Nusrat Zahan

Zahan, N., Shohan, S., Harris, D., & Williams, L. (2023). Do Software Security Practices Yield Fewer Vulnerabilities? 2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE, ICSE-SEIP, pp. 292–303. https://doi.org/10.1109/ICSE-SEIP58684.2023.00032

Zahan, N., Shohan, S., Harris, D., & Williams, L. (2023). Do Software Security Practices Yield Fewer Vulnerabilities? https://doi.org/10.48550/ARXIV.2210.14884

Zahan, N., Kanakiya, P., Hambleton, B., Shohan, S., & Williams, L. (2023). OpenSSF Scorecard: On the Path Toward Ecosystem-Wide Automated Security Metrics. IEEE SECURITY & PRIVACY, 21(6), 76–88. https://doi.org/10.1109/MSEC.2023.3279773

Zahan, N., Lin, E., Tamanna, M., Enck, W., & Williams, L. (2023). Software Bills of Materials Are Required. Are We There Yet? IEEE Security  Privacy, 21(2), 82–88. https://doi.org/10.1109/msec.2023.3237100

Zahan, N. (2023). Software Supply Chain Risk Assessment Framework. 2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: COMPANION PROCEEDINGS, ICSE-COMPANION, pp. 251–255. https://doi.org/10.1109/ICSE-COMPANION58688.2023.00068

Seth, A., Bhattacharya, S., Zahan, N., & Williams, L. (2022). Comparing Effectiveness and Efficiency of Interactive Application Security Testing (Iast) and Runtime Application Self-Protection (Rasp) Tools in A Large Java-Based System. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.4306114

Elder, S., Zahan, N., Shu, R., Metro, M., Kozarev, V., Menzies, T., & Williams, L. (2022). Do I really need all this work to find vulnerabilities? An empirical case study comparing vulnerability detection techniques on a Java application. EMPIRICAL SOFTWARE ENGINEERING, 27(6). https://doi.org/10.1007/s10664-022-10179-6

Zahan, N., Kanakiya, P., Hambleton, B., Shohan, S., & Williams, L. (2022). OpenSSF Scorecard: On the Path Toward Ecosystem-wide Automated Security Metrics. https://doi.org/10.48550/ARXIV.2208.03412

Zahan, N., Zimmermann, T., Godefroid, P., Murphy, B., Maddila, C., & Williams, L. (2022). What are Weak Links in the npm Supply Chain? 2022 ACM/IEEE 44TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE (ICSE-SEIP 2022), pp. 331–340. https://doi.org/10.1145/3510457.3513044

Elder, S. E., Zahan, N., Kozarev, V., Shu, R., Menzies, T., & Williams, L. (2021). Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard. 2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: JOINT TRACK ON SOFTWARE ENGINEERING EDUCATION AND TRAINING (ICSE-JSEET 2021), pp. 95–104. https://doi.org/10.1109/ICSE-SEET52601.2021.00019