Works (10)

Updated: April 4th, 2024 07:10

2023 article

Do Software Security Practices Yield Fewer Vulnerabilities?

2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE, ICSE-SEIP, pp. 292–303.

By: N. Zahan n, S. Shohan n, D. Harris n & L. Williams n

Sources: Web Of Science, ORCID
Added: August 21, 2023

2023 conference paper

Do Software Security Practices Yield Fewer Vulnerabilities?

By: N. Zahan*, S. Shohan, D. Harris & L. Williams

Source: ORCID
Added: January 22, 2024

2023 journal article

OpenSSF Scorecard: On the Path Toward Ecosystem-Wide Automated Security Metrics

IEEE SECURITY & PRIVACY, 21(6), 76–88.

By: N. Zahan n, P. Kanakiya*, B. Hambleton n, S. Shohan* & L. Williams n

author keywords: Security; Software measurement; Software development management; Open source software; Ecosystems; Task analysis; Standards
Sources: ORCID, Web Of Science
Added: February 11, 2024

2023 journal article

Software Bills of Materials Are Required. Are We There Yet?

IEEE Security &Amp; Privacy, 21(2), 82–88.

By: N. Zahan n, E. Lin n, M. Tamanna n, W. Enck n & L. Williams n

Source: ORCID
Added: January 2, 2024

2023 article

Software Supply Chain Risk Assessment Framework

2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: COMPANION PROCEEDINGS, ICSE-COMPANION, pp. 251–255.

By: N. Zahan n

author keywords: Software supply chain security; security metrics; weak link signal; risk assessment framework
Sources: Web Of Science, ORCID
Added: August 28, 2023

2022 journal article

Comparing Effectiveness and Efficiency of Interactive Application Security Testing (Iast) and Runtime Application Self-Protection (Rasp) Tools in A Large Java-Based System

SSRN Electronic Journal.

By: A. Seth, S. Bhattacharya, N. Zahan* & L. Williams

Source: ORCID
Added: January 22, 2024

2022 journal article

Do I really need all this work to find vulnerabilities? An empirical case study comparing vulnerability detection techniques on a Java application

EMPIRICAL SOFTWARE ENGINEERING, 27(6).

By: S. Elder n, N. Zahan n, R. Shu n, M. Metro n, V. Kozarev n, T. Menzies n, L. Williams n

author keywords: Vulnerability Management; Web Application Security; Penetration Testing; Vulnerability Scanners
Sources: Web Of Science, ORCID
Added: August 22, 2022

2022 article

OpenSSF Scorecard: On the Path Toward Ecosystem-wide Automated Security Metrics

By: N. Zahan*, P. Kanakiya, B. Hambleton, S. Shohan & L. Williams

Source: ORCID
Added: January 22, 2024

2022 article

What are Weak Links in the npm Supply Chain?

2022 ACM/IEEE 44TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE (ICSE-SEIP 2022), pp. 331–340.

By: N. Zahan n, T. Zimmermann*, P. Godefroid*, B. Murphy*, C. Maddila* & L. Williams n

co-author countries: United Kingdom of Great Britain and Northern Ireland 🇬🇧
author keywords: Software Ecosystem; Supply Chain Security; npm; Weak link Signal
Sources: Web Of Science, ORCID
Added: September 19, 2022

2021 article

Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard

2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: JOINT TRACK ON SOFTWARE ENGINEERING EDUCATION AND TRAINING (ICSE-JSEET 2021), pp. 95–104.

By: S. Elder n, N. Zahan n, V. Kozarev n, R. Shu n, T. Menzies n & L. Williams n

author keywords: Security and Protection; Computer and Information Science Education; Industry-Standards
Sources: Web Of Science, ORCID
Added: November 1, 2021

Education

Updated: April 18th, 2023 09:54

2020 - present

North Carolina State University Raleigh, North Carolina, US
Computer Science

Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.

Certain data included herein are derived from the Web of Science© and InCites© (2024) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.