Nasif Imtiaz

College of Engineering

Works (6)

Updated: December 19th, 2023 05:01

2023 review

Are Your Dependencies Code Reviewed?: Measuring Code Review Coverage in Dependency Updates

[Review of ]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 49(11), 4932–4945.

By: N. Imtiaz n & L. Williams n

author keywords: Codes; Phantoms; Software; Software development management; Source coding; Security; Supply chains; Software supply chain security; open source security; dependency analysis
TL;DR: Depdive, an update audit tool for packages in Crates.io, npm, PyPI, and RubyGems registry, is implemented and it is found that phantom artifacts are not uncommon in the updates, indicating that even the most used packages can introduce non-reviewed code in the software supply chain. (via Semantic Scholar)
Source: Web Of Science
Added: December 18, 2023

2022 journal article

Open or Sneaky? Fast or Slow? Light or Heavy?: Investigating Security Releases of Open Source Packages

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 49(4), 1540–1560.

By: N. Imtiaz n, A. Khanom n & L. Williams n

author keywords: Security; Codes; Delays; Ecosystems; Databases; Semantics; Supply chains; Empirical study; open source security; supply chain security
TL;DR: The time lag between fix and release, how security fixes are documented in the release notes; code change characteristics (size and semantic versioning) of the release; and the time lagBetween the release and an advisory publication for security releases are studied over a dataset of 4,377 security advisories across seven package ecosystems. (via Semantic Scholar)
UN Sustainable Development Goal Categories
10. Reduced Inequalities (OpenAlex)
Source: Web Of Science
Added: May 30, 2023

2022 journal article

Why secret detection tools are not enough: It's not just about false positives-An industrial case study

EMPIRICAL SOFTWARE ENGINEERING, 27(3).

By: M. Rahman n, N. Imtiaz n, M. Storey* & L. Williams n

author keywords: Secret detection tool; Hardcoded secrets; Secrets in repositories; Credentials in repositories
TL;DR: It is found that, despite developers classified 50% of the warning as false positive, developers also bypassed the warning due to time constraints, working with non-shipping projects, technical challenges of eliminating secrets completely from the version control history, technical debts, and perceptions that check-ins are low risk. (via Semantic Scholar)
Source: Web Of Science
Added: April 4, 2022

2019 article

How Do Developers Act on Static Analysis Alerts? An Empirical Study of Coverity Usage

2019 IEEE 30TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE), pp. 323–333.

By: N. Imtiaz n, B. Murphy* & L. Williams n

author keywords: static analysis; tools; alerts; warnings; developer action
TL;DR: The goal of this paper is to aid researchers and tool makers in improving the utility of static analysis tools through an empirical study of developer action on the alerts detected by Coverity, a state-of-the-art static analysis tool. (via Semantic Scholar)
Source: Web Of Science
Added: July 13, 2020

2019 article

Investigating the Effects of Gender Bias on GitHub

2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2019), pp. 700–711.

author keywords: GitHub; gender; open source
TL;DR: The effects of gender bias are largely invisible on the GitHub platform itself, but there are still signals of women concentrating their work in fewer places and being more restrained in communication than men. (via Semantic Scholar)
Source: Web Of Science
Added: September 7, 2020

2019 article

Synthesizing Program Execution Time Discrepancies in Julia Used for Scientific Software

2019 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE AND EVOLUTION (ICSME 2019), pp. 496–500.

By: E. Farhana n, N. Imtiaz n & A. Rahman n

author keywords: Julia; programming language; stack overflow
TL;DR: This paper conducts an empirical study with 263 Julia-related posts collected from Stack Overflow, and applies qualitative analysis on the collected 263 posts to identify 9 categories of program execution time discrepancies for Julia, which include discrepancies related to data structures usage such as, arrays and dictionaries. (via Semantic Scholar)
UN Sustainable Development Goal Categories
4. Quality Education (OpenAlex)
Source: Web Of Science
Added: April 14, 2020

Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.

Certain data included herein are derived from the Web of Science© and InCites© (2024) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.