Aug}, pages={2127–2178} } @article{pandita_jetley_sudarsan_menzies_williams_2017, title={TMAP: Discovering relevant API methods through text mining of API documentation}, volume={29}, ISSN={2047-7473}, url={http://dx.doi.org/10.1002/SMR.1845}, DOI={10.1002/SMR.1845}, number={12}, journal={Journal of Software: Evolution and Process}, publisher={Wiley}, author={Pandita, Rahul and Jetley, Raoul and Sudarsan, Sithu and Menzies, Timothy and Williams, Laurie}, year={2017}, month={Feb}, pages={e1845} } @article{williams_2017, title={The Rising Tide Lifts All Boats: The Advancement of Science in Cyber Security (Invited Talk)}, DOI={10.1145/3106237.3121272}, journal={ESEC/FSE 2017: PROCEEDINGS OF THE 2017 11TH JOINT MEETING ON FOUNDATIONS OF SOFTWARE ENGINEERING}, author={Williams, Laurie}, year={2017}, pages={1–1} } @article{parnin_helms_atlee_boughton_ghattas_glover_holman_micco_murphy_savor_et al._2017, title={The Top 10 Adages in Continuous Deployment}, volume={34}, ISSN={["1937-4194"]}, DOI={10.1109/ms.2017.86}, number={3}, journal={IEEE SOFTWARE}, author={Parnin, Chris and Helms, Eric and Atlee, Chris and Boughton, Harley and Ghattas, Mark and Glover, Andy and Holman, James and Micco, John and Murphy, Brendan and Savor, Tony and et al.}, year={2017}, pages={86–95} } @article{king_stallings_riaz_williams_2017, title={To log, or not to log: using heuristics to identify mandatory log events - a controlled experiment}, volume={22}, ISSN={["1573-7616"]}, url={https://doi.org/10.1007/s10664-016-9449-1}, DOI={10.1007/s10664-016-9449-1}, number={5}, journal={EMPIRICAL SOFTWARE ENGINEERING}, author={King, Jason and Stallings, Jon and Riaz, Maria and Williams, Laurie}, year={2017}, month={Oct}, pages={2684–2717} } @article{choi_ji_2017, title={Twist-3 Distribution Amplitudes of Pion in the Light-Front Quark Model}, volume={58}, ISSN={0177-7963 1432-5411}, url={http://dx.doi.org/10.1007/S00601-016-1208-8}, DOI={10.1007/s00601-016-1208-8}, number={2}, journal={Few-Body Systems}, publisher={Springer Nature}, author={Choi, Ho-Meoyng and Ji, Chueng-Ryong}, year={2017}, month={Jan} } @inproceedings{pandita_taneja_tung_williams_2016, title={ICON: Inferring temporal constraints from natural language API descriptions}, booktitle={32nd ieee international conference on software maintenance and evolution (icsme 2016)}, author={Pandita, R. and Taneja, K. and Tung, T. and Williams, L.}, year={2016}, pages={378–388} } @article{kafali_singh_williams_2016, title={NANE: Identifying Misuse Cases Using Temporal Norm Enactments}, ISSN={["2332-6441"]}, url={https://publons.com/publon/21294380/}, DOI={10.1109/re.2016.34}, journal={2016 IEEE 24TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE)}, author={Kafali, Ozgur and Singh, Munindar P. and Williams, Laurie}, year={2016}, pages={136–145} } @article{rahman_williams_2016, title={Software Security in DevOps: Synthesizing Practitioners' Perceptions and Practices}, DOI={10.1145/2896941.2896946}, journal={INTERNATIONAL WORKSHOP ON CONTINUOUS SOFTWARE EVOLUTION AND DELIVERY, CSED 2016}, author={Rahman, Akond Ashfaque Ur and Williams, Laurie}, year={2016}, pages={70–76} } @article{theisen_williams_2016, title={Stack traces reveal attack surfaces}, journal={Perspectives on Data Science for Software Engineering}, author={Theisen, C. and Williams, L.}, year={2016}, pages={73–76} } @article{alonso-mori_asa_bergmann_brewster_chatterjee_cooper_frei_fuller_goggins_gul_et al._2016, title={Towards characterization of photo-excited electron transfer and catalysis in natural and artificial systems using XFELs}, volume={194}, ISSN={["1364-5498"]}, DOI={10.1039/c6fd00084c}, journal={FARADAY DISCUSSIONS}, author={Alonso-Mori, R. and Asa, K. and Bergmann, U. and Brewster, A. S. and Chatterjee, R. and Cooper, J. K. and Frei, H. M. and Fuller, F. D. and Goggins, E. and Gul, S. and et al.}, year={2016}, pages={621–638} } @inproceedings{xie_enck_2016, title={Tutorial: text analytics for security}, booktitle={Symposium and Bootcamp on the Science of Security}, author={Xie, T. and Enck, W.}, year={2016}, pages={124–125} } @inproceedings{systematically developing prevention, detection, and response patterns for security requirements_2016, booktitle={2016 IEEE 24th International Requirements Engineering Conference Workshops (REW)}, year={2016}, pages={62–67} } @inproceedings{pandita_jetley_sudarsan_williams_2015, title={Discovering likely mappings between APIs using text mining}, DOI={10.1109/scam.2015.7335419}, booktitle={Ieee international working conference on source code analysis and}, author={Pandita, R. and Jetley, R. P. and Sudarsan, S. D. and Williams, L.}, year={2015}, pages={231–240} } @article{riaz_breaux_williams_2015, title={How have we evaluated software pattern application? A systematic mapping study of research design practices}, volume={65}, ISSN={["1873-6025"]}, DOI={10.1016/j.infsof.2015.04.002}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={Riaz, Maria and Breaux, Travis and Williams, Laurie}, year={2015}, month={Sep}, pages={14–38} } @article{ur rahman_helms_williams_parnin_2015, title={Synthesizing Continuous Deployment Practices Used in Software Development}, DOI={10.1109/agile.2015.12}, journal={2015 AGILE CONFERENCE}, author={Ur Rahman, Akond Ashfaque and Helms, Eric and Williams, Laurie and Parnin, Chris}, year={2015}, pages={1–10} } @inbook{doyle_williams_cohn_rubin_2014, title={Agile Software Development in Practice}, ISBN={9783319068619 9783319068626}, ISSN={1865-1348 1865-1356}, url={http://dx.doi.org/10.1007/978-3-319-06862-6_3}, DOI={10.1007/978-3-319-06862-6_3}, booktitle={Lecture Notes in Business Information Processing}, publisher={Springer International Publishing}, author={Doyle, Maureen and Williams, Laurie and Cohn, Mike and Rubin, Kenneth S.}, year={2014}, pages={32–45} } @inproceedings{riaz_king_slankas_williams_2014, title={Hidden in plain sight: Automatically identifying security requirements from natural language artifacts}, DOI={10.1109/re.2014.6912260}, booktitle={2014 ieee 22nd international requirements engineering conference (re)}, author={Riaz, M. and King, Jason and Slankas, J. and Williams, L.}, year={2014}, pages={183–192} } @article{rivers_vouk_williams_2014, title={On Coverage-Based Attack Profiles}, DOI={10.1109/sere-c.2014.15}, journal={2014 IEEE EIGHTH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY - COMPANION (SERE-C 2014)}, author={Rivers, Anthony T. and Vouk, Mladen A. and Williams, Laurie}, year={2014}, pages={5–6} } @inproceedings{hibshi_breaux_riaz_williams_2014, title={Towards a framework to measure security expertise in requirements analysis}, DOI={10.1109/espre.2014.6890522}, booktitle={2014 IEEE 1st Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)}, author={Hibshi, H. and Breaux, T. and Riaz, M. and Williams, L.}, year={2014}, pages={13–18} } @article{austin_holmgreen_williams_2013, title={A comparison of the efficiency and effectiveness of vulnerability discovery techniques}, volume={55}, ISSN={["1873-6025"]}, DOI={10.1016/j.infsof.2012.11.007}, number={7}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={Austin, Andrew and Holmgreen, Casper and Williams, Laurie}, year={2013}, month={Jul}, pages={1279–1288} } @article{slankas_williams_2013, title={Access Control Policy Extraction from Unconstrained Natural Language Text}, DOI={10.1109/socialcom.2013.68}, journal={2013 ASE/IEEE INTERNATIONAL CONFERENCE ON SOCIAL COMPUTING (SOCIALCOM)}, author={Slankas, John and Williams, Laurie}, year={2013}, pages={435–440} } @inproceedings{slankas_williams_2013, title={Automated extraction of non-functional requirements in available documentation}, DOI={10.1109/naturalise.2013.6611715}, booktitle={2013 1st International Workshop on Natural Language Analysis in Software Engineering (NaturaLiSE)}, author={Slankas, J. and Williams, L.}, year={2013}, pages={9–16} } @article{shin_williams_2013, title={Can traditional fault prediction models be used for vulnerability prediction?}, volume={18}, ISSN={["1573-7616"]}, DOI={10.1007/s10664-011-9190-8}, number={1}, journal={EMPIRICAL SOFTWARE ENGINEERING}, author={Shin, Yonghee and Williams, Laurie}, year={2013}, month={Feb}, pages={25–59} } @inproceedings{subramani_vouk_williams_2013, title={Non-operational testing of software for security issues}, DOI={10.1109/issrew.2013.6688857}, booktitle={2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)}, author={Subramani, S. and Vouk, M. and Williams, L.}, year={2013}, pages={21–22} } @article{morrison_holmgreen_massey_williams_2013, title={Proposing Regulatory-Driven Automated Test Suites}, DOI={10.1109/agile.2013.8}, journal={2013 AGILE CONFERENCE (AGILE)}, author={Morrison, Patrick and Holmgreen, Casper and Massey, Aaron and Williams, Laurie}, year={2013}, pages={11–21} } @inproceedings{morrison_holmgreen_massey_williams_2013, title={Proposing regulatory-driven automated test suites for electronic health record systems}, DOI={10.1109/sehc.2013.6602477}, booktitle={2013 5th international workshop on software engineering in health care (sehc)}, author={Morrison, P. and Holmgreen, C. and Massey, A. and Williams, L.}, year={2013}, pages={46–49} } @article{srikanth_banerjee_williams_osborne_2013, title={Towards the prioritization of system test cases}, volume={24}, ISSN={0960-0833}, url={http://dx.doi.org/10.1002/STVR.1500}, DOI={10.1002/stvr.1500}, number={4}, journal={Software Testing, Verification and Reliability}, publisher={Wiley}, author={Srikanth, Hema and Banerjee, Sean and Williams, Laurie and Osborne, Jason}, year={2013}, month={Jun}, pages={320–337} } @article{meneely_smith_williams_2012, title={Validating Software Metrics: A Spectrum of Philosophies}, volume={21}, ISSN={["1049-331X"]}, DOI={10.1145/2377656.2377661}, number={4}, journal={ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY}, author={Meneely, Andrew and Smith, Ben and Williams, Laurie}, year={2012} } @article{williams_2012, title={What Agile Teams Think of Agile Principles}, volume={55}, ISSN={["0001-0782"]}, DOI={10.1145/2133806.2133823}, number={4}, journal={COMMUNICATIONS OF THE ACM}, author={Williams, Laurie}, year={2012}, month={Apr}, pages={71–76} } @misc{heckman_williams_2011, title={A systematic literature review of actionable alert identification techniques for automated static code analysis}, volume={53}, ISSN={["1873-6025"]}, DOI={10.1016/j.infsof.2010.12.007}, number={4}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={Heckman, Sarah and Williams, Laurie}, year={2011}, month={Apr}, pages={363–387} } @inproceedings{meneely_williams_2011, title={Socio-technical developer networks: Should we trust our measurements?}, DOI={10.1145/1985793.1985832}, booktitle={2011 33rd International Conference on Software Engineering (ICSE)}, author={Meneely, A. and Williams, L.}, year={2011}, pages={281–290} } @article{williams_2010, title={Agile software development methodologies and practices}, volume={80}, journal={Advances in computers, vol 80}, author={Williams, L.}, year={2010}, pages={1–44} } @article{williams_2010, title={Guest editorial: Special issue on software reliability engineering}, volume={15}, ISSN={["1382-3256"]}, DOI={10.1007/s10664-010-9129-5}, number={4}, journal={EMPIRICAL SOFTWARE ENGINEERING}, author={Williams, Laurie}, year={2010}, month={Aug}, pages={321–322} } @inbook{smith_williams_austin_2010, place={Berlin Heidelberg}, series={Lecture Notes in Computer Science}, title={Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks}, ISBN={9783642117466 9783642117473}, ISSN={0302-9743 1611-3349}, url={http://dx.doi.org/10.1007/978-3-642-11747-3_15}, DOI={10.1007/978-3-642-11747-3_15}, booktitle={Engineering Secure Software and Systems. ESSoS 2010}, publisher={Springer}, author={Smith, Ben and Williams, Laurie and Austin, Andrew}, editor={Massacci, F. and Wallach, D. and Zannone, N.Editors}, year={2010}, pages={192–200}, collection={Lecture Notes in Computer Science} } @inproceedings{smith_williams_austin_2010, title={Idea: Using system level testing for revealing SQL injection-related error message information leaks}, volume={5965}, booktitle={Engineering secure software and systems, proceedings}, author={Smith, B. and Williams, L. and Austin, A.}, year={2010}, pages={192–200} } @article{williams_meneely_shipley_2010, title={Protection Poker: The New Software Security "Game"}, volume={8}, ISSN={["1540-7993"]}, DOI={10.1109/msp.2010.58}, number={3}, journal={IEEE SECURITY & PRIVACY}, author={Williams, Laurie and Meneely, Andrew and Shipley, Grant}, year={2010}, pages={14–20} } @article{thomas_williams_xie_2009, title={On automated prepared statement generation to remove SQL injection vulnerabilities}, volume={51}, ISSN={["1873-6025"]}, DOI={10.1016/j.infsof.2008.08.002}, number={3}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={Thomas, Stephen and Williams, Laurie and Xie, Tao}, year={2009}, month={Mar}, pages={589–598} } @article{smith_williams_2009, title={On guiding the augmentation of an automated test suite via mutation analysis}, volume={14}, ISSN={["1573-7616"]}, DOI={10.1007/s10664-008-9083-7}, number={3}, journal={EMPIRICAL SOFTWARE ENGINEERING}, author={Smith, Ben H. and Williams, Laurie}, year={2009}, month={Jun}, pages={341–369} } @inbook{williams_gegick_meneely_2009, place={Berlin Heidelberg}, series={Lecture Notes in Computer Science}, title={Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer}, ISBN={9783642001987 9783642001994}, ISSN={0302-9743 1611-3349}, url={http://dx.doi.org/10.1007/978-3-642-00199-4_11}, DOI={10.1007/978-3-642-00199-4_11}, booktitle={Engineering Secure Software and Systems. ESSoS 2009}, publisher={Springer}, author={Williams, Laurie and Gegick, Michael and Meneely, Andrew}, editor={Massacci, F. and Redwine, S.T. and Zannone, N.Editors}, year={2009}, pages={122–134}, collection={Lecture Notes in Computer Science} } @inproceedings{meneely_williams_2009, title={Secure open source collaboration: An empirical study of linus' law}, DOI={10.1145/1653662.1653717}, booktitle={CCS'09: Proceedings of the 16th ACM Conference on Computer and Communications Security}, author={Meneely, A. and Williams, L.}, year={2009}, pages={453–462} } @article{smith_williams_2009, title={Should software testers use mutation analysis to augment a test set?}, volume={82}, ISSN={["1873-1228"]}, DOI={10.1016/j.jss.2009.06.031}, number={11}, journal={JOURNAL OF SYSTEMS AND SOFTWARE}, author={Smith, Ben H. and Williams, Laurie}, year={2009}, month={Nov}, pages={1819–1832} } @inbook{gegick_rotella_williams_2009, place={Berlin Heidelberg}, series={Lecture Notes in Computer Science}, title={Toward Non-security Failures as a Predictor of Security Faults and Failures}, ISBN={9783642001987 9783642001994}, ISSN={0302-9743 1611-3349}, url={http://dx.doi.org/10.1007/978-3-642-00199-4_12}, DOI={10.1007/978-3-642-00199-4_12}, booktitle={Engineering Secure Software and Systems. ESSoS 2009.}, publisher={Springer}, author={Gegick, Michael and Rotella, Pete and Williams, Laurie}, editor={Massacci, F. and Redwine, S.T. and Zannone, N.Editors}, year={2009}, pages={135–149}, collection={Lecture Notes in Computer Science} } @article{layman_williams_slaten_berenson_vouk_2008, title={Addressing diverse needs through a balance of agile and plan-driven software development methodologies in the core software engineering course}, volume={24}, number={4}, journal={International Journal of Engineering Education}, author={Layman, L. and Williams, L. and Slaten, K. and Berenson, S. and Vouk, M.}, year={2008}, pages={659–670} } @article{nagappan_maximilien_bhat_williams_2008, title={Realizing quality improvement through test driven development: results and experiences of four industrial teams}, volume={13}, ISSN={["1573-7616"]}, DOI={10.1007/s10664-008-9062-z}, number={3}, journal={EMPIRICAL SOFTWARE ENGINEERING}, author={Nagappan, Nachiappan and Maximilien, E. Michael and Bhat, Thirumalesh and Williams, Laurie}, year={2008}, month={Jun}, pages={289–302} } @inbook{prechelt_williams_2007, place={Berlin Heidelberg}, series={Lecture Notes in Computer Science}, title={Industry-Research Collaboration Working Group Results}, ISBN={9783540713005 9783540713012}, url={http://dx.doi.org/10.1007/978-3-540-71301-2_46}, DOI={10.1007/978-3-540-71301-2_46}, booktitle={Empirical Software Engineering Issues. Critical Assessment and Future Directions}, publisher={Springer}, author={Prechelt, Lutz and Williams, Laurie}, editor={Basili, V.R. and Rombach, D. and Schneider, K. and Kitchenham, B. and Pfahl, D. and Selby, R.W.Editors}, year={2007}, month={Jun}, pages={153–157}, collection={Lecture Notes in Computer Science} } @article{gegick_williams_2007, title={On the design of more secure software-intensive systems by use of attack patterns}, volume={49}, ISSN={["1873-6025"]}, DOI={10.1016/j.infsof.2006.06.002}, number={4}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={Gegick, Michael and Williams, Laurie}, year={2007}, month={Apr}, pages={381–397} } @inbook{williams_erdogmus_selby_2007, place={Berlin Heidelberg}, series={Lecture Notes in Computer Science}, title={Roadmapping Working Group 4 Results}, ISBN={9783540713005 9783540713012}, url={http://dx.doi.org/10.1007/978-3-540-71301-2_53}, DOI={10.1007/978-3-540-71301-2_53}, booktitle={Empirical Software Engineering Issues. Critical Assessment and Future Directions}, publisher={Springer}, author={Williams, Laurie and Erdogmus, Hakan and Selby, Rick}, editor={Basili, V.R. and Rombach, D. and Schneider, K. and Kitchenham, B. and Pfahl, D. and Selby, R.W.Editors}, year={2007}, month={Jun}, pages={181–183}, collection={Lecture Notes in Computer Science} } @inbook{williams_2007, place={Berlin Heidelberg}, series={Lecture Notes in Computer Science}, title={Structuring Families of Industrial Case Studies}, ISBN={9783540713005 9783540713012}, url={http://dx.doi.org/10.1007/978-3-540-71301-2_41}, DOI={10.1007/978-3-540-71301-2_41}, booktitle={Empirical Software Engineering Issues. Critical Assessment and Future Directions}, publisher={Springer}, author={Williams, Laurie}, editor={Basili, V.R. and Rombach, D. and Schneider, K. and Kitchenham, B. and Pfahl, D. and Selby, R.W.Editors}, year={2007}, month={Jun}, pages={134–134}, collection={Lecture Notes in Computer Science} } @article{layman_williams_damian_bures_2006, title={Essential communication practices for Extreme Programming in a global software development team}, volume={48}, ISSN={["1873-6025"]}, DOI={10.1016/j.infsof.2006.01.004}, number={9}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={Layman, Lucas and Williams, Laurie and Damian, Daniela and Bures, Hynek}, year={2006}, month={Sep}, pages={781–794} } @article{layman_williams_cunningham_2006, title={Motivations and measurements in an agile case study}, volume={52}, ISSN={["1873-6165"]}, DOI={10.1016/j.sysarc.2006.06.009}, number={11}, journal={JOURNAL OF SYSTEMS ARCHITECTURE}, author={Layman, Lucas and Williams, Laurie and Cunningham, Lynn}, year={2006}, month={Nov}, pages={654–667} } @article{zheng_williams_nagappan_snipes_hudepohl_vouk_2006, title={On the value of static analysis for fault detection in software}, volume={32}, ISSN={["1939-3520"]}, DOI={10.1109/TSE.2006.38}, number={4}, journal={IEEE TRANSACTIONS ON SOFTWARE ENGINEERING}, author={Zheng, J and Williams, L and Nagappan, N and Snipes, W and Hudepohl, JP and Vouk, MA}, year={2006}, month={Apr}, pages={240–253} } @article{george_williams_2004, title={A structured experiment of test-driven development}, volume={46}, ISSN={["1873-6025"]}, DOI={10.1016/j.infsof.2003.09.011}, number={5}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={George, B and Williams, L}, year={2004}, month={Apr}, pages={337–342} } @inproceedings{katira_williams_wiebe_miller_balik_gehringer_2004, title={On understanding compatibility of student pair programmers}, ISBN={1581137982}, url={http://dx.doi.org/10.1145/971300.971307}, DOI={10.1145/971300.971307}, booktitle={Proceedings of the 35th SIGCSE technical symposium on Computer science education - SIGCSE '04}, publisher={ACM Press}, author={Katira, Neha and Williams, Laurie and Wiebe, Eric and Miller, Carol and Balik, Suzanne and Gehringer, Ed}, year={2004} } @inbook{nagappan_williams_wiebe_miller_balik_ferzli_petlick_2003, title={Pair learning: With an eye toward future success}, volume={2753}, ISBN={354040662X}, DOI={10.1007/978-3-540-45122-8_21}, booktitle={Extreme programming and agile methods: XP/Agile Universe 2003: Third XP Agile Universe Conference, New Orleans, LA, USA, August 10-13, 2003}, publisher={Berlin; New York: Springer}, author={Nagappan, N. and Williams, L. and Wiebe, Eric and Miller, C. and Balik, S. and Ferzli, M. and Petlick, J.}, year={2003}, pages={185–198} } @article{erdogmus_williams_2003, title={The Economics of Software Development by Pair Programmers}, volume={48}, ISSN={0013-791X 1547-2701}, url={http://dx.doi.org/10.1080/00137910309408770}, DOI={10.1080/00137910309408770}, number={4}, journal={The Engineering Economist}, publisher={Informa UK Limited}, author={Erdogmus, Hakan and Williams, Laurie}, year={2003}, month={Jan}, pages={283–319} } @article{williams_2003, title={The XP programmer: The few-minutes programmer}, volume={20}, ISSN={["0740-7459"]}, DOI={10.1109/MS.2003.1196315}, number={3}, journal={IEEE SOFTWARE}, author={Williams, L}, year={2003}, pages={16–20} } @book{baheti_williams_gehringer_stotts_smith_2002, title={Distributed Pair Programming: Empirical Studies and Supporting Environments}, number={2002}, institution={Chapel Hill, NC: Dept. of Computer Science, University of North Carolina}, author={Baheti, P. and Williams, L. and Gehringer, E. and Stotts, D. and Smith, J.}, year={2002}, month={Mar}, pages={TR02–010} } @book{extreme programming and agile methods xp/agile universe 2002 : second xp universe and first agile universe conference, chicago, il, usa, august 4-7, 2002 : proceedings_2002, publisher={Berlin ;|aNew York: Springer}, year={2002} } @article{williams_wiebe_yang_ferzli_miller_2002, title={In support of paired programming in the introductory computer science course}, volume={12}, DOI={10.1076/csed.12.3.197.8618}, number={3}, journal={Computer Science Education}, author={Williams, L. and Wiebe, Eric and Yang, K. and Ferzli, M. and Miller, C.}, year={2002}, pages={197–212} } @article{hislop_lutz_naveda_mccracken_mead_williams_2002, title={Integrating Agile Practices into Software Engineering Courses}, volume={12}, ISSN={0899-3408 1744-5175}, url={http://dx.doi.org/10.1076/csed.12.3.169.8619}, DOI={10.1076/csed.12.3.169.8619}, number={3}, journal={Computer Science Education}, publisher={Informa UK Limited}, author={Hislop, Gregory W. and Lutz, Michael J. and Naveda, J. Fernando and McCracken, W. Michael and Mead, Nancy R. and Williams, Laurie A.}, year={2002}, month={Sep}, pages={169–185} } @misc{williams_2002, title={Letters - Try it, you'll like it}, volume={19}, number={1}, journal={IEEE Software}, author={Williams, L.}, year={2002}, pages={7} } @inproceedings{williams_yang_wiebe_ferzli_miller_2002, title={Pair programming in an introductory computer science course: Initial results and recommendations}, ISBN={1581134711}, booktitle={OOPSLA 2002: 17th ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications : conference proceedings: November 4-8, 2002, Washington State Convention and Trade Center, Seattle, Washington, USA}, publisher={New York, NY: ACM Press}, author={Williams, L. and Yang, K. and Wiebe, E. and Ferzli, M. and Miller, C.}, year={2002} } @article{borstler_carrington_hislop_lisack_olson_williams_2002, title={Teaching PSP: Challenges and lessons learned}, volume={19}, ISSN={["0740-7459"]}, DOI={10.1109/MS.2002.1032853}, number={5}, journal={IEEE SOFTWARE}, author={Borstler, J and Carrington, D and Hislop, GW and Lisack, S and Olson, K and Williams, L}, year={2002}, pages={42-+} } @article{williams_kessler_2001, title={Experiments with Industry's “Pair-Programming” Model in the Computer Science Classroom}, volume={11}, ISSN={0899-3408 1744-5175}, url={http://dx.doi.org/10.1076/csed.11.1.7.3846}, DOI={10.1076/csed.11.1.7.3846}, number={1}, journal={Computer Science Education}, publisher={Informa UK Limited}, author={Williams, Laurie A. and Kessler, Robert R.}, year={2001}, month={Jan}, pages={7–20} } @article{williams_kessler_cunningham_jeffries_2000, title={Strengthening the case for pair programming}, volume={17}, ISSN={["0740-7459"]}, DOI={10.1109/52.854064}, number={4}, journal={IEEE SOFTWARE}, author={Williams, L and Kessler, RR and Cunningham, W and Jeffries, R}, year={2000}, pages={19-+} }