I will be teaching COMS E6156 Topics in Software Engineering in Spring 2018, offered TuTh 1:10-2:25pm (currently assigned to 545 MUD). 

Prerequisites: 4156 or equivalent software development experience. This course is a 6k track elective for the MS Software Systems track. For students who choose a security/privacy focus, the course may be acceptable as a 6k track elective for the MS Computer Security track; contact Prof. Steve Bellovin for further information (smb@cs.columbia.edu). 6156 is acceptable as a general elective for all other CS/CE undergraduate and MS tracks.  Data Science, CS/Journalism, EE, IEOR, etc. students with sufficient software development background are also welcome.

In 4156, students "do" software engineering using best practices, tools, techniques, etc. In 6156, students "study" software engineering, and how to improve practices, tools and techniques. 6156 is oriented towards aspiring technology leaders or researchers who are highly self-motivated to pursue their *own topic of study* within software engineering. Suitable topics include: software developer productivity issues like program understanding, code search, test suite generation, and automatic bug reproduction, localization and repair; software product issues like quality, reliability, sustainability, security vulnerability prevention/detection and privacy guarantees; and advanced software engineering techniques like metamorphic and differential testing, static and dynamic program analysis, multi-version and symbolic execution, and "big code" data mining. Applying natural languages processing and/or machine learning techniques to software engineering problems, or vice versa, would fit.

Every student will produce a midterm paper and a final project on their chosen topic (it is ok to change topics between the paper and the project). Individual-author midterm papers might evaluate the state of the art (software engineering and software security research literature) and/or state of the practice (real-world software engineering and software security tools and technologies). Individual or team final projects might build something new, extend an existing technology, and/or evaluate alternatives among a strongly related set of existing technologies.  Both midterm papers and final projects should include qualitative/quantitative empirical experiments and/or user/developer surveys/studies. Every student will make at least two presentations to the class, one about a paper from the literature and the other about their own midterm paper and/or final project.  

There is no textbook.  All assigned readings will be from sources that are public on the web, posted on canvas, or available via Columbia's digital library access.  There are no exams.  Class attendance is required.

Please send any email inquiries to kaiser+6156@cs.columbia.edu.

Initial reading list (will be expanded to try to match topics chosen by students):

How to Read an Engineering Research Paper, https://cseweb.ucsd.edu/~wgg/CSE210/howtoread.html

A Few Billion Lines of Code Later, https://dl-acm-org.ezproxy.cul.columbia.edu/citation.cfm?id=1646374

Principled design of the modern Web architecture, https://dl-acm-org.ezproxy.cul.columbia.edu/citation.cfm?id=337228

Yesterday, my program worked. Today, it does not. Why?, https://dl-acm-org.ezproxy.cul.columbia.edu/citation.cfm?doid=318773.318946

DeepXplore: Automated Whitebox Testing of Deep Learning Systems, https://dl-acm-org.ezproxy.cul.columbia.edu/citation.cfm?id=3132785

DeepTest: Automated Testing of Deep-Neural-Network-driven Autonomous Cars, https://arxiv.org/abs/1708.08559

On the "naturalness" of buggy code, https://dl-acm-org.ezproxy.cul.columbia.edu/citation.cfm?id=2884848

Statistical Deobfuscation of Android Applications, https://dl-acm-org.ezproxy.cul.columbia.edu/citation.cfm?id=2978422

Doppio: breaking the browser language barrier, https://dl-acm-org.ezproxy.cul.columbia.edu/citation.cfm?id=2594293

SurroundWeb: Mitigating Privacy Concerns in a 3D Web Browser, http://ieeexplore.ieee.org.ezproxy.cul.columbia.edu/document/7163040/

Identifying Open-Source License Violation and 1-day Security Risk at Large Scale, https://dl-acm-org.ezproxy.cul.columbia.edu/citation.cfm?id=3134048

NEZHA: Efficient Domain-Independent Differential Testing, http://ieeexplore.ieee.org.ezproxy.cul.columbia.edu/document/7958601/

Under-Constrained Symbolic Execution: Correctness Checking for Real Code, https://www.usenix.org/node/190952