Nasif Imtiaz

College of Engineering

Works (7)

Updated: May 10th, 2025 05:02

2025 article

Trusting Code in the Wild: Exploring Contributor Reputation Measures to Review Dependencies in the Rust Ecosystem

Hamer, S., Imtiaz, N., Tamanna, M., Shabrina, P., & Williams, L. (2025, March 18). IEEE Transactions on Software Engineering.

By: S. Hamer n, N. Imtiaz n, M. Tamanna n, P. Shabrina n & L. Williams n

author keywords: Reviews; Software; Supply chains; Codes; Ecosystems; Security; Social networking (online); Particle measurements; Atmospheric measurements; Collaboration; Open source security; software developer network; software measurement; software supply chain security
topics (OpenAlex): Political Influence and Corporate Strategies
Source: Web Of Science
Added: May 6, 2025

2023 article

Are Your Dependencies Code Reviewed?: Measuring Code Review Coverage in Dependency Updates

Imtiaz, N., & Williams, L. (2023, September 28). IEEE Transactions on Software Engineering.

By: N. Imtiaz n & L. Williams n

author keywords: Codes; Phantoms; Software; Software development management; Source coding; Security; Supply chains; Software supply chain security; open source security; dependency analysis
topics (OpenAlex): Software Engineering Research; Software System Performance and Reliability; Security and Verification in Computing
TL;DR: Depdive, an update audit tool for packages in Crates.io, npm, PyPI, and RubyGems registry, is implemented and it is found that phantom artifacts are not uncommon in the updates, indicating that even the most used packages can introduce non-reviewed code in the software supply chain. (via Semantic Scholar)
Source: Web Of Science
Added: December 18, 2023

2022 article

Open or Sneaky? Fast or Slow? Light or Heavy?: Investigating Security Releases of Open Source Packages

Imtiaz, N., Khanom, A., & Williams, L. (2022, June 9). IEEE Transactions on Software Engineering.

By: N. Imtiaz n, A. Khanom n & L. Williams n

author keywords: Security; Codes; Delays; Ecosystems; Databases; Semantics; Supply chains; Empirical study; open source security; supply chain security
topics (OpenAlex): Software Engineering Research; Advanced Malware Detection Techniques; Software Reliability and Analysis Research
TL;DR: The time lag between fix and release, how security fixes are documented in the release notes; code change characteristics (size and semantic versioning) of the release; and the time lagBetween the release and an advisory publication for security releases are studied over a dataset of 4,377 security advisories across seven package ecosystems. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
10. Reduced Inequalities (OpenAlex)
Source: Web Of Science
Added: May 30, 2023

2022 article

Why secret detection tools are not enough: It’s not just about false positives - An industrial case study

Rahman, M. R., Imtiaz, N., Storey, M.-A., & Williams, L. (2022, March 17). Empirical Software Engineering.

By: M. Rahman n, N. Imtiaz n, M. Storey* & L. Williams n

author keywords: Secret detection tool; Hardcoded secrets; Secrets in repositories; Credentials in repositories
topics (OpenAlex): Advanced Malware Detection Techniques; Software Engineering Research; Information and Cyber Security
TL;DR: It is found that, despite developers classified 50% of the warning as false positive, developers also bypassed the warning due to time constraints, working with non-shipping projects, technical challenges of eliminating secrets completely from the version control history, technical debts, and perceptions that check-ins are low risk. (via Semantic Scholar)
Source: Web Of Science
Added: April 4, 2022

2019 article

How Do Developers Act on Static Analysis Alerts? An Empirical Study of Coverity Usage

Imtiaz, N., Murphy, B., & Williams, L. (2019, October 1).

By: N. Imtiaz n, B. Murphy* & L. Williams n

author keywords: static analysis; tools; alerts; warnings; developer action
topics (OpenAlex): Software Engineering Research; Software System Performance and Reliability; Advanced Malware Detection Techniques
TL;DR: The goal of this paper is to aid researchers and tool makers in improving the utility of static analysis tools through an empirical study of developer action on the alerts detected by Coverity, a state-of-the-art static analysis tool. (via Semantic Scholar)
Source: Web Of Science
Added: July 13, 2020

2019 article

Investigating the Effects of Gender Bias on GitHub

Imtiaz, N., Middleton, J., Chakraborty, J., Robson, N., Bai, G., & Murphy-Hill, E. (2019, May 1).

By: N. Imtiaz n, J. Middleton n, J. Chakraborty n, N. Robson n, G. Bai n & E. Murphy-Hill*

author keywords: GitHub; gender; open source
topics (OpenAlex): Open Source Software Innovations; Digital Games and Media; Software Engineering Research
TL;DR: The effects of gender bias are largely invisible on the GitHub platform itself, but there are still signals of women concentrating their work in fewer places and being more restrained in communication than men. (via Semantic Scholar)
Source: Web Of Science
Added: September 7, 2020

2019 article

Synthesizing Program Execution Time Discrepancies in Julia Used for Scientific Software

Farhana, E., Imtiaz, N., & Rahman, A. (2019, September 1).

By: E. Farhana n, N. Imtiaz n & A. Rahman n

author keywords: Julia; programming language; stack overflow
topics (OpenAlex): Software Engineering Research; Scientific Computing and Data Management; Software System Performance and Reliability
TL;DR: This paper conducts an empirical study with 263 Julia-related posts collected from Stack Overflow, and applies qualitative analysis on the collected 263 posts to identify 9 categories of program execution time discrepancies for Julia, which include discrepancies related to data structures usage such as, arrays and dictionaries. (via Semantic Scholar)
UN Sustainable Development Goals Color Wheel
UN Sustainable Development Goal Categories
4. Quality Education (OpenAlex)
Source: Web Of Science
Added: April 14, 2020

Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.

Certain data included herein are derived from the Web of Science© and InCites© (2026) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.