I am a second-year PhD student at NC State University. The main focus of my research interest is Software Supply Chain Security related problems. I am currently working with Dr. Laurie Williams on (a) a large-scale study of traditional update metrics and our proposed update metrics of OSS packages in different ecosystem (collaboration with Google and Sonatype), (b) sensitive API usage by different OSS packages (alone and with dependencies) and their potential effect on security advisories or choice of a library from a set of feature-equivalent libraries. The whole goal of the second project is to give developers more visibility about what’s going on in their dependencies (collaboration with Endor Labs).

Here is a link to my Resume.