All Stories

  1. Stop Using Vulnerability Counts to Measure Software Security

    Article • Communications of the ACM, July 2025, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  2. An Investigation into Open Source Fairness Tool Sustainability

    Article • June 2025, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  3. "Just Use Rust": A Best-Case Historical Study of Open Source Vulnerabilities in C

    Article • May 2025, Institute of Electrical & Electronics Engineers (IEEE)

    Dr. Andy Meneely

  4. Evaluating Keystroke Dynamics Performance in e-Commerce

    Article • January 2025, Scitepress

    Dr. Andy Meneely

  5. WIP: ChatVis: Enhancing Academic Team Collaboration through WhatsApp Chat Analytics

    Article • October 2024, Institute of Electrical & Electronics Engineers (IEEE)

    Dr. Andy Meneely

  6. Taxonomy-Based Human Error Assessment for Senior Software Engineering Students

    Article • March 2024, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  7. What Happens When We Fuzz? Investigating OSS-Fuzz Bug History

    Article • May 2023, Institute of Electrical & Electronics Engineers (IEEE)

    Dr. Andy Meneely

  8. Examining Penetration Tester Behavior in the Collegiate Penetration Testing Competition

    Article • ACM Transactions on Software Engineering and Methodology, July 2022, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  9. Who are Vulnerability Reporters?

    Article • October 2021, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  10. An Automated Post-Mortem Analysis of Vulnerability Relationships using Natural Language Word Embeddings

    Article • Procedia Computer Science, January 2021, Elsevier

    Dr. Andy Meneely

  11. Characterizing Attacker Behavior in a Cybersecurity Penetration Testing Competition

    Article • September 2019, Institute of Electrical & Electronics Engineers (IEEE)

    Dr. Andy Meneely

  12. Data-Driven Insights from Vulnerability Discovery Metrics

    Article • May 2019, Institute of Electrical & Electronics Engineers (IEEE)

    Dr. Andy Meneely

  13. Pragmatic Characteristics of Security Conversations: An Exploratory Linguistic Analysis

    Article • May 2019, Institute of Electrical & Electronics Engineers (IEEE)

    Dr. Andy Meneely

  14. Attack surface definitions: A systematic literature review

    Article • Information and Software Technology, December 2018, Elsevier

    Dr. Andy Meneely

  15. A dataset for identifying actionable feedback in collaborative software development

    Article • January 2018, Association for Computational Linguistics (ACL)

    Dr. Andy Meneely

  16. A Domain-Independent Model for Identifying Security Requirements

    Article • September 2017, Institute of Electrical & Electronics Engineers (IEEE)

    Dr. Andy Meneely

  17. Examining the relationship between security metrics and user ratings of mobile apps: a case study

    Article • November 2016, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  18. The impact of cross-platform development approaches for mobile applications from the user's perspective

    Article • November 2016, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  19. Vulnerability severity scoring and bounties: why the disconnect?

    Article • November 2016, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  20. Beyond the Attack Surface

    Article • October 2016, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  21. Do bugs foreshadow vulnerabilities? An in-depth study of the chromium project

    Article • Empirical Software Engineering, August 2016, Springer Science + Business Media

    Dr. Andy Meneely

  22. Actionable metrics are better metrics

    Article • January 2016, Elsevier

    Dr. Andy Meneely

  23. Security cannot be measured

    Article • January 2016, Elsevier

    Dr. Andy Meneely

  24. An insider threat activity in a software security course

    Article • October 2015, Institute of Electrical & Electronics Engineers (IEEE)

    Dr. Andy Meneely

  25. Do Bugs Foreshadow Vulnerabilities? A Study of the Chromium Project

    Article • May 2015, Institute of Electrical & Electronics Engineers (IEEE)

    Dr. Andy Meneely

  26. Analyzing Security Data

    Article • January 2015, Elsevier

    Dr. Andy Meneely

  27. An empirical investigation of socio-technical code review metrics and security vulnerabilities

    Article • January 2014, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  28. Teaching Web Engineering using a project component

    Article • October 2013, Institute of Electrical & Electronics Engineers (IEEE)

    Dr. Andy Meneely

  29. When a Patch Goes Bad: Exploring the Properties of Vulnerability-Contributing Commits

    Article • October 2013, Institute of Electrical & Electronics Engineers (IEEE)

    Dr. Andy Meneely

  30. Vulnerability of the Day: Concrete demonstrations for software engineering undergraduates

    Article • May 2013, Institute of Electrical & Electronics Engineers (IEEE)

    Dr. Andy Meneely

  31. Interactive churn metrics

    Article • ACM SIGSOFT Software Engineering Notes, November 2012, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  32. Validating software metrics

    Article • ACM Transactions on Software Engineering and Methodology, November 2012, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  33. Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities

    Article • IEEE Transactions on Software Engineering, November 2011, Institute of Electrical & Electronics Engineers (IEEE)

    Dr. Andy Meneely

  34. Does adding manpower also affect quality?

    Article • September 2011, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  35. Socio-technical developer networks

    Article • May 2011, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  36. Challenges for protecting the privacy of health information

    Article • October 2010, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  37. Strengthening the empirical analysis of the relationship between Linus' Law and software security

    Article • September 2010, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  38. Improving developer activity metrics with issue tracking annotations

    Article • May 2010, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  39. Protection Poker: The New Software Security "Game";

    Article • IEEE Security & Privacy, May 2010, Institute of Electrical & Electronics Engineers (IEEE)

    Dr. Andy Meneely

  40. On the Use of Issue Tracking Annotations for Improving Developer Activity Metrics

    Article • Advances in Software Engineering, March 2010, Wiley

    Dr. Andy Meneely

  41. Secure open source collaboration

    Article • November 2009, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  42. On preparing students for distributed software development with a synchronous, collaborative development platform

    Article • March 2009, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  43. Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer

    Article • January 2009, Springer Science + Business Media

    Dr. Andy Meneely

  44. Predicting failures with developer networks and social network analysis

    Article • November 2008, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  45. ROSE

    Article • June 2008, ACM (Association for Computing Machinery)

    Dr. Andy Meneely

  46. Fifteen compilers in fifteen days

    Article • March 2006, ACM (Association for Computing Machinery)

    Dr. Andy Meneely