The document discusses the role of software engineering research in making societal impacts, emphasizing the need for practitioners to adopt secure coding practices. It outlines challenges faced by stakeholders and the importance of collaboration between academia and industry to address these issues through empirical studies. The research aims to enhance the utility of tools like static analysis in improving software security and ethical practices in coding.

1. Software Engineering
Research: Beyond Impacting
Practitioners
Laurie Williams
North Carolina State University
laurie_williams@ncsu.edu

2. Blessed are the meek for
they shall inherit the earth.
-- Matthew 5:5

3. The nerds inherited the earth.
-- Alex Stamos, Stanford
USENIX Security Keynote 2019
… we gotta do better.

4. Centennial Campus
On penetrating your psyche …. Truth!

6. Making the world a better place

7. Making the world a better place

8. Ecosystem of Scientific and Societal Impact
State of Art
State of Practice
State of Society

9. SoA SoP
SoS
“Every line of code has a moral and ethical implication.”
--- Grady Booch, ICSE SEIS Keynote, 2015

11. The Stamos
Hierarchy of the
Actual Bad Stuff
that Happens
Online to Real
People
Misuse
InfoSec
Alex Stamos keynote at USENIX Security 2019 [Alex had said “abuse” rather than “misuse”; underlining emphasis added.]

12. InfoSec
Account Lifecycle/Passwords
Patching
Simple Config Errors
Old App Vulns
USENIX
{

13. https://twitter.com/worldwise001/status/1161683477676171264

14. Ecosystem of Scientific and Societal Impact: ICSME
State of Art
State of Practice
State of Society

15. WHO am I serving?
WHAT is their challenge?
•The goal of this research is to aid [stakeholder] to [solve
problem] through [research technique].
• The goal of this research is to help practitioners avoid insecure
coding practices while developing infrastructure as code (IaC) scripts
through an empirical study of security smells in IaC scripts.
• The goal of this paper is to aid researchers and tool makers in
improving the utility of static analysis tools through an empirical
study of developer action on the alerts detected by Coverity, a state-
of-the-art static analysis tool.

16. Stakeholders @ ICSME

17. Problems @ ICSME

18. In the absence of a stakeholder and/or problem …
How is the world a better place?

19. State of the Art
State of Art State of Practice State of Society
State of Art

20. Do you care about the kids?

21. Centennial Campus
State of the Practice
State of Art State of Practice State of Society

22. Industry Has …

23. Academia Has …

24. Together We Have …

26. Ain’t Nothing Like the Real Thing, Baby …

27. Ain’t Nothing Like the Real Thing, Baby …

28. Intentional relevance check

30. Continuous Deployment Summits 2015-2019
Security Summit 2019

32. Protection Poker

34. Centennial Campus
State of Society
… and my mother and father and
neighbor and boss and friend and
sister and brother and dog and
wildlife …
…
State of Art State of Practice State of Society

35. “… considering the needs of the users and developers of
software as well as considering the potential impact
software could have on people.”
State of Art State of Practice State of Society

36. “… contributions that highlight how software engineering
can address the opportunities and challenges posed by
the rapidly accelerating pace of technological advances
impacting the economic, political, environmental, social,
and technical aspects of society.”

37. Software Engineering in
Society @ ICSE
• The goal of this research is to aid [stakeholder] to [solve
problem] through [research technique].

38. Contributing to ICSE SEIS

39. Stakeholders @ ICSE SEIS

40. Problems @ ICSE SEIS

41. Drive car
Lock car
Steal car
<<threatens>>
<<mitigates>>

42. Whistleblow
Communicate
to journalists
<<mitigates>>
<<mitigates>>
Host child
porn
Sell illicit
drugs
???

43. Connect
with friends
Communicate
news
<<mitigates>>
<<mitigates>>
Fake news
Bully
???

44. Appreciate
nature
Build
relationships
<<mitigates>>
<<mitigates>>
Stalk you
Sell you
stuff
???

48. SoA SoP
SoS
The Balance of Impact

49. Personal takeaway …
People

50. The nerds inherited the earth.
-- Alex Stamos, Stanford
USENIX Security Keynote 2019
… we gotta do better.

51. References
• Garousi, V., Petersen, K., and Ozkan, B., Challenges and best practices in industry-academia
collaborations in software engineering: A systematic literature review, Information and Software
Technology 79 (2016), pp. 106-127.
• C. Wohlin, "Empirical software engineering research with industry: Top 10 challenges," 2013 1st
International Workshop on Conducting Empirical Studies in Industry (CESI), San Francisco, CA, 2013,
pp. 43-46.
• Garousi, V., Felderer, M., Fernandes. J., Pfahl, D., Mäntylä, M., Industry-academia collaborations in
software engineering: An empirical analysis of challenges, patterns and anti-patterns in research
projects, Evaluation and Assessment in Software Engineering (EASE) 2017, pp. 224-229.
• C. Wohlin et al., "The Success Factors Powering Industry-Academia Collaboration," in IEEE Software,
vol. 29, no. 2, pp. 67-73, March-April 2012.
• P. Runeson, "It Takes Two to Tango -- An Experience Report on Industry -- Academia Collaboration,"
2012 IEEE Fifth International Conference on Software Testing, Verification and Validation, Montreal,
QC, 2012, pp. 872-877.
• Garousi V., et al. Characterizing industry-academia collaborations in software engineering: evidence
from 101 projects, Empirical Software Engineering, 2019, Vol 24, pp. 2540-2602.

52. Photo credits• http://ezlnk.me/we-need-each-other-quotes/mcdq-01-20-jpg-download-true-with-we-need-each-other-quotes/
• http://thecybersaviours.com/intrusion-detection-system-ids
• http://garysreflections.blogspot.com/2011/02/chinese-hackers-now-hitting-major.html
• http://wicklownews.net/2018/08/a-new-high-tech-era-for-arklow-with-proposed-data-centre-development-at-avoca-river-park/
• http://impactgroupinternational.com/
• https://www.brandknewmag.com/relevance-some-brands-have-it-some-need-it/
• https://www.wired.com/story/facebook-security-breach-50-million-accounts/
• https://www.cnbc.com/2018/10/11/reuters-america-senators-asks-google-to-explain-delay-in-disclosing-vulnerability.html
• https://www.zdnet.com/article/hackers-and-defenders-continue-cyber-security-game-of-cat-and-mouse/
• http://itnewscast.com/book/export/html/62241
• http://www.my-programming.com/2011/10/how-to-become-a-programmer/
• https://www.facebook.com/scientistsoundscience/photos/a.1082649885079876/1082649828413215/?type=1&theater
• https://www.pinterest.com/pin/509188301593082640/
• https://www.cybersecurity-insiders.com/your-data-is-still-leaving-the-building-2/
• https://www.tutorialspoint.com/5g/5g_challenges.htm
• http://russellhylton.blogspot.com/2010/06/no-time-for-god-practical-perspectives.html
• https://sotapodcast.com/
• https://www.iconxsolutions.com/news/we-are-looking-software-development-manager
• https://www.cosmoconsult.com/business-and-it-consulting/business-consulting/
• https://www.youtube.com/watch?v=Wl92bHtrOvA
• https://www.mountaingoatsoftware.com/agile/planning-poker

53. Photo credits – 2
• http://news.mit.edu/2017/networks-neurons-stretch-compress-control-timing-1204
• http://www.yamasuta.com/StaticAnalysis/NoDataAvailable
• https://alliedpra.com/curiosity-secret-weapon/
• https://www.searchenginejournal.com/seo-guide/search-authority/
• http://www.impacthosting.co.uk/impact/
• https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5772951
• https://www.percona.com/blog/2016/02/19/myth-busting-mongodbs-scalability/
• https://www.slideshare.net/lazerow/social-brand-marketing-for-web-20-presentation/9-Not_scalable
• https://www.varmour.com/product/software-based-segmentation-and-microsegmentation
• https://rahylazdiary.wordpress.com/2015/01/08/winning-together/
• https://jooinn.com/light-bulb-idea.html
• http://thesocietyonline.org/respect-relevance-and-authenticity-in-rap-music/
• https://en.wikipedia.org/wiki/Data_sharing
• http://thesocietyonline.org/respect-relevance-and-authenticity-in-rap-music/
• https://www.ncpedia.org/anchor/research-triangle-park
• https://bozone.com/9982-2/
• http://sheaspring.org/program/preconference-workshop/
• https://www.momtastic.com/parenting/101560-do-babies-recognize-themselves-in-the-mirror/
• https://www.officevibe.com/blog/how-to-motivate-employees
• https://www.123greetings.com/events/national_beer_day/were_better_together.html
• https://medium.com/mbreads/crossing-the-chasm-6fe8426eb270

54. Photo credits - 3
• http://blogs.nottingham.ac.uk/digitalresearch/2017/04/27/research-software-engineering-data-driven-discovery/
• https://learning.linkedin.com/blog/tech-tips/the-fastest-growing-skills-among-software-engineers--and-how-to-
• https://deliberatedevelopment.org/2018/03/05/is-work-life-balance-attainable/
• https://www.cnn.com/2019/08/16/health/iyw-back-to-school-kids-poverty-how-to-help-trnd/index.html
• https://www.midwestpeople.com/metal-individuals-are-the-backbone-of-society.html
• https://javier-ramon-brito.bandcamp.com/merch/lets-make-the-world-a-better-place
• https://ib.bioninja.com.au/standard-level/topic-4-ecology/44-climate-change/precautionary-principle.html
• https://tenor.com/search/purple-minion-gifs
• https://giphy.com/gifs/minions-m6OomwWCojfS8
• https://houseandhome.com/gallery/organized-kids-rooms/
• https://www.mnn.com/family/family-activities/blogs/how-to-get-kids-to-clean-their-rooms
• https://www.sowhatresearch.com.au/
• http://thisstuffreallyworks.mindwarriorforum.com/so-youve-created-your-own-product-now-what/
• https://www.greetingsisland.com/preview/cards/for-sharing-your-widsom/545-7435
• https://www.youtube.com/watch?v=wCBKfPV0Rbg
• https://lotuspeople.com.au/congrats-jess-new-role-happy-anniversary-kelsey/well-done/
• http://www.directworksmedia.com/blog/2015/10/12/getting-know-agile-software-development-team/
• https://www.firstcomicsnews.com/incoming/
• https://www.wisegeek.com/what-are-the-different-types-of-continuing-education-courses.htm