The Realsearch group envisions a future where trustworthy software-intensive systems improve the quality of people's lives. These systems will be created by a diverse community of software engineers that will employ methodologies based upon sound scientific research that is disseminated through freely-available, open resources. We envision software developers and researchers partnering to improve the capability of the software industry to efficiently produce trustworthy systems.
News
-
November 01, 2024
Setu's paper accepted at ICSE 2025
Setu’s paper titled “AssetHarvester: A Static Analysis Tool for Detecting Secret-Asset Pairs in Software Artifacts”, co-authored with K. Virgil English, Ken Ogura, Vitesh Kambara, Dr. Brad Reaves and Dr. Laurie Williams accepted at the 47th International Conference on Software Engineering (ICSE 2025).
Read more »
-
June 28, 2023
Setu's paper accepted at ESEM 2023
Setu’s paper titled “A Comparative Study of Software Secrets Reporting by Secret Detection Tools”, co-authored with Jamison Cox, Dr. Brad Reaves and Dr. Laurie Williams accepted at the International Symposium on Empirical Software Engineering and Measurement (ESEM 2023).
Read more »
-
March 07, 2023
Setu's paper accepted at MSR 2023
Setu’s paper titled “SecretBench: A Dataset of Software Secrets”, co-authored with Lorenzo Neil, Dr. Brad Reaves and Dr. Laurie Williams accepted at the 20th International Conference on Mining Software Repositories (MSR 2023).
Read more »
-
December 08, 2022
Setu's paper accepted at ICSE 2023
Setu’s paper titled “What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts?”, co-authored with Lorenzo Neil, Dr. Brad Reaves and Dr. Laurie Williams accepted at the 45th International Conference on Software Engineering (ICSE 2023).
Read more »
-
August 06, 2022
Setu's paper accepted at SecDev 2022
Setu’s paper titled “What are the Practices for Secret Management in Software Artifacts?”, co-authored with Lorenzo Neil, Dr. Brad Reaves and Dr. Laurie Williams accepted at the 2022 IEEE Secure Development Conference (SecDev).
Read more »
Research
Security Requirements
The goal of this research is to support analysts in security requirements engineering by developing and researching a frameworks, tools, and processes for producing and improving security requirements.
Surfacing Security Metrics from Throughout a Package's Dependency Tree (Survey)
Aid practitioners in making informed decisions about which third-party packages to use or replace
The goal of this research is to aid developers and software architects in making good component choices through an analysis of the relevance and utility of security metrics from the entire dependency tree associated with a package.
Risk-based Secret Detection
Aid practitioners to identify checked-in credentials and mitigate secrets leakage
The goal of this project is to aid software practitioners in reducing the security risk of checked-in secrets through the development of empirically-based tools for identifying and prioritizing the eradication of already checked-in secrets and techniques for securely managing secrets to prevent injection of secrets into a codebase.
Software Vulnerability Detection
Diagnosing and Triaging Software Security Problems
The goal of this research is to aid practitioners in determining which Vulnerability Detection Tools and Techniques to use, and how to use them. (Photo of the original Computer Bug Courtesy of the Naval Surface Warfare Center, Public domain, via Wikimedia Commons - we have been working on research in bugs and vulnerabilities for a long time, but not THAT long)
Supply Chain Security Metrics
Aid practitioners to identify secure software products in software ecosystem
The goal of this research is to aid practitioners in producing more secure software products through the development of actionable security metrics, the identification of weak link signals, and the leveraging of software security measures in dependency graphs to select good components.
P4-Misuse
Reasoning about Accidental and Malicious Misuse via Formal Models of User Expectations and Software Systems
To aid security analysts in identifying and protecting against accidental and malicious actions by users or software through automated reasoning on unified representations of user expectations and software implementation to identify misuses sensitive to usage and machine context.
