Education

• Ph.D in Computer Science, Washington State University, Present, GPA: 3.92
• M.S. in Computer Science, Washington State University, 2020, GPA: 3.96
• B.S. in Automation, South China University of Technology, 2018

Work experience

• Summer 2020: Software Testing Consultant
  Optimum Semiconductor Technologies Inc., Tarrytown, NY
  • Configured the integrated development environment (IDE) of SandBlaster SB3500 System on a Chip (SoC).
  • Developed test programs and did functional tests of multithreading, pipelining, intrinsic, and RPU on SandBlaster SB3500 Simulator.
  • Tested the compiler, linker, and IDE of SandBlaster SB3500.
  • Reviewed and revised the manual of SandBlaster SB3500.
• Fall 2019: IT Helpdesk Tech Intern
  Intuitive Networks, Inc., Newport Beach, CA
  • Configured Site-to-Site VPN on Cisco Meraki MX68 so that remote employees around the country could connect to the internal network at the headquarters by their Sonicwall TZ300s.
  • Configured more than 50 Sonicwall TZ300s so that they could connect to the internal network at the headquarters correctly.
  • Upgraded firmware on more than 50 Sonicwall TZ300s.
  • Configured LDAP Authentication on more than 50 Sonicwall TZ300s.
• Summer 2019: Front-End Engineer Intern
  Beijing Hantang Technology Stock Co., LTD, Beijing, China
  • Developed a front-end module for remote consulting rooms in a large-scale digital cooperation platform for more than 100 hospitals based on HTML, CSS, Javascript and jQuery.
  • Based on the layout from the UI designer, developed web pages for browsing and editing lists of available remote consulting rooms; Switching video sources in meetings; Editing, browsing, and searching consulting reports; Managing consulting schedules for doctors and patients.
  • Used JSON to contact the back-end server based on JSP.

Publications

• VulGen: Realistic Vulnerable Sample Generation via Pattern Mining and Deep Learning
  Yu Nong, Yuzhe Ou, Michael Pradel, Feng Chen, and Haipeng Cai. IEEE/ACM International Conference on Software Engineering (ICSE), 2023. We present VulGen, the first injection-based vulnerability-generation technique that is not limited to a particular class of vulnerabilities. It combines the strengths of deterministic (pattern-based) and probabilistic (deep-learning/DL-based) program transformation approaches while mutually overcoming respective weaknesses.

• Open Science in Software Engineering: A Study on Deep Learning-Based Vulnerability Detection
  Yu Nong, Rainy Sharma, Abdelwahab Hamou-Lhadj, Xiapu Luo, Haipeng Cai. IEEE Transactions on Software Engineering 2022.
  An empirical study that exhaustively searches the literature in the area of deep learning-based vulnerability detection and comprehensively investigates the four integral aspects of open science: availability, executability, reproducibility, and replicability.

• Generating Realistic Vulnerabilities via Neural Code Editing: An Empirical Study
  Yu Nong, Yuzhe Ou, Michael Pradel, Feng Chen, Haipeng Cai. ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), 2022
  A study that explores the feasibility of vulnerability injection through neural code editing. With a synthetic dataset and a real-world one, we investigate the potential and gaps of three state-of-the-art neural code editors for vulnerability injection.

• Evaluating and comparing memory error vulnerability detectors
  Yu Nong, Haipeng Cai, Pengfei Ye, Li Li, Feng Chen. Information and Software Technology, 137, 106614. 2021
  An empirical study that evaluates and compares state-of-the-art memory error vulnerability detectors against publicly available benchmark datasets of C/C++ programs, with case studies to gain in-depth explanations of successes and failures of individual tools.

• A Preliminary Study on Open-Source Memory Vulnerability Detectors
  Yu Nong, Haipeng Cai. IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER) (pp. 557-561). 2020
  Preliminary results of a study on memory vulnerability detectors based on (static and/or dynamic) program analysis, against a public suite of 520 C/C++ programs as benchmarks which cover 14 different vulnerability categories.

Teaching Experience

• Graduate Teaching Assistant
  • CptS 322 Software Engineering Principles I
    • Spring 2021
    • Fall 2020
  • CptS 422 Software Engineering Principles II
    • Fall 2020

Skills

• Programming Languages
  • C, C++, Python, Java, C#, JavaScript, SQL, HTML, CSS
• Technologies:
  • System Programming, Pattern Matching, Machine Learning, Computer Network, PyTorch, Anaconda, NodeJS, Docker, Linux, Git, MATLAB, OpenCV