Laurie Williams

Imtiaz, N., & Williams, L. (2023). [Review of Are Your Dependencies Code Reviewed?: Measuring Code Review Coverage in Dependency Updates]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 49(11), 4932–4945. https://doi.org/10.1109/TSE.2023.3319509

Zahan, N., Shohan, S., Harris, D., & Williams, L. (2023). Do Software Security Practices Yield Fewer Vulnerabilities? 2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE, ICSE-SEIP, pp. 292–303. https://doi.org/10.1109/ICSE-SEIP58684.2023.00032

Imtiaz, N., Khanom, A., & Williams, L. (2023). Open or Sneaky? Fast or Slow? Light or Heavy?: Investigating Security Releases of Open Source Packages. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 49(4), 1540–1560. https://doi.org/10.1109/TSE.2022.3181010

Zahan, N., Kanakiya, P., Hambleton, B., Shohan, S., & Williams, L. (2023). OpenSSF Scorecard: On the Path Toward Ecosystem-Wide Automated Security Metrics. IEEE SECURITY & PRIVACY, 21(6), 76–88. https://doi.org/10.1109/MSEC.2023.3279773

Basak, S. K., Neil, L., Reaves, B., & Williams, L. (2023). SecretBench: A Dataset of Software Secrets. 2023 IEEE/ACM 20TH INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES, MSR, pp. 347–351. https://doi.org/10.1109/MSR59073.2023.00053

Massacci, F., & Williams, L. (2023, November). Software Supply Chain Security. IEEE SECURITY & PRIVACY, Vol. 21, pp. 8–10. https://doi.org/10.1109/MSEC.2023.3321189

Rahman, M. R., Hezaveh, R. M., & Williams, L. (2023). What Are the Attackers Doing Now? Automating Cyberthreat Intelligence Extraction from Text on Pace with the Changing Threat Landscape: A Survey. ACM COMPUTING SURVEYS, 55(12). https://doi.org/10.1145/3571726

Basak, S. K., Neil, L., Reaves, B., & Williams, L. (2023). What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts? 2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ICSE, pp. 1635–1647. https://doi.org/10.1109/ICSE48619.2023.00141

Shu, R., Xia, T., Williams, L., & Menzies, T. (2022). Dazzle: Using Optimized Generative Adversarial Networks to Address Security Data Class Imbalance Issue. 2022 MINING SOFTWARE REPOSITORIES CONFERENCE (MSR 2022), pp. 144–155. https://doi.org/10.1145/3524842.3528437

Elder, S., Zahan, N., Shu, R., Metro, M., Kozarev, V., Menzies, T., & Williams, L. (2022). Do I really need all this work to find vulnerabilities? An empirical case study comparing vulnerability detection techniques on a Java application. EMPIRICAL SOFTWARE ENGINEERING, 27(6). https://doi.org/10.1007/s10664-022-10179-6

Weir, C., Migues, S., & Williams, L. (2022, March 9). Exploring the Shift in Security Responsibility. IEEE SECURITY & PRIVACY. https://doi.org/10.1109/MSEC.2022.3150238

Mahdavi-Hezaveh, R., Ajmeri, N., & Williams, L. (2022). Feature toggles as code: Heuristics and metrics for structuring feature toggles. INFORMATION AND SOFTWARE TECHNOLOGY, 145. https://doi.org/10.1016/j.infsof.2021.106813

Shu, R., Xia, T., Williams, L., & Menzies, T. (2022). Omni: automated ensemble with unexpected models against adversarial evasion attack. EMPIRICAL SOFTWARE ENGINEERING, 27(1). https://doi.org/10.1007/s10664-021-10064-8

Enck, W., & Williams, L. (2022). Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations. IEEE SECURITY & PRIVACY, 20(2), 96–100. https://doi.org/10.1109/MSEC.2022.3142338

Zahan, N., Zimmermann, T., Godefroid, P., Murphy, B., Maddila, C., & Williams, L. (2022). What are Weak Links in the npm Supply Chain? 2022 ACM/IEEE 44TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE (ICSE-SEIP 2022), pp. 331–340. https://doi.org/10.1145/3510457.3513044

Basak, S. K., Neil, L., Reaves, B., & Williams, L. (2022). What are the Practices for Secret Management in Software Artifacts? 2022 IEEE SECURE DEVELOPMENT CONFERENCE (SECDEV 2022), pp. 69–76. https://doi.org/10.1109/SecDev53368.2022.00026

Rahman, M. R., Imtiaz, N., Storey, M.-A., & Williams, L. (2022). Why secret detection tools are not enough: It's not just about false positives-An industrial case study. EMPIRICAL SOFTWARE ENGINEERING, 27(3). https://doi.org/10.1007/s10664-021-10109-y

Rahman, A., & Williams, L. (2021). Different Kind of Smells: Security Smells in Infrastructure as Code Scripts. IEEE SECURITY & PRIVACY, 19(3), 33–41. https://doi.org/10.1109/MSEC.2021.3065190

Shu, R., Xia, T., Chen, J., Williams, L., & Menzies, T. (2021). How to Better Distinguish Security Bug Reports (Using Dual Hyperparameter Optimization). EMPIRICAL SOFTWARE ENGINEERING, 26(3). https://doi.org/10.1007/s10664-020-09906-8

Yu, Z., Theisen, C., Williams, L., & Menzies, T. (2021). Improving Vulnerability Inspection Efficiency Using Active Learning. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 47(11), 2401–2420. https://doi.org/10.1109/TSE.2019.2949275

Weir, C., Migues, S., Ware, M., & Williams, L. (2021). Infiltrating Security into Development: Exploring the World' Largest Software Security Study. PROCEEDINGS OF THE 29TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE '21), pp. 1326–1336. https://doi.org/10.1145/34682643473926

Rahman, A., Rahman, M. R., Parnin, C., & Williams, L. (2021). Security Smells in Ansible and Chef Scripts: A Replication Study. ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 30(1). https://doi.org/10.1145/3408897

Mahdavi-Hezaveh, R., Dremann, J., & Williams, L. (2021). Software development with feature toggles: practices used by practitioners. EMPIRICAL SOFTWARE ENGINEERING, 26(1). https://doi.org/10.1007/s10664-020-09901-z

Elder, S. E., Zahan, N., Kozarev, V., Shu, R., Menzies, T., & Williams, L. (2021). Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard. 2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: JOINT TRACK ON SOFTWARE ENGINEERING EDUCATION AND TRAINING (ICSE-JSEET 2021), pp. 95–104. https://doi.org/10.1109/ICSE-SEET52601.2021.00019

Rahman, M. R., Mahdavi-Hezaveh, R., & Williams, L. (2020). A Literature Review on Mining Cyberthreat Intelligence from Unstructured Texts. 20TH IEEE INTERNATIONAL CONFERENCE ON DATA MINING WORKSHOPS (ICDMW 2020), pp. 516–525. https://doi.org/10.1109/ICDMW51313.2020.00075

Theisen, C., & Williams, L. (2020). Better together: Comparing vulnerability prediction models. INFORMATION AND SOFTWARE TECHNOLOGY, 119. https://doi.org/10.1016/j.infsof.2019.106204

Rahman, A., Farhana, E., Parnin, C., & Williams, L. (2020). Gang of Eight: A Defect Taxonomy for Infrastructure as Code Scripts. 2020 ACM/IEEE 42ND INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2020), pp. 752–764. https://doi.org/10.1145/3377811.3380409

Rahman, A., Farhana, E., & Williams, L. (2020). The 'as code' activities: development anti-patterns for infrastructure as code. EMPIRICAL SOFTWARE ENGINEERING, 25(5), 3430–3467. https://doi.org/10.1007/s10664-020-09841-8

Rahman, A., Mandavi-Hezaveh, R., & Williams, L. (2019). A systematic mapping study of infrastructure as code research. INFORMATION AND SOFTWARE TECHNOLOGY, 108, 65–77. https://doi.org/10.1016/j.infsof.2018.12.004

Imtiaz, N., Murphy, B., & Williams, L. (2019). How Do Developers Act on Static Analysis Alerts? An Empirical Study of Coverity Usage. 2019 IEEE 30TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE), pp. 323–333. https://doi.org/10.1109/ISSRE.2019.00040

Rahman, M. R., Rahman, A., & Williams, L. (2019). Share, But Be Aware: Security Smells in Python Gists. 2019 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE AND EVOLUTION (ICSME 2019), pp. 536–540. https://doi.org/10.1109/ICSME.2019.00087

Rahman, A., & Williams, L. (2019). Source code properties of defective infrastructure as code scripts. INFORMATION AND SOFTWARE TECHNOLOGY, 112, 148–163. https://doi.org/10.1016/j.infsof.2019.04.013

Rahman, A., Parnin, C., & Williams, L. (2019). The Seven Sins: Security Smells in Infrastructure as Code Scripts. 2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2019), pp. 164–175. https://doi.org/10.1109/ICSE.2019.00033

Morrison, P. J., Pandita, R., Xiao, X., Chillarege, R., & Williams, L. (2018). Are Vulnerabilities Discovered and Resolved like Other Defects? PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), pp. 498–498. https://doi.org/10.1145/3180155.3182553

Morrison, P. J., Pandita, R., Xiao, X., Chillarege, R., & Williams, L. (2018). Are vulnerabilities discovered and resolved like other defects? EMPIRICAL SOFTWARE ENGINEERING, 23(3), 1383–1421. https://doi.org/10.1007/s10664-017-9541-1

Theisen, C., Munaiah, N., Al-Zyoud, M., Carver, J. C., Meneely, A., & Williams, L. (2018). [Review of Attack surface definitions: A systematic literature review]. INFORMATION AND SOFTWARE TECHNOLOGY, 104, 94–103. https://doi.org/10.1016/j.infsof.2018.07.008

Rahman, A., & Williams, L. (2018). Characterizing Defective Configuration Scripts Used for Continuous Deployment. 2018 IEEE 11TH INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION (ICST), pp. 34–45. https://doi.org/10.1109/icst.2018.00014

Williams, L. (2018). Continuously Integrating Security. 2018 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SECURITY AWARENESS FROM DESIGN TO DEPLOYMENT (SEAD), pp. 1–2. https://doi.org/10.1145/3194707.3194717

Morrison, P., Oyetoyan, T. D., & Williams, L. (2018). Identifying Security Issues in Software Development: Are Keywords Enough? PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING - COMPANION (ICSE-COMPANION, pp. 426–427. https://doi.org/10.1145/3183440.3195040

Morrison, P., Moye, D., Pandita, R., & Williams, L. (2018). Mapping the field of software life cycle security metrics. INFORMATION AND SOFTWARE TECHNOLOGY, 102, 146–159. https://doi.org/10.1016/j.infsof.2018.05.011

Rahman, A., Stallings, J., & Williams, L. (2018). Poster: Defect Prediction Metrics for Infrastructure as Code Scripts in DevOps. PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING - COMPANION (ICSE-COMPANION, pp. 414–415. https://doi.org/10.1145/3183440.3195034

Rahman, A., Partho, A., Morrison, P., & Williams, L. (2018). What Questions Do Programmers Ask About Configuration as Code? PROCEEDINGS 2018 IEEE/ACM 4TH INTERNATIONAL WORKSHOP ON RAPID CONTINUOUS SOFTWARE ENGINEERING (RCOSE), pp. 16–22. https://doi.org/10.1145/3194760.3194769

Williams, L., & Baldwin, D. (2017, November). Highlights of the ACM Student Research Competition. COMMUNICATIONS OF THE ACM, Vol. 60, pp. 5–5. https://doi.org/10.1145/3145811

Riaz, M., King, J., Slankas, J., Williams, L., Massacci, F., Quesada-Lopez, C., & Jenkins, M. (2017). Identifying the implied: Findings from three differentiated replications on the use of security requirements templates. EMPIRICAL SOFTWARE ENGINEERING, 22(4), 2127–2178. https://doi.org/10.1007/s10664-016-9481-1

Pandita, R., Jetley, R., Sudarsan, S., Menzies, T., & Williams, L. (2017). TMAP: Discovering relevant API methods through text mining of API documentation. Journal of Software: Evolution and Process, 29(12), e1845. https://doi.org/10.1002/SMR.1845

Williams, L. (2017). The Rising Tide Lifts All Boats: The Advancement of Science in Cyber Security (Invited Talk). ESEC/FSE 2017: PROCEEDINGS OF THE 2017 11TH JOINT MEETING ON FOUNDATIONS OF SOFTWARE ENGINEERING, pp. 1–1. https://doi.org/10.1145/3106237.3121272

Parnin, C., Helms, E., Atlee, C., Boughton, H., Ghattas, M., Glover, A., … Williams, L. (2017). The Top 10 Adages in Continuous Deployment. IEEE SOFTWARE, 34(3), 86–95. https://doi.org/10.1109/ms.2017.86

King, J., Stallings, J., Riaz, M., & Williams, L. (2017). To log, or not to log: using heuristics to identify mandatory log events - a controlled experiment. EMPIRICAL SOFTWARE ENGINEERING, 22(5), 2684–2717. https://doi.org/10.1007/s10664-016-9449-1

Choi, H.-M., & Ji, C.-R. (2017). Twist-3 Distribution Amplitudes of Pion in the Light-Front Quark Model. Few-Body Systems, 58(2). https://doi.org/10.1007/s00601-016-1208-8

Pandita, R., Taneja, K., Tung, T., & Williams, L. (2016). ICON: Inferring temporal constraints from natural language API descriptions. 32nd ieee international conference on software maintenance and evolution (icsme 2016), 378–388.

Kafali, O., Singh, M. P., & Williams, L. (2016). NANE: Identifying Misuse Cases Using Temporal Norm Enactments. 2016 IEEE 24TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE), pp. 136–145. https://doi.org/10.1109/re.2016.34

Rahman, A. A. U., & Williams, L. (2016). Software Security in DevOps: Synthesizing Practitioners' Perceptions and Practices. INTERNATIONAL WORKSHOP ON CONTINUOUS SOFTWARE EVOLUTION AND DELIVERY, CSED 2016, pp. 70–76. https://doi.org/10.1145/2896941.2896946

Theisen, C., & Williams, L. (2016). Stack traces reveal attack surfaces. Perspectives on Data Science for Software Engineering, 73–76.

Alonso-Mori, R., Asa, K., Bergmann, U., Brewster, A. S., Chatterjee, R., Cooper, J. K., … Yano, J. (2016). Towards characterization of photo-excited electron transfer and catalysis in natural and artificial systems using XFELs. FARADAY DISCUSSIONS, 194, 621–638. https://doi.org/10.1039/c6fd00084c

Xie, T., & Enck, W. (2016). Tutorial: text analytics for security. Symposium and Bootcamp on the Science of Security, 124–125.

systematically developing prevention, detection, and response patterns for security requirements. (2016). 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW), 62–67.

Pandita, R., Jetley, R. P., Sudarsan, S. D., & Williams, L. (2015). Discovering likely mappings between APIs using text mining. Ieee international working conference on source code analysis and, 231–240. https://doi.org/10.1109/scam.2015.7335419

Riaz, M., Breaux, T., & Williams, L. (2015). How have we evaluated software pattern application? A systematic mapping study of research design practices. INFORMATION AND SOFTWARE TECHNOLOGY, 65, 14–38. https://doi.org/10.1016/j.infsof.2015.04.002

Ur Rahman, A. A., Helms, E., Williams, L., & Parnin, C. (2015). Synthesizing Continuous Deployment Practices Used in Software Development. 2015 AGILE CONFERENCE, pp. 1–10. https://doi.org/10.1109/agile.2015.12

Doyle, M., Williams, L., Cohn, M., & Rubin, K. S. (2014). Agile Software Development in Practice. In Lecture Notes in Business Information Processing (pp. 32–45). https://doi.org/10.1007/978-3-319-06862-6_3

Riaz, M., King, J., Slankas, J., & Williams, L. (2014). Hidden in plain sight: Automatically identifying security requirements from natural language artifacts. 2014 ieee 22nd international requirements engineering conference (re), 183–192. https://doi.org/10.1109/re.2014.6912260

Rivers, A. T., Vouk, M. A., & Williams, L. (2014). On Coverage-Based Attack Profiles. 2014 IEEE EIGHTH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY - COMPANION (SERE-C 2014), pp. 5–6. https://doi.org/10.1109/sere-c.2014.15

Hibshi, H., Breaux, T., Riaz, M., & Williams, L. (2014). Towards a framework to measure security expertise in requirements analysis. 2014 IEEE 1st Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), 13–18. https://doi.org/10.1109/espre.2014.6890522

Austin, A., Holmgreen, C., & Williams, L. (2013). A comparison of the efficiency and effectiveness of vulnerability discovery techniques. INFORMATION AND SOFTWARE TECHNOLOGY, 55(7), 1279–1288. https://doi.org/10.1016/j.infsof.2012.11.007

Slankas, J., & Williams, L. (2013). Access Control Policy Extraction from Unconstrained Natural Language Text. 2013 ASE/IEEE INTERNATIONAL CONFERENCE ON SOCIAL COMPUTING (SOCIALCOM), pp. 435–440. https://doi.org/10.1109/socialcom.2013.68

Slankas, J., & Williams, L. (2013). Automated extraction of non-functional requirements in available documentation. 2013 1st International Workshop on Natural Language Analysis in Software Engineering (NaturaLiSE), 9–16. https://doi.org/10.1109/naturalise.2013.6611715

Shin, Y., & Williams, L. (2013). Can traditional fault prediction models be used for vulnerability prediction? EMPIRICAL SOFTWARE ENGINEERING, 18(1), 25–59. https://doi.org/10.1007/s10664-011-9190-8

Subramani, S., Vouk, M., & Williams, L. (2013). Non-operational testing of software for security issues. 2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), 21–22. https://doi.org/10.1109/issrew.2013.6688857

Morrison, P., Holmgreen, C., Massey, A., & Williams, L. (2013). Proposing Regulatory-Driven Automated Test Suites. 2013 AGILE CONFERENCE (AGILE), pp. 11–21. https://doi.org/10.1109/agile.2013.8

Morrison, P., Holmgreen, C., Massey, A., & Williams, L. (2013). Proposing regulatory-driven automated test suites for electronic health record systems. 2013 5th international workshop on software engineering in health care (sehc), 46–49. https://doi.org/10.1109/sehc.2013.6602477

Srikanth, H., Banerjee, S., Williams, L., & Osborne, J. (2013). Towards the prioritization of system test cases. Software Testing, Verification and Reliability, 24(4), 320–337. https://doi.org/10.1002/stvr.1500

Meneely, A., Smith, B., & Williams, L. (2012). Validating Software Metrics: A Spectrum of Philosophies. ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 21(4). https://doi.org/10.1145/2377656.2377661

Williams, L. (2012). What Agile Teams Think of Agile Principles. COMMUNICATIONS OF THE ACM, 55(4), 71–76. https://doi.org/10.1145/2133806.2133823

Heckman, S., & Williams, L. (2011). [Review of A systematic literature review of actionable alert identification techniques for automated static code analysis]. INFORMATION AND SOFTWARE TECHNOLOGY, 53(4), 363–387. https://doi.org/10.1016/j.infsof.2010.12.007

Meneely, A., & Williams, L. (2011). Socio-technical developer networks: Should we trust our measurements? 2011 33rd International Conference on Software Engineering (ICSE), 281–290. https://doi.org/10.1145/1985793.1985832

Williams, L. (2010). Agile software development methodologies and practices. Advances in Computers, Vol 80, 80, 1–44.

Williams, L. (2010, August). Guest editorial: Special issue on software reliability engineering. EMPIRICAL SOFTWARE ENGINEERING, Vol. 15, pp. 321–322. https://doi.org/10.1007/s10664-010-9129-5

Smith, B., Williams, L., & Austin, A. (2010). Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks. In F. Massacci, D. Wallach, & N. Zannone (Eds.), Engineering Secure Software and Systems. ESSoS 2010 (pp. 192–200). https://doi.org/10.1007/978-3-642-11747-3_15

Smith, B., Williams, L., & Austin, A. (2010). Idea: Using system level testing for revealing SQL injection-related error message information leaks. Engineering secure software and systems, proceedings, 5965, 192–200.

Williams, L., Meneely, A., & Shipley, G. (2010). Protection Poker: The New Software Security "Game". IEEE SECURITY & PRIVACY, 8(3), 14–20. https://doi.org/10.1109/msp.2010.58

Thomas, S., Williams, L., & Xie, T. (2009). On automated prepared statement generation to remove SQL injection vulnerabilities. INFORMATION AND SOFTWARE TECHNOLOGY, 51(3), 589–598. https://doi.org/10.1016/j.infsof.2008.08.002

Smith, B. H., & Williams, L. (2009). On guiding the augmentation of an automated test suite via mutation analysis. EMPIRICAL SOFTWARE ENGINEERING, 14(3), 341–369. https://doi.org/10.1007/s10664-008-9083-7

Williams, L., Gegick, M., & Meneely, A. (2009). Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer. In F. Massacci, S. T. Redwine, & N. Zannone (Eds.), Engineering Secure Software and Systems. ESSoS 2009 (pp. 122–134). https://doi.org/10.1007/978-3-642-00199-4_11

Meneely, A., & Williams, L. (2009). Secure open source collaboration: An empirical study of linus' law. CCS'09: Proceedings of the 16th ACM Conference on Computer and Communications Security, 453–462. https://doi.org/10.1145/1653662.1653717

Smith, B. H., & Williams, L. (2009). Should software testers use mutation analysis to augment a test set? JOURNAL OF SYSTEMS AND SOFTWARE, 82(11), 1819–1832. https://doi.org/10.1016/j.jss.2009.06.031

Gegick, M., Rotella, P., & Williams, L. (2009). Toward Non-security Failures as a Predictor of Security Faults and Failures. In F. Massacci, S. T. Redwine, & N. Zannone (Eds.), Engineering Secure Software and Systems. ESSoS 2009. (pp. 135–149). https://doi.org/10.1007/978-3-642-00199-4_12

Layman, L., Williams, L., Slaten, K., Berenson, S., & Vouk, M. (2008). Addressing diverse needs through a balance of agile and plan-driven software development methodologies in the core software engineering course. International Journal of Engineering Education, 24(4), 659–670.

Nagappan, N., Maximilien, E. M., Bhat, T., & Williams, L. (2008). Realizing quality improvement through test driven development: results and experiences of four industrial teams. EMPIRICAL SOFTWARE ENGINEERING, 13(3), 289–302. https://doi.org/10.1007/s10664-008-9062-z

Prechelt, L., & Williams, L. (2007). Industry-Research Collaboration Working Group Results. In V. R. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl, & R. W. Selby (Eds.), Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 153–157). https://doi.org/10.1007/978-3-540-71301-2_46

Gegick, M., & Williams, L. (2007). On the design of more secure software-intensive systems by use of attack patterns. INFORMATION AND SOFTWARE TECHNOLOGY, 49(4), 381–397. https://doi.org/10.1016/j.infsof.2006.06.002

Williams, L., Erdogmus, H., & Selby, R. (2007). Roadmapping Working Group 4 Results. In V. R. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl, & R. W. Selby (Eds.), Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 181–183). https://doi.org/10.1007/978-3-540-71301-2_53

Williams, L. (2007). Structuring Families of Industrial Case Studies. In V. R. Basili, D. Rombach, K. Schneider, B. Kitchenham, D. Pfahl, & R. W. Selby (Eds.), Empirical Software Engineering Issues. Critical Assessment and Future Directions (pp. 134–134). https://doi.org/10.1007/978-3-540-71301-2_41

Layman, L., Williams, L., Damian, D., & Bures, H. (2006). Essential communication practices for Extreme Programming in a global software development team. INFORMATION AND SOFTWARE TECHNOLOGY, 48(9), 781–794. https://doi.org/10.1016/j.infsof.2006.01.004

Layman, L., Williams, L., & Cunningham, L. (2006, November). Motivations and measurements in an agile case study. JOURNAL OF SYSTEMS ARCHITECTURE, Vol. 52, pp. 654–667. https://doi.org/10.1016/j.sysarc.2006.06.009

Zheng, J., Williams, L., Nagappan, N., Snipes, W., Hudepohl, J. P., & Vouk, M. A. (2006). On the value of static analysis for fault detection in software. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 32(4), 240–253. https://doi.org/10.1109/TSE.2006.38

George, B., & Williams, L. (2004, April 15). A structured experiment of test-driven development. INFORMATION AND SOFTWARE TECHNOLOGY, Vol. 46, pp. 337–342. https://doi.org/10.1016/j.infsof.2003.09.011

Katira, N., Williams, L., Wiebe, E., Miller, C., Balik, S., & Gehringer, E. (2004). On understanding compatibility of student pair programmers. Proceedings of the 35th SIGCSE technical symposium on Computer science education  - SIGCSE '04. Presented at the the 35th SIGCSE technical symposium. https://doi.org/10.1145/971300.971307

Nagappan, N., Williams, L., Wiebe, E., Miller, C., Balik, S., Ferzli, M., & Petlick, J. (2003). Pair learning: With an eye toward future success. In Extreme programming and agile methods: XP/Agile Universe 2003: Third XP Agile Universe Conference, New Orleans, LA, USA, August 10-13, 2003 (Vol. 2753, pp. 185–198). https://doi.org/10.1007/978-3-540-45122-8_21

Erdogmus, H., & Williams, L. (2003). The Economics of Software Development by Pair Programmers. The Engineering Economist, 48(4), 283–319. https://doi.org/10.1080/00137910309408770

Williams, L. (2003). The XP programmer: The few-minutes programmer. IEEE SOFTWARE, Vol. 20, pp. 16–20. https://doi.org/10.1109/MS.2003.1196315

Baheti, P., Williams, L., Gehringer, E., Stotts, D., & Smith, J. (2002). Distributed Pair Programming: Empirical Studies and Supporting Environments (pp. TR02–010). Chapel Hill, NC: Dept. of Computer Science, University of North Carolina.

Extreme programming and agile methods XP/Agile Universe 2002 : Second XP Universe and First Agile Universe Conference, Chicago, IL, USA, August 4-7, 2002 : proceedings. (2002). Berlin ;|aNew York: Springer.

Williams, L., Wiebe, E., Yang, K., Ferzli, M., & Miller, C. (2002). In support of paired programming in the introductory computer science course. Computer Science Education, 12(3), 197–212. https://doi.org/10.1076/csed.12.3.197.8618

Hislop, G. W., Lutz, M. J., Naveda, J. F., McCracken, W. M., Mead, N. R., & Williams, L. A. (2002). Integrating Agile Practices into Software Engineering Courses. Computer Science Education, 12(3), 169–185. https://doi.org/10.1076/csed.12.3.169.8619

Williams, L. (2002). Letters - Try it, you'll like it.

Williams, L., Yang, K., Wiebe, E., Ferzli, M., & Miller, C. (2002). Pair programming in an introductory computer science course: Initial results and recommendations. OOPSLA 2002: 17th ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications : conference proceedings: November 4-8, 2002, Washington State Convention and Trade Center, Seattle, Washington, USA. New York, NY: ACM Press.

Borstler, J., Carrington, D., Hislop, G. W., Lisack, S., Olson, K., & Williams, L. (2002). Teaching PSP: Challenges and lessons learned. IEEE SOFTWARE, Vol. 19, pp. 42-+. https://doi.org/10.1109/MS.2002.1032853

Williams, L. A., & Kessler, R. R. (2001). Experiments with Industry's “Pair-Programming” Model in the Computer Science Classroom. Computer Science Education, 11(1), 7–20. https://doi.org/10.1076/csed.11.1.7.3846

Williams, L., Kessler, R. R., Cunningham, W., & Jeffries, R. (2000). Strengthening the case for pair programming. IEEE SOFTWARE, 17(4), 19-+. https://doi.org/10.1109/52.854064