@inproceedings{65261,
  author       = {{Trentinaglia, Roman and Koch, Thorsten and Bodden, Eric}},
  booktitle    = {{Proceedings of the 14th International Conference on Model-Based Software and Systems Engineering}},
  publisher    = {{SCITEPRESS - Science and Technology Publications}},
  title        = {{{Using Attack and Failure Propagation Analysis for Context-Aware Security Control Suggestions}}},
  doi          = {{10.5220/0014278000004058}},
  year         = {{2026}},
}

@article{61546,
  abstract     = {{<jats:p>Fuzzing is a powerful software testing technique renowned for its effectiveness in identifying software vulnerabilities. Traditional fuzzing evaluations typically focus on overall fuzzer performance across a set of target programs, yet few benchmarks consider how fine-grained program features influence fuzzing effectiveness. To bridge this gap, we introduce FeatureBench, a novel benchmark designed to generate programs with configurable, fine-grained program features to enhance fuzzing evaluations. We reviewed 25 recent grey-box fuzzing studies, extracting 7 program features related to control-flow and data-flow that can impact fuzzer performance. Using these features, we generated a benchmark consisting of 153 programs controlled by 10 fine-grained configurable parameters. We evaluated 11 fuzzers using this benchmark, with each fuzzer representing either distinct claimed improvements or serving as a widely used baseline in fuzzing evaluations. The results indicate that fuzzer performance varies significantly based on the program features and their strengths, highlighting the importance of incorporating program characteristics into fuzzing evaluations.</jats:p>}},
  author       = {{Miao, Miao and Kummita, Sriteja and Bodden, Eric and Wei, Shiyi}},
  issn         = {{2994-970X}},
  journal      = {{Proceedings of the ACM on Software Engineering}},
  number       = {{ISSTA}},
  pages        = {{527--549}},
  publisher    = {{Association for Computing Machinery (ACM)}},
  title        = {{{Program Feature-Based Benchmarking for Fuzz Testing}}},
  doi          = {{10.1145/3728899}},
  volume       = {{2}},
  year         = {{2025}},
}

@inproceedings{60583,
  abstract     = {{<jats:p>Assessing and communicating software security has become a crucial concern in the era of digital transformation. As software systems grow more complex and interconnected, it becomes increasingly challenging to effectively evaluate and communicate a product's security status to both technical and non-technical stakeholders. The Software Product Health Assistant (SPHA) is designed to automatically collect and aggregate data from existing expert tools and derive, among other scores, a transparent Security Score. SPHA is designed to present and explain this Security Score to decision-makers to support their responsibilities. In this paper, we demonstrate how to integrate data from SMARAGD (System Modeler for Architectural Risk Assessment and Guidance on Defenses), a safety-informed threat modeling tool, into SPHA to enhance the existing definition of its Security Score. To achieve this, we combine information about known vulnerabilities with architectural and threat data to calculate a realistic risk score for the product in question.</jats:p>}},
  author       = {{Strüwer, Jan-niclas and Trentinaglia, Roman and Wohlers, Benedict and Bodden, Eric and Dumitrescu, Roman}},
  booktitle    = {{AHFE International}},
  issn         = {{2771-0718}},
  publisher    = {{AHFE International}},
  title        = {{{Assessing and Communicating Software Security: Enhancing Software Product Health with Architectural Threat Analysis}}},
  doi          = {{10.54941/ahfe1006145}},
  volume       = {{168}},
  year         = {{2025}},
}

@inproceedings{63854,
  author       = {{Eikerling, Hendrik and Kampkötter, Anemone}},
  booktitle    = {{Lecture Notes in Computer Science}},
  isbn         = {{9783031823619}},
  issn         = {{0302-9743}},
  publisher    = {{Springer Nature Switzerland}},
  title        = {{{Enabling Android Application Monitoring by Characterizing Security-Critical Code Fragments}}},
  doi          = {{10.1007/978-3-031-82362-6_25}},
  year         = {{2025}},
}

@inproceedings{53958,
  abstract     = {{To detect security vulnerabilities, static analysis tools need to be configured with security-relevant methods. Current approaches can automatically identify such methods using binary relevance machine learning approaches. However, they ignore dependencies among security-relevant methods, over-generalize and perform poorly in practice. Additionally, users have to nevertheless manually configure static analysis tools using the detected methods. Based on feedback from users and our observations, the excessive manual steps can often be tedious, error-prone and counter-intuitive.
 In this paper, we present Dev-Assist, an IntelliJ IDEA plugin that detects security-relevant methods using a multi-label machine learning approach that considers dependencies among labels. The plugin can automatically generate configurations for static analysis tools, run the static analysis, and show the results in IntelliJ IDEA. Our experiments reveal that Dev-Assist's machine learning approach has a higher F1-Measure than related approaches. Moreover, the plugin reduces and simplifies the manual effort required when configuring and using static analysis tools.}},
  author       = {{Johnson, Oshando and Piskachev, Goran and Krishnamurthy, Ranjith and Bodden, Eric}},
  booktitle    = {{Proceedings of the 46th International Conference on Software Engineering, IDE Workshop}},
  title        = {{{Detecting Security-Relevant Methods using Multi-label Machine Learning}}},
  doi          = {{10.48550/ARXIV.2403.07501}},
  year         = {{2024}},
}

@misc{59601,
  abstract     = {{Modern vehicles are becoming more connected and autonomous, and more software-defined in general. Such connectivity leads to security risks due to the increased attack surface for external intrusions. In addition, attacks can also lead to safety hazards as cars contain multiple safety-critical components. Therefore both safety and security must be considered in combination. In this whitepaper, we describe a tool-supported analysis method aligned with automotive standards to identify safety and security dependencies and automatically derive corresponding test cases. These test cases can be imported into the existing dSPACE tool chain to improve efficiency by reducing time-consuming manual work and susceptibility to errors. Thereby, our method brings together system design and testing phases to pave the way for an integrated safety and security-by-design life cycle in the automotive domain.}},
  author       = {{Trentinaglia, Roman and Fockel, Markus and Pukrop, Matthias and Schaeffer, Tobias}},
  pages        = {{5}},
  publisher    = {{dSPACE GmbH}},
  title        = {{{Whitepaper: From HARA and TARA to Risk-Based Safety and Security Dependency Testing}}},
  year         = {{2024}},
}

@inproceedings{57578,
  author       = {{Trentinaglia, Roman and Fockel, Markus and Pukrop, Matthias and Schaeffer, Tobias}},
  booktitle    = {{22th escar Europe : The World’s Leading Automotive Cyber Security Conference : Embedded Security in Cars (Dortmund, 19. - 20.11.2024)}},
  title        = {{{Automatically deriving test cases from safety-security dependencies}}},
  doi          = {{10.13154/294-12716}},
  year         = {{2024}},
}

@inproceedings{56863,
  author       = {{Schiebel, Fabian Benedikt and Sattler, Florian and Schubert, Philipp Dominik and Apel, Sven and Bodden, Eric}},
  booktitle    = {{38th European Conference on Object-Oriented Programming (ECOOP 2024)}},
  editor       = {{Aldrich, Jonathan and Salvaneschi, Guido}},
  isbn         = {{978-3-95977-341-6}},
  issn         = {{1868-8969}},
  pages        = {{36:1–36:28}},
  publisher    = {{Schloss Dagstuhl – Leibniz-Zentrum für Informatik}},
  title        = {{{Scaling Interprocedural Static Data-Flow Analysis to Large C/C++ Applications: An Experience Report}}},
  doi          = {{10.4230/LIPIcs.ECOOP.2024.36}},
  volume       = {{313}},
  year         = {{2024}},
}

@article{52587,
  author       = {{Bodden, Eric and Pottebaum, Jens and Fockel, Markus and Gräßler, Iris}},
  issn         = {{1540-7993}},
  journal      = {{IEEE Security & Privacy}},
  keywords     = {{Law, Electrical and Electronic Engineering, Computer Networks and Communications}},
  number       = {{1}},
  pages        = {{69--72}},
  publisher    = {{Institute of Electrical and Electronics Engineers (IEEE)}},
  title        = {{{Evaluating Security Through Isolation and Defense in Depth}}},
  doi          = {{10.1109/msec.2023.3336028}},
  volume       = {{22}},
  year         = {{2024}},
}

@inproceedings{53811,
  abstract     = {{Persistent security challenges plague DevOps teams due to a deficiency in expertise regarding security tools and methods, as evidenced by frequent security incidents. Existing maturity models fail to adequately address the specific needs of DevOps teams. In response, this paper proposes "Security Belts," a novel maturity model inspired by martial arts ranking systems. This model aims to assist DevOps teams in enhancing their security capabilities by providing a structured approach, starting with fundamental activities and progressing to more advanced techniques. Drawing from the experiences of monitoring 21 teams, the paper presents lessons learned and offers actionable advice for refining maturity models tailored to software quality improvement.}},
  author       = {{Taaibi, Samira and Dziwok, Stefan and Hermerschmidt, Lars and Koch, Thorsten and Merschjohann, Sven and Vollmary, Mark}},
  booktitle    = {{AMCIS 2024 Proceedings. 13.}},
  keywords     = {{Software security, maturity model}},
  location     = {{Salt Lake City}},
  title        = {{{Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of their Product - An Experience Report}}},
  year         = {{2024}},
}

@article{49439,
  abstract     = {{<jats:title>Abstract</jats:title><jats:p>The use of static analysis security testing (SAST) tools has been increasing in recent years. However, previous studies have shown that, when shipped to end users such as development or security teams, the findings of these tools are often unsatisfying. Users report high numbers of false positives or long analysis times, making the tools unusable in the daily workflow. To address this, SAST tool creators provide a wide range of configuration options, such as customization of rules through domain-specific languages or specification of the application-specific analysis scope. In this paper, we study the configuration space of selected existing SAST tools when used within the integrated development environment (IDE). We focus on the configuration options that impact three dimensions, for which a trade-off is unavoidable, i.e., precision, recall, and analysis runtime. We perform a between-subjects user study with 40 users from multiple development and security teams - to our knowledge, the largest population for this kind of user study in the software engineering community. The results show that users who configure SAST tools are more effective in resolving security vulnerabilities detected by the tools than those using the default configuration. Based on post-study interviews, we identify common strategies that users have while configuring the SAST tools to provide further insights for tool creators. Finally, an evaluation of the configuration options of two commercial SAST tools, <jats:sc>Fortify</jats:sc> and <jats:sc>CheckMarx</jats:sc>, reveals that a quarter of the users do not understand the configuration options provided. The configuration options that are found most useful relate to the analysis scope.</jats:p>}},
  author       = {{Piskachev, Goran and Becker, Matthias and Bodden, Eric}},
  issn         = {{1382-3256}},
  journal      = {{Empirical Software Engineering}},
  keywords     = {{Software}},
  number       = {{5}},
  publisher    = {{Springer Science and Business Media LLC}},
  title        = {{{Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study}}},
  doi          = {{10.1007/s10664-023-10354-3}},
  volume       = {{28}},
  year         = {{2023}},
}

@inbook{54672,
  author       = {{Schmelter, David and Steghöfer, Jan-Philipp and Albers, Karsten and Ekman, Mats and Tessmer, Jörg and Weber, Raphael}},
  booktitle    = {{Communications in Computer and Information Science}},
  isbn         = {{9783031423062}},
  issn         = {{1865-0929}},
  publisher    = {{Springer Nature Switzerland}},
  title        = {{{Trustful Model-Based Information Exchange in Collaborative Engineering}}},
  doi          = {{10.1007/978-3-031-42307-9_12}},
  year         = {{2023}},
}

@inproceedings{43395,
  author       = {{Trentinaglia, Roman and Merschjohann, Sven and Fockel, Markus and Eikerling, Hendrik}},
  booktitle    = {{REFSQ 2023: Requirements Engineering: Foundation for Software Quality}},
  isbn         = {{9783031297854}},
  issn         = {{0302-9743}},
  publisher    = {{Springer Nature Switzerland}},
  title        = {{{Eliciting Security Requirements – An Experience Report}}},
  doi          = {{10.1007/978-3-031-29786-1_25}},
  year         = {{2023}},
}

@inproceedings{41812,
  author       = {{Luo, Linghui and Piskachev, Goran and Krishnamurthy, Ranjith and Dolby, Julian and Schäf, Martin and Bodden, Eric}},
  booktitle    = {{IEEE International Conference on Software Testing, Verification and Validation (ICST)}},
  title        = {{{Model Generation For Java Frameworks}}},
  year         = {{2023}},
}

@inproceedings{29847,
  author       = {{Fockel, Markus and Schubert, David and Trentinaglia, Roman and Schulz, Hannes and Kirmair, Wolfgang}},
  booktitle    = {{Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development}},
  publisher    = {{SCITEPRESS - Science and Technology Publications}},
  title        = {{{Semi-automatic Integrated Safety and Security Analysis for Automotive Systems}}},
  doi          = {{10.5220/0010778500003119}},
  year         = {{2022}},
}

@inproceedings{29844,
  author       = {{Koch, Thorsten and Trippel, Sascha and Dziwok, Stefan and Bodden, Eric}},
  booktitle    = {{Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development}},
  publisher    = {{SCITEPRESS - Science and Technology Publications}},
  title        = {{{Integrating Security Protocols in Scenario-based Requirements Specifications}}},
  doi          = {{10.5220/0010783300003119}},
  year         = {{2022}},
}

@article{31071,
  abstract     = {{Distributed, software-intensive systems (e.g., in the automotive sector) must fulfill communication requirements under hard real-time constraints.  The requirements have to be documented and validated carefully using a systematic requirements engineering (RE) approach, for example, by applying scenario-based requirements notations. The resources of the execution platforms and their properties (e.g., CPU frequency or bus throughput) induce effects on the timing behavior, which may lead to violations of the real-time requirements. Nowadays, the platform properties and their induced timing effects are verified against the real-time requirements by means of timing analysis techniques mostly implemented in commercial-off-the-shelf tools. However, such timing analyses are conducted in late development phases since they rely on artifacts produced during these phases (e.g., the platform-specific code). In order to enable early timing analyses already during RE, we extend a scenario-based requirements notation with allocation means to platform models and define operational semantics for the purpose of simulation-based, platform-aware timing analyses. We illustrate and evaluate the approach with an automotive software-intensive system.}},
  author       = {{Holtmann, Jörg and Deantoni, Julien and Fockel, Markus}},
  issn         = {{1619-1366}},
  journal      = {{Software and Systems Modeling}},
  keywords     = {{Modeling and Simulation, Software}},
  publisher    = {{Springer Science and Business Media LLC}},
  title        = {{{Early timing analysis based on scenario requirements and platform models}}},
  doi          = {{10.1007/s10270-022-01002-3}},
  year         = {{2022}},
}

@article{33836,
  author       = {{Piskachev, Goran and Späth, Johannes and Budde, Ingo and Bodden, Eric}},
  journal      = {{Empirical Software Engineering}},
  number       = {{5}},
  pages        = {{1–33}},
  publisher    = {{Springer}},
  title        = {{{Fluently specifying taint-flow queries with fluentTQL}}},
  volume       = {{27}},
  year         = {{2022}},
}

@inproceedings{33838,
  author       = {{Krishnamurthy, Ranjith and Piskachev, Goran and Bodden, Eric}},
  title        = {{{To what extent can we analyze Kotlin programs using existing Java taint analysis tools?}}},
  year         = {{2022}},
}

@inproceedings{33837,
  author       = {{Piskachev, Goran and Dziwok, Stefan and Koch, Thorsten and Merschjohann, Sven and Bodden, Eric}},
  title        = {{{How far are German companies in improving security through static program analysis tools?}}},
  year         = {{2022}},
}

