Lisa Nguyen Quang Do
Lisa is a Software Engineer at Google Zurich. Her research focuses on improving the usability of analysis tools for code developers through different aspects that range from the optimization of the analysis algorithm to the implementation of its framework to the usability of its interface. In general, her research spans scalable static analysis, usable tooling, and secure software engineering, winning her an ACM SIGSOFT Distinguished paper award, the first place at the PLDI ACM Student Research Competition, and an ISSS Excellence Award. She co-chairs the ECOOP'20 Artifact Evaluation track. She received her Ph.D. from Paderborn University in 2019 and her M.Sc. from EPFL in 2014.
Authored Publications
Sort By
Why Can’t Johnny Fix Vulnerabilities: A Usability Evaluation of Static Analysis Tools for Security
Justin Smith
Emerson Rex Murphy-Hill
Sixteenth Symposium on Usable Privacy and Security (SOUPS) (2020)
Preview abstract
Static analysis tools can help prevent security incidents, but to do so, they must enable developers to resolve the defects they detect. Unfortunately, developers often struggle to interact with the interfaces of these tools, leading to tool abandonment, and consequently the proliferation of preventable vulnerabilities. Simply put, the usability of static analysis tools is crucial. The usable security community has successfully identified and remedied usability issues in end user security applications, like PGP and Tor browsers, by conducting usability evaluations. Inspired by the success of these studies, we conducted a heuristic walkthrough evaluation and user study focused on four security-oriented static analysis tools. Through the lens of these evaluations, we identify several issues that detract from the usability of static analysis tools. The issues we identified range from workflows that do not support developers to interface features that do not scale. We make these findings actionable by outlining how our results can be used to improve the state-of-the-art in static analysis tool interfaces.
View details
Why Do Software Developers Use Static Analysis Tools? A User-Centered Study of Developer Needs and Motivations
James R. Wright
Karim Ali
IEEE Transactions on Software Engineering (TSE) (2020)
Preview abstract
As increasingly complex software is developed every day, a growing number of companies use static analysis tools to reason about program properties ranging from simple coding style rules to more advanced software bugs, to multi-tier security vulnerabilities. While increasingly complex analyses are created, developer support must also be updated to ensure that the tools are used to their best potential. Past research in the usability of static analysis tools has primarily focused on usability issues encountered by software developers, and the causes of those issues in analysis tools. In this article, we adopt a more user-centered approach, and aim at understanding why software developers use analysis tools, which decisions they make when using those tools, what they look for when making those decisions, and the motivation behind their strategies. This approach allows us to derive new tool requirements that closely support software developers (e.g., systems for recommending warnings to fix that take developer knowledge into account), and also open novel avenues for further static-analysis research such as collaborative user interfaces for analysis warnings.
View details