Ranindya Nanin Paramitha
Postdoctoral Research Scholar
Department of Computer Science
Software Security, Software Supply Chain Security
Engineering Building II (EB2) 2240
rparami@ncsu.eduBio
Postdoctoral Research Scholar at Secure Software Supply Chain Center at North Carolina State University, USA.
Focusing on software supply chain security under the supervision of Dr. Laurie Williams.
Education
PhD Information Engineering and Computer Science University of Trento, Italy 2025
Master Informatics Institut Teknologi Bandung, Indonesia 2021
Bachelor Informatics Institut Teknologi Bandung, Indonesia 2020
Area(s) of Expertise
My research lies at the intersection of systems and security, software engineering, and artificial intelligence, with a focus on empirical software security, particularly in software supply chain security. My research covers mining software repositories (MSR) for security, AI for security, vulnerability detection, vulnerability repair, and human-centered security research. My research balances both theory and practice, quantitative and qualitative, with an emphasis on conducting empirical analysis and measurement in software security, while also experimenting with human developers to validate the methodology in software security, a rapidly growing field.
Publications
- Addressing combinatorial experiments and scarcity of subjects by provably orthogonal and crossover experimental designs , Journal of Systems and Software (2024)
- Hash4Patch: A Lightweight Low False Positive Tool for Finding Vulnerability Patch Commits , Proceedings of the 21st International Conference on Mining Software Repositories (2024)
- Known Vulnerabilities of Open Source Projects: Where Are the Fixes? , IEEE Security & Privacy (2024)
- On the acceptance by code reviewers of candidate security patches suggested by Automated Program Repair tools , Empirical Software Engineering (2024)
- APR4Vul: an empirical study of automatic program repair techniques on real-world Java vulnerabilities , Empirical Software Engineering (2023)
- Technical leverage analysis in the Python ecosystem , Empirical Software Engineering (2023)
- Lightweight Parsing and Slicing for Bug Identification in C , Proceedings of the 17th International Conference on Availability, Reliability and Security (2022)
- On the acceptance by code reviewers of candidate security patches suggested by Automated Program Repair tools , arXiv (Cornell University) (2022)
- On the feasibility of detecting injections in malicious npm packages , Proceedings of the 17th International Conference on Availability, Reliability and Security (2022)
- Mining Software Repository for Security Smell Code Review , 2021 International Conference on Data and Software Engineering (ICoDSE) (2021)