Publications
Refereed Conference/Journal/Workshop Publications
Peer Reviewed Conference Publications
An Industry Interview Study of Software Signing for Supply Chain Security.
Kalu, Singla, Okafor, Torres-Arias, and Davis.
[USENIX Security’25] USENIX Security Symposium, 2025.
Signing in Four Public Software Package Registries: Quantity, Quality, and Influencing Factors.
Schorlemmer, Kalu, Chigges, Ko, Ishgair, Bagchi, and Davis.
[IEEE S&P ‘24] IEEE Symposium on Security and Privacy (SP) 2024, 1160–1178.
Reflecting on the Use of the Policy-Process-Product Theory in Empirical Software Engineering.
Kalu, Schorlemmer, Chen, Robinson, Kocinare, and Davis.
[ESEC/FSE ‘23] Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2023.
An Empirical Study on Using Large Language Models to Analyze Software Supply Chain Security Failures.
Singla, Anandayuvaraj, Kalu, Schorlemmer, and Davis.
[SCORED ‘23] Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses.
Peer Reviewed Workshops/Other Peer Reviewed Publications
Establishing Provenance Before Coding: Traditional and Next-Generation Software Signing.
Schorlemmer, Burmane, Kalu, Torres-Arias, and Davis.
IEEE Security & Privacy, 2025.
Recommending Pre-Trained Models for IoT Devices.
Patil, Jiang, Peng, Lugo, Kalu, LeBlanc, Smith, Heo, Aou, and Davis.
Proceedings of the 7th International Workshop on Software Engineering Research & Practices for the Internet of Things (SERP4IoT) 2025.
Technical Reports
ARMS: A Vision for Actor Reputation Metric Systems in the Open-Source Software Supply Chain.
Kalu, Okorafor, Durak, Laine, Moreno, Torres-Arias, and Davis.
arXiv preprint arXiv:2505.18760, 2025.
Why Johnny Signs with Sigstore: Examining Tooling as a Factor in Software Signing Adoption in the Sigstore Ecosystem.
Kalu, Okorafor, Singla, Torres-Arias, and Davis.
arXiv preprint arXiv:2503.00271, 2025.