About

I am currently working as a Postdoctoral Research Fellow at Idaho State Univerisity. I am working with Dr. Minhaz Zibran on enhancing security defect identification during peer code reviews. I completed my PhD in Computer Science from Wayne State University. I worked at the Software Engineering Analytics Lab (SEAL) under the supervision of Dr. Amiangshu Bosu. My research interests lie in the area of Software Engineering, particularly in empirical software engineering, software security and vulnerabilities, peer code review, and mining software repositories. In my PhD thesis, I focused on improving the effectiveness of peer code review in identifying software security defects. Prior to starting my PhD, I worked in multiple software industries in my home country, Bangladesh. I completed my BSc in Computer Science and Engineering from Bangladesh University of Engineering and Technology.

Research

Identifying the Challenges in Security Code Reviews and Building Effective Strategies

This project aims to identify the challenges developers face when conducting security code reviews and how to build effective security code review strategies. To achieve this goal, we designed an online survey questionnaire and sent it to developers with expertise in participating in security code reviews. We conducted qualitative and quantitative analyses of their responses to identify the challenges developers face during security code reviews and to determine how we can develop effective security code review strategies.


Real-Time Identification of Potential Security Concerns during Code Reviews

This project aims to identify a security concern as soon as that appears during code review. To achieve this goal, we leveraged code review comments and corresponding source code. We developed two types of deep learning classifiers: (i) code review comment based (BERT) and (ii) source code based (CodeBERT, GraphCodeBERT). The best ensemble model achieved an F1-score of 79.8% in identifying security concerns during code reviews.


Identifying Why Security Defects go Unnoticed during Code Reviews

This project aims to identify code review attributes and developer characteristics that differ when security defects escape code reviews. On this goal, we mined open-source software repositories and developed a MySQL database of code reviews. We developed a Logistic Regression model to distinguish code reviews that miss security defects from code reviews that do not. The model achieves an AUC score of 0.914 with an R2 of 0.6375. In addition, we identified and characterized security defects that are more probable to escape code reviews.


Identifying the Differences in Expressions of Sentiments during Code Reviews

This study identifies the differences in expressions of sentiments between male and female developers during various software engineering tasks. With this goal, we mined the code review repositories of six popular OSS projects. We used a semi-automated approach leveraging the name as well as multiple social networks to identify the gender of a developer. Using SentiSE, a customized and state-of-the-art sentiment analysis tool for the software engineering domain, we classify each communication as negative, positive, or neutral. We also compute the frequencies of sentiment words, emoticons, and expletives used by each developer. Our results suggest that the likelihood of using sentiment words, emoticons, and expletives during code reviews varies based on the gender of a developer.

Publications

 TOSEM  Sayma Sultana, Jaydeb Sarker, Farzana Israt, Rajshakhar Paul, Amiangshu Bosu, "Automated Identification of Sexual Orientation and Gender Identity Discriminatory Texts from Issue Comments." ACM Transactions on Software Engineering and Methodology, 2024 (under review).

 ASE'2022  Rajshakhar Paul, "ASTOR: An Approach to Identify Security Code Reviews." In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), Michigan, USA, 2022.

 ESEC/FSE'2021  Rajshakhar Paul, "Improving the Effectiveness of Peer Code Review in Identifying Security Defects." In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), pp. 1645-1649. Athens, Greece, 2021.

 ICSE'2021  Rajshakhar Paul, Asif Kamal Turzo, and Amiangshu Bosu. "Why Security Defects Go Unnoticed during Code Reviews? A case-control study of the Chromium OS project." In IEEE/ACM 43rd International Conference on Software Engineering (ICSE), pp. 1373-1385. Madrid, Spain, 2021.

 ICSE'2021  Rajshakhar Paul, Asif Kamal Turzo, and Amiangshu Bosu. "A Dataset of Vulnerable Code Changes of the Chromium OS project." In IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pp. 244-245. Madrid, Spain, 2021.

 SANER'2019  Rajshakhar Paul, Amiangshu Bosu, and Kazi Zakia Sultana. "Expressions of sentiments during code reviews: Male vs. female." In IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 26-37. Hangzhou, China, 2019.

 SocInfo'2015  Himel Dev, Mohammed Eunus Ali, Jalal Mahmud, Tanmoy Sen, Madhusudan Basak, and Rajshakhar Paul. "A real-time crowd-powered testbed for content assessment of potential social media posts." In International Conference on Social Informatics, pp. 136-152. Beijing, China, 2015.

 ICCIT'2014  Shibbir Ahmed, Rajshakhar Paul, and Abu Sayed Md Latiful Hoque. "Knowledge discovery from academic data using Association Rule Mining." In 17th international conference on computer and information technology (ICCIT), pp. 314-319. Dhaka, Bangladesh, 2014.

Recent News

  • May, 2023: Defended my PhD.
  • February, 2023: Served as a junior PC member at MSR 2023.
  • October 10-14, 2022: Attended ASE 2022 in Michigan, USA. Served as a Student Volunteer.
  • September 30, 2022: Completed my PhD Proposal Defense.
  • August 2022: Served as a PC member in ASE Late Breaking Results (LBR) track.
  • June 2021: My doctoral research proposal has been accepted at ESEC/FSE 2021. Preprint here.
  • May 22-27, 2021: Attended ICSE 2021 (Virtual). Presented our work.
  • January, 2021: Worked as a Shadow PC Member at MSR 2021.
  • December, 2020: Worked as an Additional Reviewer at ICSE 2021 Demonstrations Track.
  • December 15, 2020: Our work on "Why Security Defects Go Unnoticed during Code Reviews?" has been accepted at ICSE 2021. Preprint here.
  • November 8-12, 2020: Attended virtual ESEC/FSE 2020. Participated as a Student Volunteer.
  • March 26, 2020: Passed the PhD Qualifying Exam.
  • February 25, 2019: Presented a talk on our paper at SANER 2019.
  • February 24-27, 2019: Attended SANER 2019 in Hangzhou, China.
  • November 30, 2018: Our paper on identifying differences in expression of sentiments during code review has been accepted to SANER 2019. Preprint here.

Contact

Location:

5057 Woodward Ave., Suite# 3105
Detroit, MI 48202

Designed by BootstrapMade