Publications
2024
-
On the understandability of design-level security practices in infrastructure-as-code scripts and deployment architectures
Ntentos, Evangelos; Hörner, Nicole; Simhandl, Georg; Zdun, Uwe; Schneider, Simon Malte; Scandariato, Riccardo; Díaz Ferreyra, Nicolás
ACM Transactions on Software Engineering and Methodology 34 (1): 6 (2024)
Open Access
|
Publisher DOI
-
MADE-WIC: Multiple Annotated Datasets for Exploring Weaknesses In Code
Mock, Moritz; Melegati, Jorge; Kretschmann, Max; Díaz Ferreyra, Nicolás; Russo, Barbara
39th ACM/IEEE International Conference on Automated Software Engineering, ASE 2024
Open Access
|
Publisher DOI
-
Designing secure AI-based systems: a multi-vocal literature review
Schneider, Simon Malte; Saha, Ananya; Mezzi, Emanuele; Tuma, Katja; Scandariato, Riccardo
IEEE Secure Development Conference, SecDev 2024
Publisher DOI
-
Managing security evidence in safety-critical organizations
Mohamad, Mazen; Steghöfer, Jan-Philipp; Knauss, Eric; Scandariato, Riccardo
Journal of Systems and Software 214: 112082 (2024)
Open Access
|
Publisher DOI
-
Detection strategies for microservice security tactics
Zdun, Uwe; Queval, Pierre-Jean; Simhandl, Georg; Scandariato, Riccardo; Chakravarty, Somik; Jelić, Marjan; Jovanovic, Aleksandar
IEEE Transactions on Dependable and Secure Computing 21 (3): 1257-1273 (2024)
Open Access
|
Publisher DOI
-
APR4Vul: an empirical study of automatic program repair techniques on real-world Java vulnerabilities
Bui, Quang Cuong; Paramitha, Ranindya; Vu, Duc-Ly; Massacci, Fabio; Scandariato, Riccardo
Empirical Software Engineering 29 (1): 18 (2024)
Open Access
|
Publisher DOI
-
CATMA: Conformance Analysis Tool for Microservice Applications
Cao, Clinton; Schneider, Simon; Díaz Ferreyra, Nicolás; Verwer, Sicco; Panichella, Annibale; Scandariato, Riccardo
2024 IEEE/ACM 46th International Conference on Software Engineering, ICSE 2024
Open Access
|
Publisher DOI
-
How dataflow diagrams impact software security analysis : an empirical experiment
Schneider, Simon Malte; Díaz Ferreyra, Nicolás; Queval, Pierre-Jean; Simhandl, Georg; Zdun, Uwe; Scandariato, Riccardo
31st IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2024
Publisher DOI
-
What can self-admitted technical debt tell us about security? A mixed-methods study
Díaz Ferreyra, Nicolás; Shahin, Mojtaba; Zahedi, Mansooreh; Quadri, Sodiq; Scandariato, Riccardo
IEEE/ACM 21st International Conference on Mining Software Repositories, MSR 2024
Publisher DOI
2023
-
Cybersecurity discussions in Stack Overflow: a developer-centred analysis of engagement and self-disclosure behaviour
Díaz Ferreyra, Nicolás; Vidoni, Melina; Heisel, Maritta; Scandariato, Riccardo
Social Network Analysis and Mining 14 (1): 16 (2024)
Open Access
|
Publisher DOI
-
DockerCleaner: Automatic repair of security smells in dockerfiles
Bui, Quang Cuong; Laukotter, Malte; Scandariato, Riccardo
39th IEEE International Conference on Software Maintenance and Evolution (ICSME 2023)
Publisher DOI
-
Automatic extraction of security-rich dataflow diagrams for microservice applications written in Java
Schneider, Simon; Scandariato, Riccardo
Journal of Systems and Software 202: 111722 (2023-08)
Publisher DOI
-
Simple stupid insecure practices and GitHub's code search: A looming threat?
Go, Ken Russel; Soundarapandian, Sruthi; Mitra, Aparupa; Vidoni, Melina; Díaz Ferreyra, Nicolás
Journal of Systems and Software 202: 111698 (2023-08)
Publisher DOI
-
Developers Need Protection, Too: Perspectives and Research Challenges for Privacy in Social Coding Platforms
Díaz Ferreyra, Nicolás; Imine, Abdessamad; Vidoni, Melina; Scandariato, Riccardo
16th IEEE/ACM International Conference on Cooperative and Human Aspects of Software Engineering (CHASE 2023)
Publisher DOI
-
Regret, Delete, (Do Not) Repeat: An Analysis of Self-Cleaning Practices on Twitter After the Outbreak of the COVID-19 Pandemic
Díaz Ferreyra, Nicolás; Shahi, Gautam Kishore; Tony, Catherine; Stieglitz, Stefan; Scandariato, Riccardo
Conference on Human Factors in Computing Systems (CHI 2023)
Open Access
|
Publisher DOI
-
CASCADE: An Asset-driven Approach to Build Security Assurance Cases for Automotive Systems
Mohamad, Mazen; Jolak, Rodi; Askerdal, Örjan; Steghöfer, Jan-Philipp; Scandariato, Riccardo
ACM Transactions on Cyber-Physical Systems 7 (1): 3 (2023-02-20)
Publisher DOI
-
Microservice Security Metrics for Secure Communication, Identity Management, and Observability
Zdun, Uwe; Queval, Pierre-Jean; Simhandl, Georg; Scandariato, Riccardo; Chakravarty, Somik; Jelić, Marjan; Jovanovic, Aleksandar
ACM Transactions on Software Engineering and Methodology 32 (1): 3532183 (2023-02-13)
Publisher DOI
-
Checking security compliance between models and code
Tuma, Katja; Peldszus, Sven; Strüber, Daniel; Scandariato, Riccardo; Jürjens, Jan
Software and Systems Modeling 22 (1): 273-296 (2023-02)
Open Access
|
Publisher DOI
-
LLMSecEval: a dataset of natural language prompts for security evaluations
Tony, Catherine; Mutas, Markus; Ferreyra, Nicolas E. Diaz; Scandariato, Riccardo
20th IEEE/ACM International Conference on Mining Software Repositories (MSR 2023)
Publisher DOI
-
microSecEnD: A dataset of security-enriched dataflow diagrams for microservice applications
Schneider, Simon; Ozen, Tufan; Chen, Michael; Scandariato, Riccardo
20th IEEE/ACM International Conference on Mining Software Repositories (MSR 2023)
Publisher DOI
2022
-
GitHub Considered Harmful? Analyzing Open-Source Projects for the Automatic Generation of Cryptographic API Call Sequences
Tony, Catherine; Díaz Ferreyra, Nicolás; Scandariato, Riccardo
22nd IEEE International Conference on Software Quality, Reliability and Security (QRS 2022)
Publisher DOI
-
Identifying security-related requirements in regulatory documents based on cross-project classification
Mohamad, Mazen; Steghöfer, Jan-Philipp; Åström, Alexander; Scandariato, Riccardo
18th ACM International Conference on Predictive Models and Data Analytics in Software Engineering (PROMISE 2022)
Publisher DOI
-
ENAGRAM : an app to evaluate preventative nudges for Instagram
Díaz Ferreyra, Nicolás; Ostendorf, Sina; Äimeur, Esma; Heisel, Maritta; Brand, Matthias
2nd European Symposium on Usable Security (EuroUSEC 2022)
Publisher DOI
-
Precise Analysis of Purpose Limitation in Data Flow Diagrams
Alshareef, Hanaa; Tuma, Katja; Stucki, Sandro; Schneider, Gerardo; Scandariato, Riccardo
17th International Conference on Availability, Reliability and Security (ARES 2022)
Publisher DOI
-
RIPOSTE: A Collaborative Cyber Attack Response Framework for Automotive Systems
Jolak, Rodi; Rosenstatter, Thomas; Aldaghistani, Saif; Scandariato, Riccardo
48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA 2022)
Publisher DOI
-
STRIPED: A Threat Analysis Method for IoT Systems
Srikumar, Kamakshi; Kashish, Komal; Eggers, Kolja; Díaz Ferreyra, Nicolás; Koch, Julian; Schüppstuhl, Thorsten; Scandariato, Riccardo
17th International Conference on Availability, Reliability and Security (ARES 2022)
Publisher DOI
-
SoK: Security of Microservice Applications: A Practitioners' Perspective on Challenges and Best Practices
Billawa, Priyanka; Bambhore Tukaram, Anusha; Díaz Ferreyra, Nicolás; Steghöfer, Jan-Philipp; Scandariato, Riccardo; Simhandl, Georg
17th International Conference on Availability, Reliability and Security (ARES 2022)
Publisher DOI
-
Towards a Security Benchmark for the Architectural Design of Microservice Applications
Bambhore Tukaram, Anusha; Schneider, Simon; Díaz Ferreyra, Nicolás; Simhandl, Georg; Zdun, Uwe; Scandariato, Riccardo
17th International Conference on Availability, Reliability and Security (ARES 2022)
Publisher DOI
-
Maestro: A platform for benchmarking automatic program repair tools on software vulnerabilities
Pinconschi, Eduard; Bui, Quang Cuong; Abreu, Rui; Adão, Pedro; Scandariato, Riccardo
31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2022)
Publisher DOI
-
Conversational DevBots for Secure Programming: An Empirical Study on SKF Chatbot
Tony, Catherine; Balasubramanian, Mohana; Díaz Ferreyra, Nicolás; Scandariato, Riccardo
26th ACM International Conference on Evaluation and Assessment in Software Engineering (EASE 2022)
Publisher DOI
-
Community detection for access-control decisions : analysing the role of homophily and information diffusion in online social networks
Díaz Ferreyra, Nicolás; Hecking, Tobias; Äimeur, Esma; Heisel, Maritta; Hoppe, Heinz Ulrich
Online Social Networks and Media 29: 100203 (2022-05)
Open Access
|
Publisher DOI
-
Vul4J: A Dataset of Reproducible Java Vulnerabilities Geared Towards the Study of Program Repair Techniques
Bui, Quang Cuong; Scandariato, Riccardo; Díaz Ferreyra, Nicolás
Mining Software Repositories Conference (MSR 2022)
Publisher DOI
-
CONSERVE: A framework for the selection of techniques for monitoring containers security
Jolak, Rodi; Rosenstatter, Thomas; Mohamad, Mazen; Strandberg, Kim; Sangchoolie, Behrooz; Nowdehi, Nasser; Scandariato, Riccardo
Journal of Systems and Software 186: 111158 (2022-04)
Open Access
|
Publisher DOI
2021
-
Finding security threats that matter: Two industrial case studies
Tuma, Katja; Sandberg, Christian; Thorsson, Urban; Widman, Mathias; Herpel, Thomas; Scandariato, Riccardo
Journal of Systems and Software 179: 111003 (2021-09)
Publisher DOI
-
Asset-driven Security Assurance Cases with Built-in Quality Assurance
Mohamad, Mazen; Askerdal, Örjan; Jolak, Rodi; Steghöfer, Jan-Philipp; Scandariato, Riccardo
IEEE/ACM 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS 2021)
Publisher DOI
-
Security assurance cases - state of the art of an emerging approach
Mohamad, Mazen; Steghöfer, Jan-Philipp; Scandariato, Riccardo
Empirical Software Engineering 26 (4): 70 (2021-07-01)
Open Access
|
Publisher DOI
-
Secure Software Development in the Era of Fluid Multi-party Open Software and Services
Pashchenko, Ivan; Scandariato, Riccardo; Sabetta, Antonino; Massacci, Fabio
ACM/IEEE International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER 2021)
Publisher DOI
