The Realsearch group envisions a future where trustworthy software-intensive systems improve the quality of people's lives. These systems will be created by a diverse community of software engineers that will employ methodologies based upon sound scientific research that is disseminated through freely-available, open resources. We envision software developers and researchers partnering to improve the capability of the software industry to efficiently produce trustworthy systems.
News
-
June 28, 2023
Setu's paper accepted at ESEM 2023
Setu’s paper titled “A Comparative Study of Software Secrets Reporting by Secret Detection Tools”, co-authored with Jamison Cox, Dr. Brad Reaves and Dr. Laurie Williams accepted at the International Symposium on Empirical Software Engineering and Measurement (ESEM 2023).
Read more »
-
March 07, 2023
Setu's paper accepted at MSR 2023
Setu’s paper titled “SecretBench: A Dataset of Software Secrets”, co-authored with Lorenzo Neil, Dr. Brad Reaves and Dr. Laurie Williams accepted at the 20th International Conference on Mining Software Repositories (MSR 2023).
Read more »
-
December 08, 2022
Setu's paper accepted at ICSE 2023
Setu’s paper titled “What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts?”, co-authored with Lorenzo Neil, Dr. Brad Reaves and Dr. Laurie Williams accepted at the 45th International Conference on Software Engineering (ICSE 2023).
Read more »
-
August 06, 2022
Setu's paper accepted at SecDev 2022
Setu’s paper titled “What are the Practices for Secret Management in Software Artifacts?”, co-authored with Lorenzo Neil, Dr. Brad Reaves and Dr. Laurie Williams accepted at the 2022 IEEE Secure Development Conference (SecDev).
Read more »
-
May 01, 2019
Akond wins Distinguished Paper Award at ICSE 2019
Akond Rahman’s paper titled “The Seven Sins: Security Smells in Infrastructure as Code Scripts”, co-authored with Drs. Christopher Parnin and Laurie Williams wins Distinguished Paper Award at the 41st ACM/IEEE International Conference on Software Engineering (ICSE 2019).
Read more »
Research
Risk-based Secret Detection
Aid practitioners to identify checked-in credentials and mitigate secrets leakage
The goal of this project is to aid software practitioners in reducing the security risk of checked-in secrets through the development of empirically-based tools for identifying and prioritizing the eradication of already checked-in secrets and techniques for securely managing secrets to prevent injection of secrets into a codebase.
Software Vulnerability Detection
Diagnosing and Triaging Software Security Problems
The goal of this research is to aid practitioners in determining which Vulnerability Detection Tools and Techniques to use, and how to use them. (Photo of the original Computer Bug Courtesy of the Naval Surface Warfare Center, Public domain, via Wikimedia Commons - we have been working on research in bugs and vulnerabilities for a long time, but not THAT long)
Supply Chain Security Metrics
Aid practitioners to identify secure software products in software ecosystem
The goal of this research is to aid practitioners in producing more secure software products through the development of actionable security metrics, the identification of weak link signals, and the leveraging of software security measures in dependency graphs to select good components.
P4-Misuse
Reasoning about Accidental and Malicious Misuse via Formal Models of User Expectations and Software Systems
To aid security analysts in identifying and protecting against accidental and malicious actions by users or software through automated reasoning on unified representations of user expectations and software implementation to identify misuses sensitive to usage and machine context.
