2023

• Automatic extraction of security-rich dataflow diagrams for microservice applications written in Java
  Schneider, Simon; Scandariato, Riccardo
  Journal of Systems and Software 202: 111722 (2023-08)
  Publisher DOI
• Simple stupid insecure practices and GitHub's code search: A looming threat?
  Go, Ken Russel; Soundarapandian, Sruthi; Mitra, Aparupa; Vidoni, Melina; Díaz Ferreyra, Nicolás
  Journal of Systems and Software 202: 111698 (2023-08)
  Publisher DOI
• Developers Need Protection, Too: Perspectives and Research Challenges for Privacy in Social Coding Platforms
  Díaz Ferreyra, Nicolás; Imine, Abdessamad; Vidoni, Melina; Scandariato, Riccardo
  16th IEEE/ACM International Conference on Cooperative and Human Aspects of Software Engineering (CHASE 2023)
  Publisher DOI
• Regret, Delete, (Do Not) Repeat: An Analysis of Self-Cleaning Practices on Twitter After the Outbreak of the COVID-19 Pandemic
  Díaz Ferreyra, Nicolás; Shahi, Gautam Kishore; Tony, Catherine; Stieglitz, Stefan; Scandariato, Riccardo
  Conference on Human Factors in Computing Systems - Proceedings: 246 1-7 (2023-03-19)
  Publisher DOI
• CASCADE: An Asset-driven Approach to Build Security Assurance Cases for Automotive Systems
  Mohamad, Mazen; Jolak, Rodi; Askerdal, Örjan; Steghöfer, Jan-Philipp; Scandariato, Riccardo
  ACM Transactions on Cyber-Physical Systems 7 (1): 3 (2023-02-20)
  Publisher DOI
• Microservice Security Metrics for Secure Communication, Identity Management, and Observability
  Zdun, Uwe; Queval, Pierre-Jean; Simhandl, Georg; Scandariato, Riccardo; Chakravarty, Somik; Jelić, Marjan; Jovanovic, Aleksandar
  ACM Transactions on Software Engineering and Methodology 32 (1): 3532183 (2023-02-13)
  Publisher DOI
• Detection strategies for microservice security tactics
  Zdun, Uwe; Queval, Pierre-Jean; Simhandl, Georg; Scandariato, Riccardo; Chakravarty, Somik; Jelić, Marjan; Jovanovic, Aleksandar
  IEEE Transactions on Dependable and Secure Computing (in Press) : (2023)
  Publisher DOI
• LLMSecEval: a dataset of natural language prompts for security evaluations
  Tony, Catherine; Mutas, Markus; Ferreyra, Nicolas E. Diaz; Scandariato, Riccardo
  Proceedings - 2023 IEEE/ACM 20th International Conference on Mining Software Repositories, MSR 2023
  Publisher DOI
• microSecEnD: A dataset of security-enriched dataflow diagrams for microservice applications
  Schneider, Simon; Ozen, Tufan; Chen, Michael; Scandariato, Riccardo
  Proceedings - 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR 2023)
  Publisher DOI

2022

• GitHub Considered Harmful? Analyzing Open-Source Projects for the Automatic Generation of Cryptographic API Call Sequences
  Tony, Catherine; Díaz Ferreyra, Nicolás; Scandariato, Riccardo
  22nd IEEE International Conference on Software Quality, Reliability and Security (QRS 2022)
  Publisher DOI
• Identifying security-related requirements in regulatory documents based on cross-project classification
  Mohamad, Mazen; Steghöfer, Jan-Philipp; Åström, Alexander; Scandariato, Riccardo
  18th ACM International Conference on Predictive Models and Data Analytics in Software Engineering (PROMISE 2022)
  Publisher DOI
• ENAGRAM : an app to evaluate preventative nudges for Instagram
  Díaz Ferreyra, Nicolás; Ostendorf, Sina; Äimeur, Esma; Heisel, Maritta; Brand, Matthias
  2nd European Symposium on Usable Security (EuroUSEC 2022)
  Publisher DOI
• Precise Analysis of Purpose Limitation in Data Flow Diagrams
  Alshareef, Hanaa; Tuma, Katja; Stucki, Sandro; Schneider, Gerardo; Scandariato, Riccardo
  17th International Conference on Availability, Reliability and Security (ARES 2022)
  Publisher DOI
• RIPOSTE: A Collaborative Cyber Attack Response Framework for Automotive Systems
  Jolak, Rodi; Rosenstatter, Thomas; Aldaghistani, Saif; Scandariato, Riccardo
  48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA 2022)
  Publisher DOI
• STRIPED: A Threat Analysis Method for IoT Systems
  Srikumar, Kamakshi; Kashish, Komal; Eggers, Kolja; Díaz Ferreyra, Nicolás; Koch, Julian; Schüppstuhl, Thorsten; Scandariato, Riccardo
  17th International Conference on Availability, Reliability and Security (ARES 2022)
  Publisher DOI
• SoK: Security of Microservice Applications: A Practitioners' Perspective on Challenges and Best Practices
  Billawa, Priyanka; Bambhore Tukaram, Anusha; Díaz Ferreyra, Nicolás; Steghöfer, Jan-Philipp; Scandariato, Riccardo; Simhandl, Georg
  17th International Conference on Availability, Reliability and Security (ARES 2022)
  Publisher DOI
• Towards a Security Benchmark for the Architectural Design of Microservice Applications
  Bambhore Tukaram, Anusha; Schneider, Simon; Díaz Ferreyra, Nicolás; Simhandl, Georg; Zdun, Uwe; Scandariato, Riccardo
  17th International Conference on Availability, Reliability and Security (ARES 2022)
  Publisher DOI
• Maestro: A platform for benchmarking automatic program repair tools on software vulnerabilities
  Pinconschi, Eduard; Bui, Quang Cuong; Abreu, Rui; Adão, Pedro; Scandariato, Riccardo
  31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2022)
  Publisher DOI
• Conversational DevBots for Secure Programming: An Empirical Study on SKF Chatbot
  Tony, Catherine; Balasubramanian, Mohana; Díaz Ferreyra, Nicolás; Scandariato, Riccardo
  26th ACM International Conference on Evaluation and Assessment in Software Engineering (EASE 2022)
  Publisher DOI
• Community detection for access-control decisions : analysing the role of homophily and information diffusion in online social networks
  Díaz Ferreyra, Nicolás; Hecking, Tobias; Äimeur, Esma; Heisel, Maritta; Hoppe, Heinz Ulrich
  Online Social Networks and Media 29: 100203 (2022-05)
  Open Access | Publisher DOI
• Vul4J: A Dataset of Reproducible Java Vulnerabilities Geared Towards the Study of Program Repair Techniques
  Bui, Quang Cuong; Scandariato, Riccardo; Díaz Ferreyra, Nicolás
  Mining Software Repositories Conference (MSR 2022)
  Publisher DOI
• CONSERVE: A framework for the selection of techniques for monitoring containers security
  Jolak, Rodi; Rosenstatter, Thomas; Mohamad, Mazen; Strandberg, Kim; Sangchoolie, Behrooz; Nowdehi, Nasser; Scandariato, Riccardo
  Journal of Systems and Software 186: 111158 (2022-04)
  Open Access | Publisher DOI
• Checking security compliance between models and code
  Tuma, Katja; Peldszus, Sven; Strüber, Daniel; Scandariato, Riccardo; Jürjens, Jan
  Software and Systems Modeling 22 (1): 273-296 (2023-02)
  Open Access | Publisher DOI

2021

• Finding security threats that matter: Two industrial case studies
  Tuma, Katja; Sandberg, Christian; Thorsson, Urban; Widman, Mathias; Herpel, Thomas; Scandariato, Riccardo
  Journal of Systems and Software 179: 111003 (2021-09)
  Publisher DOI
• Asset-driven Security Assurance Cases with Built-in Quality Assurance
  Mohamad, Mazen; Askerdal, Örjan; Jolak, Rodi; Steghöfer, Jan-Philipp; Scandariato, Riccardo
  IEEE/ACM 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS 2021)
  Publisher DOI
• Security assurance cases - state of the art of an emerging approach
  Mohamad, Mazen; Steghöfer, Jan-Philipp; Scandariato, Riccardo
  Empirical Software Engineering 26 (4): 70 (2021-07-01)
  Open Access | Publisher DOI
• Secure Software Development in the Era of Fluid Multi-party Open Software and Services
  Pashchenko, Ivan; Scandariato, Riccardo; Sabetta, Antonino; Massacci, Fabio
  ACM/IEEE International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER 2021)
  Publisher DOI