Works (11)

Updated: September 8th, 2024 05:09

2024 article

MalwareBench: Malware samples are not enough

2024 IEEE/ACM 21ST INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES, MSR, pp. 728–732.

By: N. Zahan n, P. Burckhardt, M. Lysenko, F. Aboukhadijeh & L. Williams n

author keywords: Software Engineering Security; Software Supply Chain; Software Supply Chain Security; npm and PyPI Ecosystems; Malicious Packages; Benchmark Dataset
Sources: ORCID, Web Of Science, NC State University Libraries
Added: July 8, 2024

2023 article

Do Software Security Practices Yield Fewer Vulnerabilities?

2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE, ICSE-SEIP, pp. 292–303.

By: N. Zahan n, S. Shohan n, D. Harris n & L. Williams n

TL;DR: Five supervised machine learning models for npm and PyPI packages were developed using the OpenSSF Scorecard security practices scores and aggregate security scores as predictors and the number of externally-reported vulnerabilities as a target variable, finding that four security practices were the most important practices influencing vulnerability count. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries
Added: August 21, 2023

2023 journal article

OpenSSF Scorecard: On the Path Toward Ecosystem-Wide Automated Security Metrics

IEEE SECURITY & PRIVACY, 21(6), 76–88.

By: N. Zahan n, P. Kanakiya*, B. Hambleton n, S. Shohan* & L. Williams n

author keywords: Security; Software measurement; Software development management; Open source software; Ecosystems; Task analysis; Standards
TL;DR: This study evaluates the applicability of the Scorecard tool and compares the security practices and gaps in the npm and PyPI ecosystems. (via Semantic Scholar)
UN Sustainable Development Goal Categories
15. Life on Land (OpenAlex)
Sources: ORCID, Web Of Science, NC State University Libraries
Added: February 11, 2024

2023 journal article

Software Bills of Materials Are Required. Are We There Yet?

IEEE Security &Amp; Privacy, 21(2), 82–88.

By: N. Zahan n, E. Lin n, M. Tamanna n, W. Enck n & L. Williams n

TL;DR: The top five benefits and challenges of adopting software bill of materials (SBOM) are outlined, identified by reviewing 200 Internet articles. (via Semantic Scholar)
Source: ORCID
Added: January 2, 2024

2023 article

Software Supply Chain Risk Assessment Framework

2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: COMPANION PROCEEDINGS, ICSE-COMPANION, pp. 251–255.

By: N. Zahan n

author keywords: Software supply chain security; security metrics; weak link signal; risk assessment framework
TL;DR: The thesis presents research on software security metrics evaluation in different ecosystems by leveraging software security frameworks, malicious attack vectors, and the OpenSSF Scorecard project to detect the implementation of secure practices and their significance to security outcomes. (via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries
Added: August 28, 2023

2022 journal article

Comparing Effectiveness and Efficiency of Interactive Application Security Testing (Iast) and Runtime Application Self-Protection (Rasp) Tools in A Large Java-Based System

SSRN Electronic Journal.

By: A. Seth, S. Bhattacharya, N. Zahan* & L. Williams

Source: ORCID
Added: January 22, 2024

2022 journal article

Do I really need all this work to find vulnerabilities? An empirical case study comparing vulnerability detection techniques on a Java application

EMPIRICAL SOFTWARE ENGINEERING, 27(6).

By: S. Elder n, N. Zahan n, R. Shu n, M. Metro n, V. Kozarev n, T. Menzies n, L. Williams n

author keywords: Vulnerability Management; Web Application Security; Penetration Testing; Vulnerability Scanners
TL;DR: The goal of this research is to assist managers and other decision-makers in making informed choices about the use of software vulnerability detection techniques through an empirical study of the efficiency and effectiveness of four techniques on a Java-based web application. (via Semantic Scholar)
UN Sustainable Development Goal Categories
16. Peace, Justice and Strong Institutions (OpenAlex)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: August 22, 2022

2022 conference paper

Do Software Security Practices Yield Fewer Vulnerabilities?

By: N. Zahan*, S. Shohan, D. Harris & L. Williams

Source: ORCID
Added: January 22, 2024

2022 article

OpenSSF Scorecard: On the Path Toward Ecosystem-wide Automated Security Metrics

By: N. Zahan*, P. Kanakiya, B. Hambleton, S. Shohan & L. Williams

TL;DR: The OpenSSF Scorecard project was used to understand the security practices and gaps in npm and PyPI ecosystems and to confirm the applicability of the Scorecard tool. (via Semantic Scholar)
UN Sustainable Development Goal Categories
15. Life on Land (OpenAlex)
Source: ORCID
Added: January 22, 2024

2022 article

What are Weak Links in the npm Supply Chain?

2022 ACM/IEEE 44TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE (ICSE-SEIP 2022), pp. 331–340.

By: N. Zahan n, T. Zimmermann*, P. Godefroid*, B. Murphy*, C. Maddila* & L. Williams n

author keywords: Software Ecosystem; Supply Chain Security; npm; Weak link Signal
TL;DR: The metadata of 1.63 million JavaScript npm packages was analyzed and six signals of security weaknesses in a software supply chain, such as the presence of install scripts, maintainer accounts associated with an expired email domain, and inactive packages with inactive maintainers were proposed. (via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: September 19, 2022

2021 article

Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard

2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: JOINT TRACK ON SOFTWARE ENGINEERING EDUCATION AND TRAINING (ICSE-JSEET 2021), pp. 95–104.

By: S. Elder n, N. Zahan n, V. Kozarev n, R. Shu n, T. Menzies n & L. Williams n

author keywords: Security and Protection; Computer and Information Science Education; Industry-Standards
TL;DR: A theme of the course assignments was to map vulnerability discovery to the security controls of the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS), and this mapping may have increased students' depth of understanding of a wider range of security topics. (via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: November 1, 2021

Education

Updated: April 18th, 2023 09:54

2020 - present

North Carolina State University Raleigh, North Carolina, US
Computer Science

Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.

Certain data included herein are derived from the Web of Science© and InCites© (2024) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.