Setu Kumar Basak

Setu Kumar Basak

Graduate Research Assistant at NCSU WSPR Lab

About Me

I am a Ph.D. student at North Carolina State University, where I work in the WSPR lab and Realsearch group under the supervision of Dr. Laurie Williams. I am interested in data-driven discovery and analytics to validate, evolve, and solidify the theory and practice of software security. To keep pace with the increasing reliance on secure software in our daily life and industry, it is an open query for all practitioners to detect security breaches at the earliest phase of SDLC. My current research is focused on risk-based software secret management. My recent research includes the challenges developers face about checked-in secrets in software artifacts and finding the best practices for secret management in software artifacts. In addition, I have curated SecretBench, a benchmark dataset for future researchers, and used the dataset to find the efficiency and effectiveness of secret detection tools. Recently, we developed a novel static analysis tool, AssetHarvester, to detect the assets protected by secrets in software artifacts and aid developers in prioritizing the mitigation of secrets. All these works have been published at International conferences such as ICSE, MSR, ESEM, and SecDev.

Previously, I worked at Enosis Solutions for five years, where I developed dental practice management and opportunity model analysis software. Before that, I completed my Bachelor in Computer Science and Engineering from Khulna University of Engineering and Technology.

I am actively looking for full time positions as a Research Scientist or Software Engineer, so feel free to message me if your team is hiring!

Recent News:

November 01, 2024: Our paper, “AssetHarvester: A Static Analysis Tool for Detecting Secret-Asset Pairs in Software Artifacts” has been accepted at the 47th International Conference on Software Engineering (ICSE 2025).

June 03, 2024: I started my summer internship with Fidelity Investments.

May 01, 2024: I passed the PhD Oral prelim exam!

October 27, 2023: I presented our work Comparison of Secret Detection Tools at ESEM 2023 in New Orleans, USA.

June 28, 2023: Our paper, “A Comparative Study of Software Secrets Reporting by Secret Detection Tools” has been accepted at the International Symposium on Empirical Software Engineering and Measurement (ESEM 2023).

May 14-20, 2023: I presented our work Checked-in secrets challenges and SecretBench at ICSE 2023 and MSR 2023 in Melbourne, Australia.

March 08, 2023: I passed the written prelim exam!

March 07, 2023: Our paper, “SecretBench: A Dataset of Software Secrets” has been accepted at the 20th International Conference on Mining Software Repositories (MSR 2023).

December 08, 2022: Our paper, “What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts?” has been accepted at the 45th International Conference on Software Engineering (ICSE 2023).

October 20, 2022: I presented our work at IEEE SecDev, 2022

August 03, 2022: Our paper, “What are the Practices for Secret Management in Software Artifacts?” has been accepted at the 2022 IEEE Secure Development Conference (SecDev).

May 16, 2022: I started working as a Research Assistant under supervision of Dr. Laurie Williams.

January 10, 2022: I joined the Wolfpack Security and Privacy Research (WSPR) Lab. I will be a TA for Software Security (CSC 515) this Spring.

August 16, 2021: Starting my Ph.D journey in Computer Science at NC State University. I will be a TA for Introduction to Computing (CSC 116) course this fall.