Research Interest:
Software Security, Software Engineering, Empirical Study, Software Supply Chain Security, Machine Learning
Research Focus
My research focuses on open-source software supply chain security at the intersection of software engineering and security. I study the ecosystem and dependency graph to identify how an attacker can break into a supply chain. I'm particularly interested in using past security incidents to assist software developers with their security tasks. Moreover, I apply empirical data and machine learning approaches to provide developers with actionable security insights.
My current research is focused on identifying security practices and gaps in different open source ecosystems and aims to abstract from the GitHub repository level and bring security check metrics to the ecosystem level for baseline measurement.
Work experience
North Carolina State University
May 2020- Present
Research Assistant- RealSearch Group
Socket, Inc
August 2023- January 2024
Security Research Intern
Microsoft Corporation
May 2021 - August 2021
Research Intern- P&I Group and RiSE
North Carolina State University
January 2020 - April 2020
Teaching Assistant- CSC 515: Software Security Course
NEC Corporation
April 2016 - August 2018
Security Specialist
Education
Ph.D. - Computer Science
January 2020 - December 2024
North Carolina State University
B.Sc. - Electronics & Communication Engineering
July 2011 - June 2015
Khulna University of Engineering & Technology