I am broadly interested in understanding and solving problems related to developing software applications, from embedded software-controlled devices and mobile applications to large software-intensive systems. My objective is to study and improve software engineering techniques that boost the productivity of software developers while preserving the quality (performance, security, reliability, usability, maintainability) of the resulting software products. My work is shaped by observations from empirical studies and industrial experience with real-world systems. I have studied software development in a variety of domains, from bioinformatics to telecommunications. I am interested in improving techniques for different levels of expertise, from educating novice student programmers to supporting veteran software engineers. I have received funding from federal as well as industrial sources.

Understanding Software Evolution

Successful software is continuously modified over time in order to maintain its usefulness – this phenomenon is known as software evolution. My work is mainly on understanding the factors that make software, especially large software systems, easily modifiable and extensible, and evaluating development techniques that facilitate long term software development. My contributions include approaches for studying software history through analysis of software repositories, borrowing techniques from data mining, statistical modeling, graph theory, and data visualization. These analyses have served to provide a better understanding of how long-lived software products have changed over time as well as evaluating the effectiveness and limitations of various reengineering technologies such as software product line engineering and aspect-oriented programming.

Modeling Software Reliability and Security

With the increasing dependence on software controlled applications, software reliability and security have become paramount concerns. My contributions to software reliability include statistical models for predicting software faults and failures, and Petri-net models of software architecture for reliability and capacity analysis. My contributions to software security include classification models of software vulnerability reports to improve categorization and understanding of software security weaknesses and formal specification of legal requirements for security compliance analysis.

Computing Education Research

Educating future software engineers starts with a well-laid foundation in computer science. Industry demands for software engineers continue to outstrip what universities are able to graduate due to insufficient enrollment. Improving the pipeline of students pursuing university degrees that prepare them to be software engineers must deal with two related problems: revitalizing the K-12 computer science education curriculum and preparing teachers to teach K-12 computer science. My research looks at new approaches for CS curriculum design that focus on programming as a problem solving tool rather than programming for its own sake, and how to shift teacher attitudes from focusing on computing technology to focusing on a problem in need of a computational solution.