United States
More information is available on my website: https://daniellegonzalez.github.io I am a Software Engineer at Microsoft. I received my PhD in 2021 from Rochester Institute of Technology, where I was advised by Dr. Mehdi Tarrit Mirakhorli. I am passionate about developer-centric security, developer productivity, mining software repositories, security unit testing (dissertation topic), and vulnerability management.
Building security tools and services for developers; One Engineering System (1ES)
Building security tools and services for developers; One Engineering System (1ES)
Advisor: Dr. Mehdi Mirakhorli I conduct large-scale mixed-methods empirical studies to learn about existing security testing practices and challenges. I apply data mining, static analysis, machine learning to combine knowledge from security testing experts with current practices in OSS. My goal is to use this knowledge base to develop tools and resources for developers and increase early-stage security testing within the software development lifecycle.
Advisor: Dr. Mehdi Mirakhorli Lead researcher for project; developed & applied large-scale data mining and static analysis tools & techniques using Java and Python to perform an empirical study on the prevalence of unit testing in over 80,000 open source projects and measured the use of common testing patterns which enhance the readability, understandability, and maintainability of "xUnit" test code. Published in the Proceedings of the 14th International Conference on Mining Software Repositories Buenos Aires, Argentina May 2017.
SWEN 261 Introduction to Software Engineering with Professor Kenn Martinez Attended and assisted with all lectures introducing students to software engineering processes and graded project artifacts and assignments.
I work with Tom Zimmermann (SAINTes group), Patrice Godefroid (RiSE group), and Max Schaefer (GitHub) to explore techniques for improving supply chain security. This collaboration produced "Anomalicious", an approach for identifying ANOMALous and potentially malLICIOUS commits through analysis of metadata. This unique approach computes and holistically evaluates values for a set of developer-centric sociotechnical factors (eg. trust, ownership, "typical" activity) against configurable thresholds to detect unusual activity and produces descriptive reports for flagged commits. This work is published in the proceedings of the 2021 Software Engineering in Practice (SEiP) track of the International Conference of Software Engineering (ICSE)
I worked with the Empirical Software Engineering (ESE) group within the Research in Software Engineering (RiSE) division of Microsoft Research. My mentor was Tom Zimmerman. During my time here, I conducted empirical studies of GitHub communities by mining and analyzing large datasets of repository metadata.
Responsibilities included maintaining and improving internal web application used for monitoring ongoing work items, improving database performance using query tuning, writing unit tests, and working with QA for test automation.