2024

• Cybersecurity discussions in Stack Overflow: a developer-centred analysis of engagement and self-disclosure behaviour
  Díaz Ferreyra, Nicolás; Vidoni, Melina; Heisel, Maritta; Scandariato, Riccardo
  Social Network Analysis and Mining 14 (1): 16 (2023-12)
  Open Access | Publisher DOI
• Designing secure AI-based systems: a multi-vocal literature review
  Schneider, Simon Malte; Saha, Ananya; Mezzi, Emanuele; Tuma, Katja; Scandariato, Riccardo
  Proceedings - 2024 IEEE Secure Development Conference, SecDev 2024: 13-19
  Publisher DOI
• Managing security evidence in safety-critical organizations
  Mohamad, Mazen; Steghöfer, Jan-Philipp; Knauss, Eric; Scandariato, Riccardo
  Journal of Systems and Software 214: 112082 (2024-08-01)
  Open Access | Publisher DOI
• Detection strategies for microservice security tactics
  Zdun, Uwe; Queval, Pierre-Jean; Simhandl, Georg; Scandariato, Riccardo; Chakravarty, Somik; Jelić, Marjan; Jovanovic, Aleksandar
  IEEE Transactions on Dependable and Secure Computing 21 (3): 1257-1273 (2024-05-01)
  Publisher DOI
• APR4Vul: an empirical study of automatic program repair techniques on real-world Java vulnerabilities
  Bui, Quang Cuong; Paramitha, Ranindya; Vu, Duc-Ly; Massacci, Fabio; Scandariato, Riccardo
  Empirical Software Engineering 29 (1): 18 (2024-02)
  Open Access | Publisher DOI
• CATMA: Conformance Analysis Tool for Microservice Applications
  Cao, Clinton; Schneider, Simon; Díaz Ferreyra, Nicolás; Verwer, Sicco; Panichella, Annibale; Scandariato, Riccardo
  Proceedings - International Conference on Software Engineering. - Seite 59-63 (2024)
  Open Access | Publisher DOI
• How dataflow diagrams impact software security analysis : an empirical experiment
  Schneider, Simon Malte; Díaz Ferreyra, Nicolás; Queval, Pierre-Jean; Simhandl, Georg; Zdun, Uwe; Scandariato, Riccardo
  31st IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2024)
  Publisher DOI
• What can self-admitted technical debt tell us about security? A mixed-methods study
  Díaz Ferreyra, Nicolás; Shahin, Mojtaba; Zahedi, Mansooreh; Quadri, Sodiq; Scandariato, Riccardo
  Proceedings - 2024 IEEE/ACM 21st International Conference on Mining Software Repositories (MSR 2024)
  Publisher DOI

2023

• DockerCleaner: Automatic repair of security smells in dockerfiles
  Bui, Quang Cuong; Laukotter, Malte; Scandariato, Riccardo
  39th IEEE International Conference on Software Maintenance and Evolution (ICSME 2023)
  Publisher DOI
• Automatic extraction of security-rich dataflow diagrams for microservice applications written in Java
  Schneider, Simon; Scandariato, Riccardo
  Journal of Systems and Software 202: 111722 (2023-08)
  Publisher DOI
• Simple stupid insecure practices and GitHub's code search: A looming threat?
  Go, Ken Russel; Soundarapandian, Sruthi; Mitra, Aparupa; Vidoni, Melina; Díaz Ferreyra, Nicolás
  Journal of Systems and Software 202: 111698 (2023-08)
  Publisher DOI
• Developers Need Protection, Too: Perspectives and Research Challenges for Privacy in Social Coding Platforms
  Díaz Ferreyra, Nicolás; Imine, Abdessamad; Vidoni, Melina; Scandariato, Riccardo
  16th IEEE/ACM International Conference on Cooperative and Human Aspects of Software Engineering (CHASE 2023)
  Publisher DOI
• Regret, Delete, (Do Not) Repeat: An Analysis of Self-Cleaning Practices on Twitter After the Outbreak of the COVID-19 Pandemic
  Díaz Ferreyra, Nicolás; Shahi, Gautam Kishore; Tony, Catherine; Stieglitz, Stefan; Scandariato, Riccardo
  Conference on Human Factors in Computing Systems (CHI 2023)
  Open Access | Publisher DOI
• CASCADE: An Asset-driven Approach to Build Security Assurance Cases for Automotive Systems
  Mohamad, Mazen; Jolak, Rodi; Askerdal, Örjan; Steghöfer, Jan-Philipp; Scandariato, Riccardo
  ACM Transactions on Cyber-Physical Systems 7 (1): 3 (2023-02-20)
  Publisher DOI
• Microservice Security Metrics for Secure Communication, Identity Management, and Observability
  Zdun, Uwe; Queval, Pierre-Jean; Simhandl, Georg; Scandariato, Riccardo; Chakravarty, Somik; Jelić, Marjan; Jovanovic, Aleksandar
  ACM Transactions on Software Engineering and Methodology 32 (1): 3532183 (2023-02-13)
  Publisher DOI
• Checking security compliance between models and code
  Tuma, Katja; Peldszus, Sven; Strüber, Daniel; Scandariato, Riccardo; Jürjens, Jan
  Software and Systems Modeling 22 (1): 273-296 (2023-02)
  Open Access | Publisher DOI
• LLMSecEval: a dataset of natural language prompts for security evaluations
  Tony, Catherine; Mutas, Markus; Ferreyra, Nicolas E. Diaz; Scandariato, Riccardo
  20th IEEE/ACM International Conference on Mining Software Repositories (MSR 2023)
  Publisher DOI
• microSecEnD: A dataset of security-enriched dataflow diagrams for microservice applications
  Schneider, Simon; Ozen, Tufan; Chen, Michael; Scandariato, Riccardo
  20th IEEE/ACM International Conference on Mining Software Repositories (MSR 2023)
  Publisher DOI

2022

• GitHub Considered Harmful? Analyzing Open-Source Projects for the Automatic Generation of Cryptographic API Call Sequences
  Tony, Catherine; Díaz Ferreyra, Nicolás; Scandariato, Riccardo
  22nd IEEE International Conference on Software Quality, Reliability and Security (QRS 2022)
  Publisher DOI
• Identifying security-related requirements in regulatory documents based on cross-project classification
  Mohamad, Mazen; Steghöfer, Jan-Philipp; Åström, Alexander; Scandariato, Riccardo
  18th ACM International Conference on Predictive Models and Data Analytics in Software Engineering (PROMISE 2022)
  Publisher DOI
• ENAGRAM : an app to evaluate preventative nudges for Instagram
  Díaz Ferreyra, Nicolás; Ostendorf, Sina; Äimeur, Esma; Heisel, Maritta; Brand, Matthias
  2nd European Symposium on Usable Security (EuroUSEC 2022)
  Publisher DOI
• Precise Analysis of Purpose Limitation in Data Flow Diagrams
  Alshareef, Hanaa; Tuma, Katja; Stucki, Sandro; Schneider, Gerardo; Scandariato, Riccardo
  17th International Conference on Availability, Reliability and Security (ARES 2022)
  Publisher DOI
• RIPOSTE: A Collaborative Cyber Attack Response Framework for Automotive Systems
  Jolak, Rodi; Rosenstatter, Thomas; Aldaghistani, Saif; Scandariato, Riccardo
  48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA 2022)
  Publisher DOI
• STRIPED: A Threat Analysis Method for IoT Systems
  Srikumar, Kamakshi; Kashish, Komal; Eggers, Kolja; Díaz Ferreyra, Nicolás; Koch, Julian; Schüppstuhl, Thorsten; Scandariato, Riccardo
  17th International Conference on Availability, Reliability and Security (ARES 2022)
  Publisher DOI
• SoK: Security of Microservice Applications: A Practitioners' Perspective on Challenges and Best Practices
  Billawa, Priyanka; Bambhore Tukaram, Anusha; Díaz Ferreyra, Nicolás; Steghöfer, Jan-Philipp; Scandariato, Riccardo; Simhandl, Georg
  17th International Conference on Availability, Reliability and Security (ARES 2022)
  Publisher DOI
• Towards a Security Benchmark for the Architectural Design of Microservice Applications
  Bambhore Tukaram, Anusha; Schneider, Simon; Díaz Ferreyra, Nicolás; Simhandl, Georg; Zdun, Uwe; Scandariato, Riccardo
  17th International Conference on Availability, Reliability and Security (ARES 2022)
  Publisher DOI
• Maestro: A platform for benchmarking automatic program repair tools on software vulnerabilities
  Pinconschi, Eduard; Bui, Quang Cuong; Abreu, Rui; Adão, Pedro; Scandariato, Riccardo
  31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2022)
  Publisher DOI
• Conversational DevBots for Secure Programming: An Empirical Study on SKF Chatbot
  Tony, Catherine; Balasubramanian, Mohana; Díaz Ferreyra, Nicolás; Scandariato, Riccardo
  26th ACM International Conference on Evaluation and Assessment in Software Engineering (EASE 2022)
  Publisher DOI
• Community detection for access-control decisions : analysing the role of homophily and information diffusion in online social networks
  Díaz Ferreyra, Nicolás; Hecking, Tobias; Äimeur, Esma; Heisel, Maritta; Hoppe, Heinz Ulrich
  Online Social Networks and Media 29: 100203 (2022-05)
  Open Access | Publisher DOI
• Vul4J: A Dataset of Reproducible Java Vulnerabilities Geared Towards the Study of Program Repair Techniques
  Bui, Quang Cuong; Scandariato, Riccardo; Díaz Ferreyra, Nicolás
  Mining Software Repositories Conference (MSR 2022)
  Publisher DOI
• CONSERVE: A framework for the selection of techniques for monitoring containers security
  Jolak, Rodi; Rosenstatter, Thomas; Mohamad, Mazen; Strandberg, Kim; Sangchoolie, Behrooz; Nowdehi, Nasser; Scandariato, Riccardo
  Journal of Systems and Software 186: 111158 (2022-04)
  Open Access | Publisher DOI

2021

• Finding security threats that matter: Two industrial case studies
  Tuma, Katja; Sandberg, Christian; Thorsson, Urban; Widman, Mathias; Herpel, Thomas; Scandariato, Riccardo
  Journal of Systems and Software 179: 111003 (2021-09)
  Publisher DOI
• Asset-driven Security Assurance Cases with Built-in Quality Assurance
  Mohamad, Mazen; Askerdal, Örjan; Jolak, Rodi; Steghöfer, Jan-Philipp; Scandariato, Riccardo
  IEEE/ACM 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS 2021)
  Publisher DOI
• Security assurance cases - state of the art of an emerging approach
  Mohamad, Mazen; Steghöfer, Jan-Philipp; Scandariato, Riccardo
  Empirical Software Engineering 26 (4): 70 (2021-07-01)
  Open Access | Publisher DOI
• Secure Software Development in the Era of Fluid Multi-party Open Software and Services
  Pashchenko, Ivan; Scandariato, Riccardo; Sabetta, Antonino; Massacci, Fabio
  ACM/IEEE International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER 2021)
  Publisher DOI