Laurie A. Williams

Orcid: 0000-0003-3300-6540

Affiliations:
  • North Carolina State University, Raleigh, USA


According to our database1, Laurie A. Williams authored at least 319 papers between 2000 and 2024.

Collaborative distances:

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Dataset
Other 

Links

Online presence:

On csauthors.net:

Bibliography

2024
A Survey on Software Vulnerability Exploitability Assessment.
ACM Comput. Surv., August, 2024

Just another copy and paste? Comparing the security vulnerabilities of ChatGPT generated code and StackOverflow answers.
Dataset, March, 2024

Narrowing the Software Supply Chain Attack Vectors: The SSDF Is Wonderful but not Enough.
IEEE Secur. Priv., 2024

Unraveling Challenges with Supply-Chain Levels for Software Artifacts (SLSA) for Securing the Software Supply Chain.
CoRR, 2024

S3C2 Summit 2023-11: Industry Secure Supply Chain Summit.
CoRR, 2024

Less Is More: A Mixed-Methods Study on Security-Sensitive API Calls in Java for Better Dependency Selection.
CoRR, 2024

Trusting code in the wild: Exploring contributor reputation measures to review dependencies in the Rust ecosystem.
CoRR, 2024

S3C2 Summit 2024-03: Industry Secure Supply Chain Summit.
CoRR, 2024

Proactive Software Supply Chain Risk Management Framework (P-SSCRM) Version 1.
CoRR, 2024

AssetHarvester: A Static Analysis Tool for Detecting Assets Protected by Secrets in Software Artifacts.
CoRR, 2024

Characterizing Dependency Update Practice of NPM, PyPI and Cargo Packages.
CoRR, 2024

Shifting the Lens: Detecting Malware in npm Ecosystem with Large Language Models.
CoRR, 2024

Mining Temporal Attack Patterns from Cyberthreat Intelligence Reports.
CoRR, 2024

Attackers reveal their arsenal: An investigation of adversarial techniques in CTI reports.
CoRR, 2024

Just another copy and paste? Comparing the security vulnerabilities of ChatGPT generated code and StackOverflow answers.
Proceedings of the IEEE Security and Privacy, 2024

MalwareBench: Malware samples are not enough.
Proceedings of the 21st IEEE/ACM International Conference on Mining Software Repositories, 2024

2023
What Are the Attackers Doing Now? Automating Cyberthreat Intelligence Extraction from Text on Pace with the Changing Threat Landscape: A Survey.
ACM Comput. Surv., December, 2023

Are Your Dependencies Code Reviewed?: Measuring Code Review Coverage in Dependency Updates.
IEEE Trans. Software Eng., November, 2023

Open or Sneaky? Fast or Slow? Light or Heavy?: Investigating Security Releases of Open Source Packages.
IEEE Trans. Software Eng., April, 2023

Software Bills of Materials Are Required. Are We There Yet?
IEEE Secur. Priv., 2023

OpenSSF Scorecard: On the Path Toward Ecosystem-Wide Automated Security Metrics.
IEEE Secur. Priv., 2023

Software Supply Chain Security [Guest Editors' Introduction].
IEEE Secur. Priv., 2023

Looking Backwards (and Forwards): NSF Secure and Trustworthy Computing 20-Year Retrospective Panel Transcription.
IEEE Secur. Priv., 2023

Empirical Evaluation of Secure Development Processes (Dagstuhl Seminar 23181).
Dagstuhl Reports, 2023

Comparing Effectiveness and Efficiency of Interactive Application Security Testing (IAST) and Runtime Application Self-Protection (RASP) Tools in a Large Java-based System.
CoRR, 2023

S3C2 Summit 2023-06: Government Secure Supply Chain Summit.
CoRR, 2023

S3C2 Summit 2023-02: Industry Secure Supply Chain Summit.
CoRR, 2023

S3C2 Summit 2202-09: Industry Secure Suppy Chain Summit.
CoRR, 2023

Trusting code in the wild: A social network-based centrality rating for developers in the Rust ecosystem.
CoRR, 2023

SecretBench: A Dataset of Software Secrets.
Proceedings of the 20th IEEE/ACM International Conference on Mining Software Repositories, 2023

Do Software Security Practices Yield Fewer Vulnerabilities?
Proceedings of the 45th IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice, 2023

What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts?
Proceedings of the 45th IEEE/ACM International Conference on Software Engineering, 2023

A Comparative Study of Software Secrets Reporting by Secret Detection Tools.
Proceedings of the ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, 2023

2022
Feature toggles as code: Heuristics and metrics for structuring feature toggles.
Inf. Softw. Technol., 2022

Trusting Trust: Humans in the Software Supply Chain Loop.
IEEE Secur. Priv., 2022

Exploring the Shift in Security Responsibility.
IEEE Secur. Priv., 2022

Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations.
IEEE Secur. Priv., 2022

Omni: automated ensemble with unexpected models against adversarial evasion attack.
Empir. Softw. Eng., 2022

Why secret detection tools are not enough: It's not just about false positives - An industrial case study.
Empir. Softw. Eng., 2022

Do I really need all this work to find vulnerabilities?
Empir. Softw. Eng., 2022

An Extended Model of Software Configuration.
CoRR, 2022

An investigation of security controls and MITRE ATT&CK techniques.
CoRR, 2022

Investigating co-occurrences of MITRE ATT\&CK Techniques.
CoRR, 2022

PREPRINT: Do OpenSSF Scorecard Practices Contribute to Fewer Vulnerabilities?
CoRR, 2022

From Threat Reports to Continuous Threat Intelligence: A Comparison of Attack Technique Extraction Methods from Textual Artifacts.
CoRR, 2022

PREPRINT: Can the OpenSSF Scorecard be used to measure the security posture of npm and PyPI?
CoRR, 2022

Do I really need all this work to find vulnerabilities? An empirical case study comparing vulnerability detection techniques on a Java application.
CoRR, 2022

Phantom Artifacts & Code Review Coverage in Dependency Updates.
CoRR, 2022

Reducing the Cost of Training Security Classifier (via Optimized Semi-Supervised Learning).
CoRR, 2022

What are the Practices for Secret Management in Software Artifacts?
Proceedings of the IEEE Secure Development Conference, 2022

Dazzle: Using Optimized Generative Adversarial Networks to Address Security Data Class Imbalance Issue.
Proceedings of the 19th IEEE/ACM International Conference on Mining Software Repositories, 2022

What are Weak Links in the npm Supply Chain?
Proceedings of the 44th IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice, 2022

2021
Improving Vulnerability Inspection Efficiency Using Active Learning.
IEEE Trans. Software Eng., 2021

Security Smells in Ansible and Chef Scripts: A Replication Study.
ACM Trans. Softw. Eng. Methodol., 2021

The People Who Live in Glass Houses Are Happy the Stones Weren't Thrown at Them [From the Editors].
IEEE Secur. Priv., 2021

Different Kind of Smells: Security Smells in Infrastructure as Code Scripts.
IEEE Secur. Priv., 2021

How to Better Distinguish Security Bug Reports (Using Dual Hyperparameter Optimization).
Empir. Softw. Eng., 2021

Software development with feature toggles: practices used by practitioners.
Empir. Softw. Eng., 2021

What are the attackers doing now? Automating cyber threat intelligence extraction from text on pace with the changing threat landscape: A survey.
CoRR, 2021

Memory Error Detection in Security Testing.
CoRR, 2021

Infiltrating security into development: exploring the world's largest software security study.
Proceedings of the ESEC/FSE '21: 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2021

Software Security Readiness and Deployment.
Proceedings of the IEEE International Symposium on Software Reliability Engineering, 2021

Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard.
Proceedings of the 43rd IEEE/ACM International Conference on Software Engineering: Software Engineering Education and Training, 2021

A comparative study of vulnerability reporting by software composition analysis tools.
Proceedings of the ESEM '21: ACM / IEEE International Symposium on Empirical Software Engineering and Measurement, 2021

2020
Understanding Software Security from Design to Deployment.
ACM SIGSOFT Softw. Eng. Notes, 2020

Better together: Comparing vulnerability prediction models.
Inf. Softw. Technol., 2020

The 'as code' activities: development anti-patterns for infrastructure as code.
Empir. Softw. Eng., 2020

Çorba: crowdsourcing to obtain requirements from regulations and breaches.
Empir. Softw. Eng., 2020

Gang of eight: a defect taxonomy for infrastructure as code scripts.
Proceedings of the ICSE '20: 42nd International Conference on Software Engineering, Seoul, South Korea, 27 June, 2020

A Literature Review on Mining Cyberthreat Intelligence from Unstructured Texts.
Proceedings of the 20th International Conference on Data Mining Workshops, 2020

Do configuration management tools make systems more secure?: an empirical research plan.
Proceedings of the 7th Annual Symposium on Hot Topics in the Science of Security, 2020

2019
Source code properties of defective infrastructure as code scripts.
Inf. Softw. Technol., 2019

A systematic mapping study of infrastructure as code research.
Inf. Softw. Technol., 2019

Collaborative security risk estimation in agile software development.
Inf. Comput. Secur., 2019

Science Leaves Clues.
IEEE Secur. Priv., 2019

Improved Recognition of Security Bugs via Dual Hyperparameter Optimization.
CoRR, 2019

Security Smells in Infrastructure as Code Scripts.
CoRR, 2019

Feature Toggle Driven Development: Practices usedby Practitioners.
CoRR, 2019

Better Security Bug Report Classification via Hyperparameter Optimization.
CoRR, 2019

Challenges with responding to static analysis tool alerts.
Proceedings of the 16th International Conference on Mining Software Repositories, 2019

How Do Developers Act on Static Analysis Alerts? An Empirical Study of Coverity Usage.
Proceedings of the 30th IEEE International Symposium on Software Reliability Engineering, 2019

Share, But be Aware: Security Smells in Python Gists.
Proceedings of the 2019 IEEE International Conference on Software Maintenance and Evolution, 2019

The seven sins: security smells in infrastructure as code scripts.
Proceedings of the 41st International Conference on Software Engineering, 2019

A bird's eye view of knowledge needs related to penetration testing.
Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, 2019

A synopsis of static analysis alerts on open source software.
Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, 2019

Characterizing Attacker Behavior in a Cybersecurity Penetration Testing Competition.
Proceedings of the 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, 2019

2018
Engineering Security Vulnerability Prevention, Detection, and Response.
IEEE Softw., 2018

Attack surface definitions: A systematic literature review.
Inf. Softw. Technol., 2018

Mapping the field of software life cycle security metrics.
Inf. Softw. Technol., 2018

Are vulnerabilities discovered and resolved like other defects?
Empir. Softw. Eng., 2018

Categorizing Defects in Infrastructure as Code.
CoRR, 2018

Where Are The Gaps? A Systematic Mapping Study of Infrastructure as Code Research.
CoRR, 2018

Cost-aware Vulnerability Prediction: the HARMLESS Approach.
CoRR, 2018

BP: Profiling Vulnerabilities on the Attack Surface.
Proceedings of the 2018 IEEE Cybersecurity Development, SecDev 2018, Cambridge, MA, USA, 2018

Characterizing Defective Configuration Scripts Used for Continuous Deployment.
Proceedings of the 11th IEEE International Conference on Software Testing, 2018

Continuously integrating security.
Proceedings of the 1st International Workshop on Security Awareness from Design to Deployment, 2018

Defect prediction metrics for infrastructure as code scripts in DevOps.
Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings, 2018

What questions do programmers ask about configuration as code?
Proceedings of the 4th International Workshop on Rapid Continuous Software Engineering, 2018

Identifying security issues in software development: are keywords enough?
Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings, 2018

How bad is it, really? an analysis of severity scores for vulnerabilities: poster.
Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, 2018

Toward extraction of security requirements from text: poster.
Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, 2018

A comparative analysis of manual methods for analyzing security requirements in regulatory documents: POSTER.
Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, 2018

2017
The Top 10 Adages in Continuous Deployment.
IEEE Softw., 2017

TMAP: Discovering relevant API methods through text mining of API documentation.
J. Softw. Evol. Process., 2017

Software Engineering Research at the International Conference on Software Engineering in 2016.
ACM SIGSOFT Softw. Eng. Notes, 2017

Identifying the implied: Findings from three differentiated replications on the use of security requirements templates.
Empir. Softw. Eng., 2017

To log, or not to log: using heuristics to identify mandatory log events - a controlled experiment.
Empir. Softw. Eng., 2017

Highlights of the ACM student research competition.
Commun. ACM, 2017

Building forensics in: supporting the investigation of digital criminal activities (invited talk).
Proceedings of the 1st ACM SIGSOFT International Workshop on Software Engineering and Digital Forensics, 2017

The rising tide lifts all boats: the advancement of science in cyber security (invited talk).
Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, 2017

Step One Towards Science of Security.
Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense, 2017

Risk-Based Attack Surface Approximation: How Much Data Is Enough?
Proceedings of the 39th IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice Track, 2017

Writing good software engineering research papers: revisited.
Proceedings of the 39th International Conference on Software Engineering, 2017

Predicting Android Application Security and Privacy Risk with Static Code Metrics.
Proceedings of the 4th IEEE/ACM International Conference on Mobile Software Engineering and Systems, 2017

Which Factors Influence Practitioners' Usage of Build Automation Tools?
Proceedings of the 3rd IEEE/ACM International Workshop on Rapid Continuous Software Engineering, 2017

Measuring Security Practice Use: A Case Study at IBM.
Proceedings of the 5th IEEE/ACM International Workshop on Conducting Empirical Studies in Industry, 2017

Characterizing Experimentation in Continuous Deployment: A Case Study on Bing.
Proceedings of the 39th IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice Track, 2017

How good is a security policy against real breaches?: a HIPAA case study.
Proceedings of the 39th International Conference on Software Engineering, 2017

Surveying Security Practice Adherence in Software Development.
Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp, HoTSoS 2017, 2017

Characterizing Scientific Reporting in Security Literature: An analysis of ACM CCS and IEEE S&P Papers.
Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp, HoTSoS 2017, 2017

Teaching Secure Software Development Through an Online Course.
Proceedings of the International Workshop on Secure Software Engineering in DevOps and Agile Development co-located with the 22nd European Symposium on Research in Computer Security (ESORICS 2017), 2017

2016
A grounded analysis of experts' decision-making during security assessments.
J. Cybersecur., 2016

Systematically Developing Prevention, Detection, and Response Patterns for Security Requirements.
Proceedings of the 24th IEEE International Requirements Engineering Conference, 2016

NANE: Identifying Misuse Cases Using Temporal Norm Enactments.
Proceedings of the 24th IEEE International Requirements Engineering Conference, 2016

ICON: Inferring Temporal Constraints from Natural Language API Descriptions.
Proceedings of the 2016 IEEE International Conference on Software Maintenance and Evolution, 2016

Software security education at scale.
Proceedings of the 38th International Conference on Software Engineering, 2016

Continuous deployment at Facebook and OANDA.
Proceedings of the 38th International Conference on Software Engineering, 2016

Software security in DevOps: synthesizing practitioners' perceptions and practices.
Proceedings of the International Workshop on Continuous Software Evolution and Delivery, 2016

Risk-based attack surface approximation: poster.
Proceedings of the Symposium and Bootcamp on the Science of Security, 2016

Security practices in DevOps.
Proceedings of the Symposium and Bootcamp on the Science of Security, 2016

Toward a normative approach for forensicability.
Proceedings of the Symposium and Bootcamp on the Science of Security, 2016

Establishing a baseline for measuring advancement in the science of security: an analysis of the 2015 IEEE security & privacy proceedings.
Proceedings of the Symposium and Bootcamp on the Science of Security, 2016

DIGS: A Framework for Discovering Goals for Security Requirements Engineering.
Proceedings of the 10th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, 2016

Stack traces reveal attack surfaces.
Proceedings of the Perspectives on Data Science for Software Engineering, 2016

2015
How have we evaluated software pattern application? A systematic mapping study of research design practices.
Inf. Softw. Technol., 2015

Discovering likely mappings between APIs using text mining.
Proceedings of the 15th IEEE International Working Conference on Source Code Analysis and Manipulation, 2015

Approximating Attack Surfaces with Stack Traces.
Proceedings of the 37th IEEE/ACM International Conference on Software Engineering, 2015

Challenges with applying vulnerability prediction models.
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, 2015

Enabling forensics by proposing heuristics to identify mandatory log events.
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, 2015

Synthesizing Continuous Deployment Practices Used in Software Development.
Proceedings of the 2015 Agile Conference, 2015

Using Data to Make Decisions in Software Engineering.
Proceedings of the Art and Science of Analyzing Software Data, 2015

2014
Towards the prioritization of system test cases.
Softw. Test. Verification Reliab., 2014

Software Development Analytics (Dagstuhl Seminar 14261).
Dagstuhl Reports, 2014

Agile Software Development in Practice.
Proceedings of the Agile Processes in Software Engineering and Extreme Programming, 2014

On Coverage-Based Attack Profiles.
Proceedings of the IEEE Eighth International Conference on Software Security and Reliability, 2014

Hidden in plain sight: Automatically identifying security requirements from natural language artifacts.
Proceedings of the IEEE 22nd International Requirements Engineering Conference, 2014

Towards a framework to measure security expertise in requirements analysis.
Proceedings of the IEEE 1st Workshop on Evolving Security and Privacy Requirements Engineering, 2014

Access Control Policy Evolution: An Empirical Study.
Proceedings of the 25th IEEE International Symposium on Software Reliability Engineering, 2014

An analysis of Fedora security profile.
Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, 2014

Log your CRUD: design principles for software logging mechanisms.
Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, 2014

Access control policy evolution: an empirical study.
Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, 2014

Using templates to elicit implied security requirements from functional requirements - a controlled experiment.
Proceedings of the 2014 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, 2014

Relation extraction for inferring access control rules from natural language artifacts.
Proceedings of the 30th Annual Computer Security Applications Conference, 2014

2013
A comparison of the efficiency and effectiveness of vulnerability discovery techniques.
Inf. Softw. Technol., 2013

Can traditional fault prediction models be used for vulnerability prediction?
Empir. Softw. Eng., 2013

Cataloging and Comparing Logging Mechanism Specifications for Electronic Health Record Systems.
Proceedings of the 2013 USENIX Workshop on Health Information Technologies, 2013

Access Control Policy Extraction from Unconstrained Natural Language Text.
Proceedings of the International Conference on Social Computing, SocialCom 2013, 2013

A comparative evaluation of static analysis actionable alert identification techniques.
Proceedings of the 9th International Conference on Predictive Models in Software Engineering, 2013

Non-operational testing of software for security issues.
Proceedings of the IEEE 24th International Symposium on Software Reliability Engineering, 2013

To branch or not to branch that is the question.
Proceedings of the IEEE 24th International Symposium on Software Reliability Engineering, 2013

Using software reliability models for security assessment - Verification of assumptions.
Proceedings of the IEEE 24th International Symposium on Software Reliability Engineering, 2013

An experience report for software quality evaluation in highly iterative development methodology using traditional metrics.
Proceedings of the IEEE 24th International Symposium on Software Reliability Engineering, 2013

Determining "Grim Reaper" Policies to Prevent Languishing Bugs.
Proceedings of the 2013 IEEE International Conference on Software Maintenance, 2013

Proposing regulatory-driven automated test suites for electronic health record systems.
Proceedings of the 5th International Workshop on Software Engineering in Health Care, 2013

Have Agile Techniques been the Silver Bullet for Software Development at Microsoft?
Proceedings of the 2013 ACM / IEEE International Symposium on Empirical Software Engineering and Measurement, 2013

Proposing Regulatory-Driven Automated Test Suites.
Proceedings of the 2013 Agile Conference, 2013

2012
Validating software metrics: A spectrum of philosophies.
ACM Trans. Softw. Eng. Methodol., 2012

Audit Mechanisms in Electronic Health Record Systems: Protected Health Information May Remain Vulnerable to Undetected Misuse.
Int. J. Comput. Model. Algorithms Medicine, 2012

What agile teams think of agile principles.
Commun. ACM, 2012

An Analysis of HIPAA Breach Data.
Proceedings of the 3rd USENIX Workshop on Health Security and Privacy, 2012

Secure Logging and Auditing in Electronic Health Records Systems: What Can We Learn from the Payment Card Industry.
Proceedings of the 3rd USENIX Workshop on Health Security and Privacy, 2012

On the Effective Use of Security Test Patterns.
Proceedings of the Sixth International Conference on Software Security and Reliability, 2012

Security requirements patterns: understanding the science behind the art of pattern writing.
Proceedings of the Second IEEE International Workshop on Requirements Patterns, 2012

Classifying Natural Language Sentences for Policy.
Proceedings of the 2012 IEEE International Symposium on Policies for Distributed Systems and Networks, 2012

Metric-Based Quality Evaluations for Iterative Software Development Approaches Like Agile.
Proceedings of the 23rd IEEE International Symposium on Software Reliability Engineering Workshops, 2012

Modifying without a trace: general audit guidelines are inadequate for open-source electronic health record audit mechanisms.
Proceedings of the ACM International Health Informatics Symposium, 2012

2011
Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities.
IEEE Trans. Software Eng., 2011

A systematic literature review of actionable alert identification techniques for automated static code analysis.
Inf. Softw. Technol., 2011

Does adding manpower also affect quality?: an empirical, longitudinal analysis.
Proceedings of the SIGSOFT/FSE'11 19th ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE-19) and ESEC'11: 13th European Software Engineering Conference (ESEC-13), 2011

The role of data use agreements in specifying legally compliant software requirements.
Proceedings of the Fourth International Workshop on Requirements Engineering and Law, 2011

Seven habits of highly impactful empirical software engineers.
Proceedings of the 7th International Conference on Predictive Models in Software Engineering, 2011

An Empirical Study on the Relation between Dependency Neighborhoods and Failures.
Proceedings of the Fourth IEEE International Conference on Software Testing, 2011

Using SQL Hotspots in a Prioritization Heuristic for Detecting All Types of Web Application Vulnerabilities.
Proceedings of the Fourth IEEE International Conference on Software Testing, 2011

An initial study on the use of execution complexity metrics as indicators of software vulnerabilities.
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems, 2011

Socio-technical developer networks: should we trust our measurements?
Proceedings of the 33rd International Conference on Software Engineering, 2011

Evaluating access control of open source electronic health record systems.
Proceedings of the 3rd Workshop on Software Engineering in Health Care, 2011

Scrum + Engineering Practices: Experiences of Three Microsoft Teams.
Proceedings of the 5th International Symposium on Empirical Software Engineering and Measurement, 2011

One Technique is Not Enough: A Comparison of Vulnerability Discovery Techniques.
Proceedings of the 5th International Symposium on Empirical Software Engineering and Measurement, 2011

Pair Programming.
Proceedings of the Making Software - What Really Works, and Why We Believe It., 2011

2010
Pair Programming.
Proceedings of the Encyclopedia of Software Engineering, 2010

Protection Poker: The New Software Security "Game";.
IEEE Secur. Priv., 2010

Guest editorial: Special issue on software reliability engineering.
Empir. Softw. Eng., 2010

On the Use of Issue Tracking Annotations for Improving Developer Activity Metrics.
Adv. Softw. Eng., 2010

Agile Software Development Methodologies and Practices.
Adv. Comput., 2010

Searching for a Needle in a Haystack: Predicting Security Vulnerabilities for Windows Vista.
Proceedings of the Third International Conference on Software Testing, 2010

Does Hardware Configuration and Processor Load Impact Software Fault Observability?
Proceedings of the Third International Conference on Software Testing, 2010

Improving developer activity metrics with issue tracking annotations.
Proceedings of the 2010 ICSE Workshop on Emerging Trends in Software Metrics, 2010

Towards improved security criteria for certification of electronic health record systems.
Proceedings of the 2010 ICSE Workshop on Software Engineering in Health Care, 2010

Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks.
Proceedings of the Engineering Secure Software and Systems, Second International Symposium, 2010

Strengthening the empirical analysis of the relationship between Linus' Law and software security.
Proceedings of the International Symposium on Empirical Software Engineering and Measurement, 2010

Driving Process Improvement via Comparative Agility Assessment.
Proceedings of the 2010 Agile Conference, 2010

2009
John D. Musa.
IEEE Softw., 2009

Should software testers use mutation analysis to augment a test set?
J. Syst. Softw., 2009

On automated prepared statement generation to remove SQL injection vulnerabilities.
Inf. Softw. Technol., 2009

On guiding the augmentation of an automated test suite via mutation analysis.
Empir. Softw. Eng., 2009

On preparing students for distributed software development with a synchronous, collaborative development platform.
Proceedings of the 40th SIGCSE Technical Symposium on Computer Science Education, 2009

On the Effectiveness of Unit Test Automation at Microsoft.
Proceedings of the ISSRE 2009, 2009

A Model Building Process for Identifying Actionable Static Analysis Alerts.
Proceedings of the Second International Conference on Software Testing Verification and Validation, 2009

Predicting Attack-prone Components.
Proceedings of the Second International Conference on Software Testing Verification and Validation, 2009

Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer.
Proceedings of the Engineering Secure Software and Systems, 2009

Toward Non-security Failures as a Predictor of Security Faults and Failures.
Proceedings of the Engineering Secure Software and Systems, 2009

Secure open source collaboration: an empirical study of linus' law.
Proceedings of the 2009 ACM Conference on Computer and Communications Security, 2009

2008
Agile Software Development.
Proceedings of the Wiley Encyclopedia of Computer Science and Engineering, 2008

Realizing quality improvement through test driven development: results and experiences of four industrial teams.
Empir. Softw. Eng., 2008

Predicting failures with developer networks and social network analysis.
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2008

Examining the Relationships between Performance Requirements and "Not a Problem" Defect Reports.
Proceedings of the 16th IEEE International Requirements Engineering Conference, 2008

Privacy and security: what are you doing to keep the community safe?
Proceedings of the Companion to the 23rd Annual ACM SIGPLAN Conference on Object-Oriented Programming, 2008

ROSE: a repository of education-friendly open-source projects.
Proceedings of the 13th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education, 2008

Ranking Attack-Prone Components with a Predictive Model.
Proceedings of the 19th International Symposium on Software Reliability Engineering (ISSRE 2008), 2008

Empirical Software Change Impact Analysis using Singular Value Decomposition.
Proceedings of the First International Conference on Software Testing, 2008

Proposing SQL statement coverage metrics.
Proceedings of the Fourth International Workshop on Software Engineering for Secure Systems, 2008

MimEc: intelligent user notification of faults in the eclipse IDE.
Proceedings of the 2008 International Workshop on Cooperative and Human Aspects of Software Engineering, 2008

An empirical model to predict security vulnerabilities using code complexity metrics.
Proceedings of the Second International Symposium on Empirical Software Engineering and Measurement, 2008

On establishing a benchmark for evaluating static analysis alert prioritization and classification techniques.
Proceedings of the Second International Symposium on Empirical Software Engineering and Measurement, 2008

Is complexity really the enemy of software security?
Proceedings of the 4th ACM Workshop on Quality of Protection, 2008

Prioritizing software security fortification throughcode-level metrics.
Proceedings of the 4th ACM Workshop on Quality of Protection, 2008

Eleven Guidelines for Implementing Pair Programming in the Classroom.
Proceedings of the Agile Development Conference, 2008

2007
Incorporating Performance Testing in Test-Driven Development.
IEEE Softw., 2007

Lessons learned from seven years of pair programming at North Carolina State University.
ACM SIGCSE Bull., 2007

On the design of more secure software-intensive systems by use of attack patterns.
Inf. Softw. Technol., 2007

Developing software performance with the performance refinement and evolution model.
Proceedings of the 6th International Workshop on Software and Performance, 2007

Using groupings of static analysis alerts to identify files likely to contain field failures.
Proceedings of the 6th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2007

Note to self: make assignments meaningful.
Proceedings of the 38th SIGCSE Technical Symposium on Computer Science Education, 2007

Improving Performance Requirements Specifications from Field Failure Reports.
Proceedings of the 15th IEEE International Requirements Engineering Conference, 2007

Pallino: automation to support regression test selection for cots-based applications.
Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering (ASE 2007), 2007

Prioritization of Regression Tests using Singular Value Decomposition with Empirical Change Records.
Proceedings of the ISSRE 2007, 2007

Using In-Process Testing Metrics to Estimate Post-Release Field Quality.
Proceedings of the ISSRE 2007, 2007

On the Impact of a Collaborative Pedagogy on African American Millennial Students in Software Engineering.
Proceedings of the 29th International Conference on Software Engineering (ICSE 2007), 2007

Using Automated Fix Generation to Secure SQL Statements.
Proceedings of the Third International Workshop on Software Engineering for Secure Systems, 2007

Toward Reducing Fault Fix Time: Understanding Developer Behavior for the Design of Automated Fault Detection Tools.
Proceedings of the First International Symposium on Empirical Software Engineering and Measurement, 2007

Lab Partners: If They're Good Enough for the Natural Sciences, Why Aren't They Good Enough for Us?
Proceedings of the 20th Conference on Software Engineering Education and Training (CSEE&T 2007), 2007

Identifying fault-prone files using static analysis alerts through singular value decomposition.
Proceedings of the 2007 conference of the Centre for Advanced Studies on Collaborative Research, 2007

On the Sustained Use of a Test-Driven Development Practice at IBM.
Proceedings of the AGILE 2007 Conference (AGILE 2007), 2007

2006
On the Value of Static Analysis for Fault Detection in Software.
IEEE Trans. Software Eng., 2006

How should software reliability engineering (SRE) be taught?
ACM SIGSOFT Softw. Eng. Notes, 2006

Motivations and measurements in an agile case study.
J. Syst. Archit., 2006

Essential communication practices for Extreme Programming in a global software development team.
Inf. Softw. Technol., 2006

Debunking the Nerd Stereotype with Pair Programming.
Computer, 2006

Personality types, learning styles, and an agile approach to software engineering education.
Proceedings of the 37th SIGCSE Technical Symposium on Computer Science Education, 2006

DevCOP: A Software Certificate Management System for Eclipse.
Proceedings of the 17th International Symposium on Software Reliability Engineering (ISSRE 2006), 2006

Applying regression test selection for COTS-based applications.
Proceedings of the 28th International Conference on Software Engineering (ICSE 2006), 2006

A Lightweight Process for Change Identification and Regression Test Selection in Using COTS Components.
Proceedings of the Fifth International Conference on Commercial-off-the-Shelf (COTS)-Based Software Systems, 2006

Roadmapping <i>Working Group 4 Results</i>.
Proceedings of the Empirical Software Engineering Issues. Critical Assessment and Future Directions, 2006

Structuring Families of Industrial Case Studies.
Proceedings of the Empirical Software Engineering Issues. Critical Assessment and Future Directions, 2006

Industry-Research Collaboration <i>Working Group Results </i>.
Proceedings of the Empirical Software Engineering Issues. Critical Assessment and Future Directions, 2006

Examining the Compatibility of Student Pair Programmers.
Proceedings of the AGILE 2006 Conference (AGILE 2006), 2006

On Agile Performance Requirements Specification and Testing.
Proceedings of the AGILE 2006 Conference (AGILE 2006), 2006

2005
A process for identifying changes when source code is not available.
ACM SIGSOFT Softw. Eng. Notes, 2005

On establishing the essential components of a technology-dependent framework: a strawman framework for industrial case study-based research.
ACM SIGSOFT Softw. Eng. Notes, 2005

On the economics of requirements-based test case prioritization.
ACM SIGSOFT Softw. Eng. Notes, 2005

Early estimation of defect density using an in-process Haskell metrics model.
ACM SIGSOFT Softw. Eng. Notes, 2005

Early estimation of software quality using in-process testing metrics: a controlled case study.
ACM SIGSOFT Softw. Eng. Notes, 2005

Matching attack patterns to security vulnerabilities in software-intensive system designs.
ACM SIGSOFT Softw. Eng. Notes, 2005

An Initial Study of a Lightweight Process for Change Identification and Regression Test Selection When Source Code Is Not Available.
Proceedings of the 16th International Symposium on Software Reliability Engineering (ISSRE 2005), 2005

Teaching an Active-Participation University Course in Software Reliability and Testing.
Proceedings of the 16th International Symposium on Software Reliability Engineering (ISSRE 2005), 2005

Providing Test Quality Feedback Using Static Source Code and Automatic Test Suite Metrics.
Proceedings of the 16th International Symposium on Software Reliability Engineering (ISSRE 2005), 2005

How Should Software Reliability Engineering Be Taught?
Proceedings of the 16th International Symposium on Software Reliability Engineering (ISSRE 2005), 2005

System test case prioritization of new and regression test cases.
Proceedings of the 2005 International Symposium on Empirical Software Engineering (ISESE 2005), 2005

Agile Software Development Methods: When and Why Do They Work?
Proceedings of the Business Agility and Information Technology Diffusion, 2005

Towards increasing the compatibility of student pair programmers.
Proceedings of the 27th International Conference on Software Engineering (ICSE 2005), 2005

Resources for Agile Software Development in the Software Engineering Course.
Proceedings of the 18th Conference on Software Engineering Education and Training (CSEE&T 2005), 2005

Debunking the Geek Stereotype with Software Engineering Education.
Proceedings of the 18th Conference on Software Engineering Education and Training (CSEE&T 2005), 2005

OpenSeminar: Web-based Collaboration Tool for Open Educational Resources.
Proceedings of the 1st International Conference on Collaborative Computing: Networking, 2005

Undergraduate Student Perceptions of Pair Programming and Agile Software Methodologies: Verifying a Model of Social Interaction.
Proceedings of the AGILE 2005 Conference (AGILE 2005), 24-29 July 2005, Denver, CO, USA, 2005

2004
Software Engineering for Internet Applications.
Proceedings of the Practical Handbook of Internet Computing., 2004

On the need for a process for making reliable quality comparisons with industrial data.
ACM SIGSOFT Softw. Eng. Notes, 2004

Voices of women in a software engineering course: reflections on collaboration.
ACM J. Educ. Resour. Comput., 2004

A structured experiment of test-driven development.
Inf. Softw. Technol., 2004

On understanding compatibility of student pair programmers.
Proceedings of the 35th SIGCSE Technical Symposium on Computer Science Education, 2004

Teaching software development methods: the case of extreme programming.
Proceedings of the 35th SIGCSE Technical Symposium on Computer Science Education, 2004

Preliminary Results On Using Static Analysis Tools For Software Inspection.
Proceedings of the 15th International Symposium on Software Reliability Engineering (ISSRE 2004), 2004

GERT: An Empirical Reliability Estimation and Testing Feedback Tool.
Proceedings of the 15th International Symposium on Software Reliability Engineering (ISSRE 2004), 2004

Experiences in applying agile software development practices in new product development.
Proceedings of the IASTED Conference on Software Engineering and Applications, 2004

Sangam: a distributed pair programming plug-in for Eclipse.
Proceedings of the 2004 OOPSLA workshop on Eclipse Technology eXchange, 2004

On Pair Rotation in the Computer Science Course.
Proceedings of the 17th Conference on Software Engineering Education and Training (CSEE&T 2004), 2004

An Initial Exploration of the Relationship Between Pair Programming and Brooks' Law.
Proceedings of the 2004 Agile Development Conference (ADC 2004), 2004

Exploring Extreme Programming in Context: An Industrial Case Study.
Proceedings of the 2004 Agile Development Conference (ADC 2004), 2004

2003
Guest Editor's Introduction: The XP Programmer-The Few-Minutes Programmer.
IEEE Softw., 2003

Guest Editors' Introduction: Agile Software Development: It's about Feedback and Change.
Computer, 2003

Virtual Teaming: Experiments and Experiences with Distributed Pair Programming.
Proceedings of the Extreme Programming and Agile Methods, 2003

Pair Learning: With an Eye Toward Future Success.
Proceedings of the Extreme Programming and Agile Methods, 2003

International Workshop on Empirical Evaluation of Agile Methods ("The Data Workshop").
Proceedings of the Extreme Programming and Agile Methods, 2003

Improving the CS1 experience with pair programming.
Proceedings of the 34th SIGCSE Technical Symposium on Computer Science Education, 2003

On Identifying Deficiencies in a Knowledge Management System.
Proceedings of the Fifteenth International Conference on Software Engineering & Knowledge Engineering (SEKE'2003), 2003

An Initial Investigation of Test Driven Development in Industry.
Proceedings of the 2003 ACM Symposium on Applied Computing (SAC), 2003

"Good enough" software reliability estimation plug-in for Eclipse.
Proceedings of the 2003 OOPSLA Workshop on Eclipse Technology eXchange, 2003

Test-Driven Development as a Defect-Reduction Practice.
Proceedings of the 14th International Symposium on Software Reliability Engineering (ISSRE 2003), 2003

Building Pair Programming Knowledge through a Family of Experiments.
Proceedings of the 2003 International Symposium on Empirical Software Engineering (ISESE 2003), 30 September, 2003

Assessing Test-Driven Development at IBM.
Proceedings of the 25th International Conference on Software Engineering, 2003

Pair Programming Illuminated.
Addison Wesley, ISBN: 978-0-201-74576-4, 2003

2002
Teaching the PSP: Challenges and Lessons Learned.
IEEE Softw., 2002

In Support of Pair Programming in the Introductory Computer Science Course.
Comput. Sci. Educ., 2002

Agile Software Development.
Comput. Sci. Educ., 2002

Integrating Agile Practices into Software Engineering Courses.
Comput. Sci. Educ., 2002

Pair Programming: Experience the Difference.
Proceedings of the Extreme Programming and Agile Methods, 2002

Distributed Pair Programming.
Proceedings of the Extreme Programming and Agile Methods, 2002

Empirical Evaluation of Agile Processes.
Proceedings of the Extreme Programming and Agile Methods, 2002

Empirical Findings in Agile Methods.
Proceedings of the Extreme Programming and Agile Methods, 2002

Workshop 3: Integrating Agile Practices into Software Engineering Courses.
Proceedings of the 15th Conference on Software Engineering Education and Training (CSEET'02), 2002

Adapting Extreme Programming for a Core Software Engineering Course.
Proceedings of the 15th Conference on Software Engineering Education and Training (CSEET'02), 2002

2001
Experiments with Industry's "Pair-Programming" Model in the Computer Science Classroom.
Comput. Sci. Educ., 2001

In support of student pair-programming.
Proceedings of the 32rd SIGCSE Technical Symposium on Computer Science Education, 2001

Collaboration vs plagiarism in computer science programming courses.
Proceedings of the 32rd SIGCSE Technical Symposium on Computer Science Education, 2001

Evolving Beyond Requirements Creep: A Risk-Based Evolutionary Prototyping Model.
Proceedings of the 5th IEEE International Symposium on Requirements Engineering (RE 2001), 2001

Integrating Pair Programming into a Software Development Process.
Proceedings of the 14th Conference on Software Engineering Education and Training, 2001

2000
Strengthening the Case for Pair Programming.
IEEE Softw., 2000

All I Really Need to Know About Pair Programming I Learned in Kindergarten.
Commun. ACM, 2000

Hacker or hero? - extreme programming today (panel session).
Proceedings of the Addendum to the 2000 Proceedings of the Conference on Object-Oriented Programming Systems, 2000

The Effects of "Pair-Pressure" and "Pair-Learning" on Software Engineering Education.
Proceedings of the Thirteenth Conference on Software Engineering Education and Training, 2000


  Loading...