@inproceedings{62738,
  abstract     = {{Vulnerability disclosures are necessary to improve the security of our digital ecosystem. However, they can also be challenging for researchers: it may be hard to find out who the affected parties even are, or how to contact them. Researchers may be ignored or face adversity when disclosing vulnerabilities. We investigate researchers' experiences with vulnerability disclosures, extract best practices, and make recommendations for researchers, institutions that employ them, industry, and regulators to enable effective vulnerability disclosures.}},
  author       = {{Sri Ramulu, Harshini and Rotthaler, Anna Lena and Rossel, Jost and Gonzalez Rodriguez, Rachel and Wermke, Dominik and Fahl, Sascha and Kohno, Tadayoshi and Somorovsky, Juraj and Acar, Yasemin}},
  booktitle    = {{Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security}},
  keywords     = {{software vulnerabilities, vulnerability disclosure, security research}},
  publisher    = {{ACM}},
  title        = {{{Poster: Computer Security Researchers' Experiences with Vulnerability Disclosures}}},
  doi          = {{10.1145/3719027.3760723}},
  year         = {{2025}},
}

@inproceedings{54863,
  author       = {{Schmüser, Juliane and Ramulu, Harshini Sri and Wöhler, Noah and Stransky, Christian and Bensmann, Felix and Dimitrov, Dimitar and Schellhammer, Sebastian and Wermke, Dominik and Dietze, Stefan and Acar, Yasemin and Fahl, Sascha}},
  booktitle    = {{Proceedings of the CHI Conference on Human Factors in Computing Systems, CHI 2024, Honolulu, HI, USA, May 11-16, 2024}},
  editor       = {{Mueller, Florian ’Floyd’ and Kyburz, Penny and Williamson, Julie R. and Sas, Corina and Wilson, Max L. and Dugas, Phoebe O. Toups and Shklovski, Irina}},
  pages        = {{574:1–574:16}},
  publisher    = {{ACM}},
  title        = {{{Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on Twitter}}},
  doi          = {{10.1145/3613904.3642826}},
  year         = {{2024}},
}

@inproceedings{54862,
  author       = {{Boughton, Lina and Miller, Courtney and Acar, Yasemin and Wermke, Dominik and Kästner, Christian}},
  booktitle    = {{Proceedings of the 2024 {ACM/IEEE} 44th International Conference on Software Engineering: New Ideas and Emerging Results, NIER@ICSE 2024, Lisbon, Portugal, April 14-20, 2024}},
  pages        = {{57–61}},
  publisher    = {{ACM}},
  title        = {{{Decomposing and Measuring Trust in Open-Source Software Supply Chains}}},
  doi          = {{10.1145/3639476.3639775}},
  year         = {{2024}},
}

@article{54864,
  author       = {{Horstmann, Stefan Albert and Domiks, Samuel and Gutfleisch, Marco and Tran, Mindy and Acar, Yasemin and Moonsamy, Veelasha and Naiakshina, Alena}},
  journal      = {{Proc. Priv. Enhancing Technol.}},
  number       = {{1}},
  pages        = {{151–170}},
  title        = {{{"Those things are written by lawyers, and programmers are reading that." Mapping the Communication Gap Between Software Developers and Privacy Experts}}},
  doi          = {{10.56553/POPETS-2024-0010}},
  volume       = {{2024}},
  year         = {{2024}},
}

@inproceedings{55633,
  author       = {{Höltervennhoff, Sandra and Wöhler, Noah and Möhle, Arne and Oltrogge, Marten and Acar, Yasemin and Wiese, Oliver and Fahl, Sascha}},
  booktitle    = {{33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024}},
  editor       = {{Balzarotti, Davide and Xu, Wenyuan}},
  publisher    = {{USENIX Association}},
  title        = {{{A Mixed-Methods Study on User Experiences and Challenges of Recovery Codes for an End-to-End Encrypted Service}}},
  year         = {{2024}},
}

@inproceedings{55632,
  author       = {{Fischer, Konstantin and Trummová, Ivana and Gajland, Phillip and Acar, Yasemin and Fahl, Sascha and Sasse, M. Angela}},
  booktitle    = {{33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024}},
  editor       = {{Balzarotti, Davide and Xu, Wenyuan}},
  publisher    = {{USENIX Association}},
  title        = {{{The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with Experts}}},
  year         = {{2024}},
}

@inproceedings{55634,
  author       = {{Fourné, Marcel and Braga, Daniel De Almeida and Jancar, Jan and Sabt, Mohamed and Schwabe, Peter and Barthe, Gilles and Fouque, Pierre-Alain and Acar, Yasemin}},
  booktitle    = {{33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024}},
  editor       = {{Balzarotti, Davide and Xu, Wenyuan}},
  publisher    = {{USENIX Association}},
  title        = {{{"These results must be false": A usability evaluation of constant-time analysis tools}}},
  year         = {{2024}},
}

@inproceedings{55636,
  author       = {{Huaman, Nicolas and Suray, Jacques and Klemmer, Jan H. and Fourné, Marcel and Amft, Sabrina and Trummová, Ivana and Acar, Yasemin and Fahl, Sascha}},
  booktitle    = {{33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024}},
  editor       = {{Balzarotti, Davide and Xu, Wenyuan}},
  publisher    = {{USENIX Association}},
  title        = {{{"You have to read 50 different RFCs that contradict each other": An Interview Study on the Experiences of Implementing Cryptographic Standards}}},
  year         = {{2024}},
}

@inproceedings{55641,
  author       = {{Panahi, Kabir and Robertson, Shawn and Acar, Yasemin and Bardas, Alexandru G. and Kohno, Tadayoshi and Simko, Lucy}},
  booktitle    = {{33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024}},
  editor       = {{Balzarotti, Davide and Xu, Wenyuan}},
  publisher    = {{USENIX Association}},
  title        = {{{"But they have overlooked a few things in Afghanistan: " An Analysis of the Integration of Biometric Voter Verification in the 2019 Afghan Presidential Elections}}},
  year         = {{2024}},
}

@inproceedings{55642,
  author       = {{Ramulu, Harshini Sri and Schmitt, Helen and Wermke, Dominik and Acar, Yasemin}},
  booktitle    = {{33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024}},
  editor       = {{Balzarotti, Davide and Xu, Wenyuan}},
  publisher    = {{USENIX Association}},
  title        = {{{Security and Privacy Software Creators’ Perspectives on Unintended Consequences}}},
  year         = {{2024}},
}

@article{58368,
  author       = {{Zahan, Nusrat and Acar, Yasemin and Cukier, Michel and Enck, William and Kästner, Christian and Kapravelos, Alexandros and Wermke, Dominik and Williams, Laurie A.}},
  journal      = {{CoRR}},
  title        = {{{S3C2 Summit 2023-11: Industry Secure Supply Chain Summit}}},
  doi          = {{10.48550/ARXIV.2408.16529}},
  volume       = {{abs/2408.16529}},
  year         = {{2024}},
}

@article{58369,
  author       = {{Tystahl, Greg and Acar, Yasemin and Cukier, Michel and Enck, William and Kästner, Christian and Kapravelos, Alexandros and Wermke, Dominik and Williams, Laurie A.}},
  journal      = {{CoRR}},
  title        = {{{S3C2 Summit 2024-03: Industry Secure Supply Chain Summit}}},
  doi          = {{10.48550/ARXIV.2405.08762}},
  volume       = {{abs/2405.08762}},
  year         = {{2024}},
}

@inproceedings{56624,
  author       = {{Kostan, Anastassija and Olschar, Sara and Simko, Lucy and Acar, Yasemin}},
  booktitle    = {{33rd USENIX Security Symposium (USENIX Security 24)}},
  pages        = {{2029–2046}},
  title        = {{{Exploring digital security and privacy in relative poverty in Germany through qualitative interviews}}},
  year         = {{2024}},
}

@inproceedings{55637,
  author       = {{Kostan, Anastassija and Olschar, Sara and Simko, Lucy and Acar, Yasemin}},
  booktitle    = {{33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024}},
  editor       = {{Balzarotti, Davide and Xu, Wenyuan}},
  publisher    = {{USENIX Association}},
  title        = {{{Exploring digital security and privacy in relative poverty in Germany through qualitative interviews}}},
  year         = {{2024}},
}

@inproceedings{47306,
  author       = {{Herbert, Franziska and Becker, Steffen and Schaewitz, Leonie and Hielscher, Jonas and Kowalewski, Marvin and Sasse, M. Angela and Acar, Yasemin and Dürmuth, Markus}},
  booktitle    = {{Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems, CHI 2023, Hamburg, Germany, April 23-28, 2023}},
  editor       = {{Schmidt, Albrecht and Väänänen, Kaisa and Goyal, Tesh and Kristensson, Per Ola and Peters, Anicia and Mueller, Stefanie and Williamson, Julie R. and Wilson, Max L.}},
  pages        = {{582:1–582:23}},
  publisher    = {{ACM}},
  title        = {{{A World Full of Privacy and Security (Mis)conceptions? Findings of a Representative Survey in 12 Countries}}},
  doi          = {{10.1145/3544548.3581410}},
  year         = {{2023}},
}

@inproceedings{47304,
  author       = {{Wermke, Dominik and Klemmer, Jan H. and Wöhler, Noah and Schmüser, Juliane and Sri Ramulu, Harshini and Acar, Yasemin and Fahl, Sascha}},
  booktitle    = {{44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023}},
  pages        = {{1545–1560}},
  publisher    = {{IEEE}},
  title        = {{{"Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain}}},
  doi          = {{10.1109/SP46215.2023.10179378}},
  year         = {{2023}},
}

@inproceedings{47299,
  author       = {{Krause, Alexander and Klemmer, Jan H. and Huaman, Nicolas and Wermke, Dominik and Acar, Yasemin and Fahl, Sascha}},
  booktitle    = {{32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023}},
  editor       = {{Calandrino, Joseph A. and Troncoso, Carmela}},
  publisher    = {{USENIX Association}},
  title        = {{{Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories}}},
  year         = {{2023}},
}

@inproceedings{47310,
  author       = {{Fourné, Marcel and Wermke, Dominik and Enck, William and Fahl, Sascha and Acar, Yasemin}},
  booktitle    = {{44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023}},
  pages        = {{1527–1544}},
  publisher    = {{IEEE}},
  title        = {{{It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security}}},
  doi          = {{10.1109/SP46215.2023.10179320}},
  year         = {{2023}},
}

@inproceedings{47311,
  author       = {{Munyendo, Collins W. and Acar, Yasemin and Aviv, Adam J.}},
  booktitle    = {{44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023}},
  pages        = {{570–587}},
  publisher    = {{IEEE}},
  title        = {{{"In Eighty Percent of the Cases, I Select the Password for Them": Security and Privacy Challenges, Advice, and Opportunities at Cybercafes in Kenya}}},
  doi          = {{10.1109/SP46215.2023.10179410}},
  year         = {{2023}},
}

@inproceedings{47303,
  author       = {{Keküllüoglu, Dilara and Acar, Yasemin}},
  booktitle    = {{44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023}},
  pages        = {{2015–2031}},
  publisher    = {{IEEE}},
  title        = {{{"We are a startup to the core": A qualitative interview study on the security and privacy development practices in Turkish software startups}}},
  doi          = {{10.1109/SP46215.2023.10179339}},
  year         = {{2023}},
}