2022 journal article
Do I really need all this work to find vulnerabilities? An empirical case study comparing vulnerability detection techniques on a Java application
EMPIRICAL SOFTWARE ENGINEERING, 27(6).
Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard
2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: JOINT TRACK ON SOFTWARE ENGINEERING EDUCATION AND TRAINING (ICSE-JSEET 2021), pp. 95–104.
Vulnerability Detection is Just the Beginning
2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: COMPANION PROCEEDINGS (ICSE-COMPANION 2021), pp. 304–308.
2016 conference paper
systematically developing prevention, detection, and response patterns for security requirements
2016 IEEE 24th International Requirements Engineering Conference Workshops (REW), 62–67.