This is a brief for the research paper “Reflecting on Recurring Failures in IoT Development”, published at the IEEE/ACM 2022 conference on Automated Software Engineering (ASE) — New Ideas and Emerging Results Track. This work was led by Dharun Anandayuvaraj. The full paper is available here. …

This is a brief for the research paper “SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties”, published at ACM:SCORED 2022. This work was led by Chinenye Okafor and Taylor R. Schorlemmer. The full paper is here. Taylor R. …

This is a brief for the research paper “An Empirical Study of Artifacts and Security Risks in the Pre-trained Model Supply Chain”, published at SCORED 2022. The full paper is available here, with code and data available here. The paper was led by my student Wenxin Jiang. …

This is my advice for computing students who were hoping for — but did not get — a summer internship in software engineering. Two things not to do First of all, don’t panic. Internships are a helpful way to prepare for a career in computing, but they are certainly not the only way. Second, don’t…

This post proposes a metaphor for software engineering: software fatigue. First I’ll talk briefly about the role of metaphor in software engineering, and then I’ll talk about the proposed metaphor. Metaphors in software engineering In “Metaphors We Live By”, Lakoff & Johnson argue that humans use metaphor to understand unfamiliar topics. Through a metaphor…

This is a brief for the research paper “Exploiting Input Sanitization for Regex Denial of Service”, published at ICSE 2022. This work was led by my students Efe Barlas and Xin Du. The full paper is here. They also wrote this brief, which I have lightly edited. In this article…

This is a brief for the research paper “Low-Power Multi-Camera Object Re-Identification using Hierarchical Neural Networks”, published in the 2021 IEEE/ACM International Symposium on Low Power Electronics and Design (ISLPED’21). This brief was authored by the paper’s lead author, Abhinav Goel. The goal of this paper was to develop an…

This is a brief for the research paper “A Replication of ‘DeepBugs: A Learning Approach to Name-based Bug Detection’”, published in the artifact track of ESEC/FSE 2021 [0]. This paper resulted from a course project in my course ECE 595: Advanced Software Engineering at Purdue University. Original paper In 2018, Pradel &…

Follow-up note on 19 May 2021: This post was written concurrent with discussions across the cybersecurity research community. Since then: The authors withdrew their paper; the conference chairs described significant changes for the next edition of the conference; the Linux community issued a statement. …