Sitemap

Page Not Found

Hi there

Archive Layout with Content

Posts by Category

Posts by Collection

CV

Year-Round Deadlines

Markdown

Page not in menu

Page Archive

Portfolio

Publications

Sitemap

Posts by Tags

Talk map

Talks and presentations

Teaching

Terms and Privacy Policy

Blog posts

AGENTS

Jupyter notebook markdown generator

Future Blog Post

less than 1 minute read

Published: January 01, 2199

This post will show up by default. To disable scheduling of future posts, edit config.yml and set future: false.

Blog Post number 4

less than 1 minute read

Published: August 14, 2015

This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.

Blog Post number 3

less than 1 minute read

Published: August 14, 2014

This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.

Blog Post number 2

less than 1 minute read

Published: August 14, 2013

This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.

Blog Post number 1

less than 1 minute read

Published: August 14, 2012

This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.

Portfolio item number 1

Short description of portfolio item number 1

Portfolio item number 2

Short description of portfolio item number 2

SecureImgStego: A Keyed Shuffling-based Deep Learning Model for Secure Image Steganography

Published in 2023 IEEE Conference on Communications and Network Security (CNS), 2023

In this study, we uncovered the inherent vulnerabilities in deep learning based steganogaphic systems, and proposed simple shuffling based solution to mitigate that.

Download Paper

How Quickly Do Developers Update Their Vulnerable Dependencies?

Published in arxiv, 2024

We quantified the updatedness of dependencies and updatedness of vulnerable dependencies in the context of open source dependencies in this project. The idea is very common in Reliability domain (e.g., Mean-Time-To-Update, Mean-Time-To-Repair, Mean-Time-To-Remediate). We did a large-scale study of our proposed update metrics in NPM, PyPI, and Cargo packages.

Download Paper

What’s in a Package? Getting Visibility Into Dependencies Using Security-Sensitive API Calls

Published in arxiv, 2024

We made a list of Security Sensitive APIs in Java using JDK documentation, past CVE fixes, and CWE examples. We then measured the prevalence of these Security-Sensitive API usage in our chosen 45 Java packages and in their dependencies. We finally conducted a developer survey to validate whether security-sensitive API information can be helpful in selecting dependencies.

Download Paper

Towards a Taxonomy of Challenges in Security Control Implementation

Published in 2024 Annual Computer Security Applications Conference (ACSAC), 2024

A taxonomy of challenges encountered when implementing security controls.

Download Paper

S3C2 Summit 2024-09: Industry Secure Software Supply Chain Summit

Published in arxiv, 2025

An industry-focused summit report on secure software supply chains.

Download Paper

If you cannot Measure it, you cannot Secure it: A Case Study on Metrics for Informed Choice of Security Controls

Published in Journal of Information Security and Applications, 2025

A case study on metrics that inform selection of security controls.

Download Paper

Research Directions in Software Supply Chain Security

Published in ACM Transactions on Software Engineering and Methodology, 2025

A roadmap of research directions for software supply chain security.

Download Paper

Relative Positioning Based Code Chunking Method For Rich Context Retrieval In Repository Level Code Completion Task With Code Language Model

Published in Context Collection Workshop 2025 (co-located with ASE 2025), 2025

A code chunking method for richer context retrieval in repository-level code completion.

Download Paper

Which Is Better For Reducing Outdated and Vulnerable Dependencies: Pinning or Floating?

Published in 40th IEEE/ACM International Conference on Automated Software Engineering, ASE 2025, 2025

An empirical comparison of pinning vs. floating dependency declarations.

Download Paper

Talk 1 on Relevant Topic in Your Field

Published: March 01, 2012

This is a description of your talk, which is a markdown files that can be all markdown-ified like any other post. Yay markdown!

Tutorial 1 on Relevant Topic in Your Field

Published: March 01, 2013

More information here

Talk 2 on Relevant Topic in Your Field

Published: February 01, 2014

More information here

Conference Proceeding talk 3 on Relevant Topic in Your Field

Published: March 01, 2014

This is a description of your conference proceedings talk, note the different field in type. You can put anything in this field.

Teaching experience 1

Undergraduate course, University 1, Department, 2014

This is a description of a teaching experience. You can use markdown like any other post.

Teaching experience 2

Workshop, University 1, Department, 2015

This is a description of a teaching experience. You can use markdown like any other post.