Research Publication
What are Weak Links in the npm Supply Chain?
ICSE-SEIP '22: International Conference on Software Engineering: Software Engineering in Practice
Nusrat Zahan, Thomas Zimmermann, Patrice Godefroid, Brendan Murphy, Chandra Maddila, Laurie Williams
Do Software Security Practices Yield Fewer Vulnerabilities?
ICSE-SEIP '23: International Conference on Software Engineering: Software Engineering in Practice
Nusrat Zahan, Shohanuzzaman Shohan, Dan Harris, Laurie Williams
IEEE Security & Privacy, 2023
Nusrat Zahan, Parth Kanakiya, Brian Hambleton, Shohanuzzaman Shohan, Dan Harris, Laurie Williams
MSR'24: IEEE/ACM 21st International Conference on Mining Software Repositories (MSR)
Nusrat Zahan, Philipp Burckhardt, Mikola Lysenko, Feross Aboukhadijeh, Laurie Williams
Do I really need all this work to find vulnerabilities? An empirical case study comparing vulnerability detection techniques on a Java application.
EMSE'22: Empirical Software Engineering journal
Sarah Elder, Nusrat Zahan, Rui Shu, Monica Metro, Valeri Kozarev, Tim Menzies, Laurie Williams
Structuring a comprehensive software security course around the OWASP application security verification standard.
ICSE-SEET'21: International Conference on Software Engineering: Software Engineering Education and Training
Sarah Elder, Nusrat Zahan, Rui Shu, Valeri Kozarev, Tim Menzies, Laurie Williams
In-Submission
Comparing Effectiveness and Efficiency of Interactive Application Security Testing (IAST) and Runtime Application Self-Protection (RASP) Tools in a Large Java-based System.
Aishwarya Seth, Saikath Bhattacharya, Sarah Elder, Nusrat Zahan, Laurie Williams