Lorenzo Neil

Co-authored papers

2025

• It Should Be Easy but... New Users' Experiences and Challenges with Secret Management Tools

  Proceedings of the ACM SIGSAC Conference on Computer and Communications Security

  Lorenzo Neil, Deepthi Mungara, Laurie Williams, Yasemin Acar, and Bradley Reaves

  DOI PDF

  Insufficient documentation and poor interface design prevent developers from effectively adopting secret management tools, even in simple and ideal scenarios.

2023

• Who Comes Up with this Stuff? Interviewing Authors to Understand How They Produce Security Advice

  Symposium on Usable Privacy and Security

  Lorenzo Neil, Harshini Sri Ramulu, Yasemin Acar, and Bradley Reaves

  PDF

  Interviews with 21 security advice authors reveal that prioritizing breadth over curation drives the overproduction of guidance that overwhelms users.

• What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts?

  Proceedings of the IEEE/ACM International Conference on Software Engineering

  Setu Kumar Basak, Lorenzo Neil, Bradley Reaves, and Laurie Williams

  DOI

  This qualitative analysis of 779 Stack Exchange questions shows developers face 27 challenges managing checked-in secrets in source code.

• SecretBench: A Dataset of Software Secrets

  Mining Software Repositories Data and Showcase Track

  Setu Kumar Basak, Lorenzo Neil, Bradley Reaves, and Laurie Williams

  DOI PDF

  A labeled benchmark of 97,479 secrets across 818 GitHub repositories enables systematic evaluation of secret detection tools.

2022

• What are the practices for secret management in software artifacts?

  Proceedings of the IEEE Secure Development Conference

  Setu Basak, Lorenzo Neil, Bradley Reaves, and Laurie Williams

  PDF

  A grey literature review distills 24 secret management practices into six categories, finding that local environment variables and external secret management services are the most widely recommended mitigations.

2021

• Investigating Web Service Account Remediation Advice

  Symposium on Usable Privacy and Security

  Lorenzo Neil, Elijah Bouma-Sims, Evan Lafontaine, Yasemin Acar, and Bradley Reaves

  PDF

  Only 39% of 57 popular web services provide guidance covering all five phases of compromised account recovery, leaving most users without adequate remediation support.