English
Related papers

Related papers: Finding Security Threats That Matter: An Industria…

200 papers

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security,…

Cryptography and Security · Computer Science 2017-07-10 Sabarathinam Chockalingam , Dina Hadziosmanovic , Wolter Pieters , Andre Teixeira , Pieter van Gelder

Software supply chain attacks have increased exponentially since 2020. The primary attack vectors for supply chain attacks are through: (1) software components; (2) the build infrastructure; and (3) humans (a.k.a software practitioners).…

Cryptography and Security · Computer Science 2025-09-11 Laurie Williams , Sammy Migues

Cybersecurity threat and risk analysis (RA) approaches are used to identify and mitigate security risks early-on in the software development life-cycle. Existing approaches automate only parts of the analysis procedure, leaving key…

Software Engineering · Computer Science 2022-08-04 Katja Tuma , Romy Van Der Lee

Systems engineering approaches use high-level models to capture the architecture and behavior of the system. However, when safety engineers conduct safety and reliability analysis, they have to create formal models, such as fault-trees,…

Software Engineering · Computer Science 2020-04-29 Simon József Nagy , Bence Graics , Kristóf Marussy , András Vörös

The openness of modern IT systems and their permanent change make it challenging to keep these systems secure. A combination of regression and security testing called security regression testing, which ensures that changes made to a system…

Cryptography and Security · Computer Science 2023-09-19 Irdin Pekaric , Clemens Sauerwein , Michael Felderer

Models of software systems are used throughout the software development lifecycle. Dataflow diagrams (DFDs), in particular, are well-established resources for security analysis. Many techniques, such as threat modelling, are based on DFDs…

Software Engineering · Computer Science 2024-01-10 Simon Schneider , Nicolás E. Díaz Ferreyra , Pierre-Jean Quéval , Georg Simhandl , Uwe Zdun , Riccardo Scandariato

With the increasing reliance on software and automation nowadays, tight deadlines, limited resources, and prioritization of functionality over security can lead to insecure coding practices. When not handled properly, these constraints…

Software Engineering · Computer Science 2025-07-16 Chaima Boufaied , Taher Ghaleb , Zainab Masood

In recent years, technology has advanced considerably with the introduction of many systems including advanced robotics, big data analytics, cloud computing, machine learning and many more. The opportunities to exploit the yet to come…

Cryptography and Security · Computer Science 2023-11-21 Sam Wen Ping , Jeffrey Cheok Jun Wah , Lee Wen Jie , Jeremy Bong Yong Han , Saira Muzafar

As our lives, our businesses, and indeed our world economy become increasingly reliant on the secure operation of many interconnected software systems, the software engineering research community is faced with unprecedented research…

Software Engineering · Computer Science 2024-09-27 Marcel Böhme , Eric Bodden , Tevfik Bultan , Cristian Cadar , Yang Liu , Giuseppe Scanniello

As Industry 4.0 and the Industrial Internet of Things continue to advance, industrial control systems are increasingly adopting IT solutions, including communication standards and protocols. As these systems become more decentralized and…

Cryptography and Security · Computer Science 2024-09-27 Thomas Rosenstatter , Christian Schäfer , Olaf Saßnick , Stefan Huber

Nowadays, the use of agile software development methods like Scrum is common in industry and academia. Considering the current attacking landscape, it is clear that developing secure software should be a main concern in all software…

Cryptography and Security · Computer Science 2015-07-13 Christoph Pohl , Hans-Joachim Hof

The arrival of recent cybersecurity standards has raised the bar for security assessments in organizations, but existing techniques don't always scale well. Threat analysis and risk assessment are used to identify security threats for new…

Software Engineering · Computer Science 2024-08-16 Winnie Bahati Mbaka , Katja Tuma

When changes are performed on an automated production system (aPS), new faults can be accidentally introduced in the system, which are called regressions. A common method for finding these faults is regression testing. In most cases, this…

Software Engineering · Computer Science 2022-12-13 Sebastian Ulewicz , Birgit Vogel-Heuser

Security flaws in software applications today has been attributed mostly to design flaws. With limited budget and time to release software into the market, many developers often consider security as an afterthought. Previous research shows…

Cryptography and Security · Computer Science 2013-03-11 A. Adebiyi , Johnnes Arreymbi , Chris Imafidon

Recent trends in the software development practices (Agile, DevOps, CI) have shortened the development life-cycle causing the need for efficient security-by-design approaches. In this context, software architectures are analyzed for…

Software Engineering · Computer Science 2019-06-06 Katja Tuma , Danial Hosseini , Kyriakos Malamas , Riccardo Scandariato

Software security is of utmost importance for most software systems. Developers must systematically select, plan, design, implement, and especially, maintain and evolve security features -- functionalities to mitigate attacks or protect…

Software Engineering · Computer Science 2025-09-30 Kevin Hermann , Sven Peldszus , Jan-Philipp Steghöfer , Thorsten Berger

Software requirements prioritization plays a crucial role in software development. It can be viewed as the process of ordering requirements by determining which requirements must be done first and which can be done later. Powerful…

Software Engineering · Computer Science 2024-02-21 Esraa Alhenawi , Shatha Awawdeh , Ruba Abu Khurma , Maribel García-Arenas , Pedro A. Castillo , Amjad Hudaib

Context: Today's safety critical systems are increasingly reliant on software. Software becomes responsible for most of the critical functions of systems. Many different safety analysis techniques have been developed to identify hazards of…

Software Engineering · Computer Science 2016-12-02 Asim Abdulkhaleq , Stefan Wagner

Although machine learning is widely used in practice, little is known about practitioners' understanding of potential security challenges. In this work, we close this substantial gap and contribute a qualitative study focusing on…

Cryptography and Security · Computer Science 2022-06-30 Lukas Bieringer , Kathrin Grosse , Michael Backes , Battista Biggio , Katharina Krombholz

Owing to recorded incidents of Information technology inclined organisations failing to respond effectively to threat incidents, this project outlines the benefits of conducting a comprehensive risk assessment which would aid proficiency in…

Computers and Society · Computer Science 2018-12-13 Samuel Cris Ayo , Bonaventure Ngala , Olasunkanmi Amzat , Robin Lal Khoshi , Samarappulige Isuru Madusanka