Laurie Williams

Co-authored papers

2025

• It Should Be Easy but... New Users' Experiences and Challenges with Secret Management Tools

  Proceedings of the ACM SIGSAC Conference on Computer and Communications Security

  Lorenzo Neil, Deepthi Mungara, Laurie Williams, Yasemin Acar, and Bradley Reaves

  DOI PDF

  Insufficient documentation and poor interface design prevent developers from effectively adopting secret management tools, even in simple and ideal scenarios.

• AssetHarvester: A Static Analysis Tool for Detecting Secret-Asset Pairs in Software Artifacts

  Proceedings of the IEEE/ACM International Conference on Software Engineering

  Setu Kumar Basak, K. Virgil English, Ken Ogura, Vitesh Kambara, Bradley Reaves, and Laurie Williams

  DOI PDF

  Static analysis can automatically detects secret-asset pairs across software artifacts, enabling developers to distinguish benign and catastrophic credential exposure.

2023

• A Comparative Study of Software Secrets Reporting by Secret Detection Tools

  ACM/IEEE International Symposium on Empirical Software Engineering and Measurement

  Setu Basak, Jameson Cox, Bradley Reaves, and Laurie Williams

  DOI PDF

  Benchmarks run on nine secret detection tools show that no tool dominates both precision and recall, with errors traced to generic regexes and incomplete rulesets.

• What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts?

  Proceedings of the IEEE/ACM International Conference on Software Engineering

  Setu Kumar Basak, Lorenzo Neil, Bradley Reaves, and Laurie Williams

  DOI

  This qualitative analysis of 779 Stack Exchange questions shows developers face 27 challenges managing checked-in secrets in source code.

• SecretBench: A Dataset of Software Secrets

  Mining Software Repositories Data and Showcase Track

  Setu Kumar Basak, Lorenzo Neil, Bradley Reaves, and Laurie Williams

  DOI PDF

  A labeled benchmark of 97,479 secrets across 818 GitHub repositories enables systematic evaluation of secret detection tools.

2022

• What are the practices for secret management in software artifacts?

  Proceedings of the IEEE Secure Development Conference

  Setu Basak, Lorenzo Neil, Bradley Reaves, and Laurie Williams

  PDF

  A grey literature review distills 24 secret management practices into six categories, finding that local environment variables and external secret management services are the most widely recommended mitigations.