@inproceedings{62738,
abstract = {{Vulnerability disclosures are necessary to improve the security of our digital ecosystem. However, they can also be challenging for researchers: it may be hard to find out who the affected parties even are, or how to contact them. Researchers may be ignored or face adversity when disclosing vulnerabilities. We investigate researchers' experiences with vulnerability disclosures, extract best practices, and make recommendations for researchers, institutions that employ them, industry, and regulators to enable effective vulnerability disclosures.}},
author = {{Sri Ramulu, Harshini and Rotthaler, Anna Lena and Rossel, Jost and Gonzalez Rodriguez, Rachel and Wermke, Dominik and Fahl, Sascha and Kohno, Tadayoshi and Somorovsky, Juraj and Acar, Yasemin}},
booktitle = {{Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security}},
keywords = {{software vulnerabilities, vulnerability disclosure, security research}},
publisher = {{ACM}},
title = {{{Poster: Computer Security Researchers' Experiences with Vulnerability Disclosures}}},
doi = {{10.1145/3719027.3760723}},
year = {{2025}},
}
@article{53213,
author = {{Amiri, Arman and Tavana, Madjid and Arman, Hosein}},
issn = {{2542-6605}},
journal = {{Internet of Things}},
keywords = {{Management of Technology and Innovation, Artificial Intelligence, Computer Science Applications, Hardware and Architecture, Engineering (miscellaneous), Information Systems, Computer Science (miscellaneous), Software}},
publisher = {{Elsevier BV}},
title = {{{An Integrated Fuzzy Analytic Network Process and Fuzzy Regression Method for Bitcoin Price Prediction}}},
doi = {{10.1016/j.iot.2023.101027}},
volume = {{25}},
year = {{2024}},
}
@article{53212,
author = {{Mahmoodi, Ehsan and Fathi, Masood and Tavana, Madjid and Ghobakhloo, Morteza and Ng, Amos H.C.}},
issn = {{0278-6125}},
journal = {{Journal of Manufacturing Systems}},
keywords = {{Industrial and Manufacturing Engineering, Hardware and Architecture, Software, Control and Systems Engineering}},
pages = {{287--307}},
publisher = {{Elsevier BV}},
title = {{{Data-driven simulation-based decision support system for resource allocation in industry 4.0 and smart manufacturing}}},
doi = {{10.1016/j.jmsy.2023.11.019}},
volume = {{72}},
year = {{2024}},
}
@article{53205,
author = {{Tavana, Madjid and Sorooshian, Shahryar}},
issn = {{1568-4946}},
journal = {{Applied Soft Computing}},
keywords = {{Software}},
publisher = {{Elsevier BV}},
title = {{{A systematic review of the soft computing methods shaping the future of the metaverse}}},
doi = {{10.1016/j.asoc.2023.111098}},
volume = {{150}},
year = {{2024}},
}
@inproceedings{53811,
abstract = {{Persistent security challenges plague DevOps teams due to a deficiency in expertise regarding security tools and methods, as evidenced by frequent security incidents. Existing maturity models fail to adequately address the specific needs of DevOps teams. In response, this paper proposes "Security Belts," a novel maturity model inspired by martial arts ranking systems. This model aims to assist DevOps teams in enhancing their security capabilities by providing a structured approach, starting with fundamental activities and progressing to more advanced techniques. Drawing from the experiences of monitoring 21 teams, the paper presents lessons learned and offers actionable advice for refining maturity models tailored to software quality improvement.}},
author = {{Taaibi, Samira and Dziwok, Stefan and Hermerschmidt, Lars and Koch, Thorsten and Merschjohann, Sven and Vollmary, Mark}},
keywords = {{Software security, maturity model}},
location = {{Salt Lake City}},
title = {{{Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of their Product - An Experience Report}}},
year = {{2024}},
}
@inproceedings{56918,
abstract = {{Joint value creation of organizations in ecosystems have a high failure rate, stressing the need for tools that enable the alignment of business models through visual inquiry. However, existing visual inquiry tools rarely consider recent design knowledge or ecosystem understanding. This leads to dissatisfied users and impedes the full realization of ecosystems’ potential. This short paper proposes an archaeological design science approach for enhancing the design of visual inquiry tools (e.g., a canvas) for ecosystems. Preliminary findings reveal 24 relevant artifacts, and shortcomings in the creation of conceptual models and rigorous evaluations. The proposed research process aims to develop design principles for more effective tools to bridge the gap between visual inquiry tools and ecosystems. This research contributes to design science research by reutilizing design knowledge and further developing the archaeological design approach. It also offers valuable information to practitioners about existing business model tools for the creation of ecosystems.}},
author = {{Vorbohle, Christian}},
booktitle = {{Proceedings of the Thirty-Second European Conference on Information Systems (ECIS 2024)}},
keywords = {{Design Science Research, Design Archaeology, Canvas Analysis, Business Model Tools}},
location = {{Paphos, Cyprus}},
title = {{{Bridging Boundaries: Enhancing Visual Inquiry Tools for Ecosystems through Design Archaeology}}},
year = {{2024}},
}
@article{47800,
abstract = {{The introduction of Systems Engineering is an approach for dealing with the increasing complexity of products and their associated product development. Several introduction strategies are available in the literature; nevertheless, the introduction of Systems Engineering into practice still poses a great challenge to companies. Many companies have already gained experience in the introduction of Systems Engineering. Therefore, as part of the SE4OWL research project, the need to conduct a study including expert interviews and to collect the experiences of experts was identified. A total of 78 hypotheses were identified from 13 expert interviews concerning the lessons learned. Using exclusion criteria, 52 hypotheses were validated in a subsequent quantitative survey with 112 participants. Of these 52 hypotheses, 40 could be confirmed based on the survey results. Only four hypotheses were rejected, and eight could neither be confirmed nor rejected. Through this research, guidance is provided to companies to leverage best practices for the introduction of their own Systems Engineering and to avoid the poor practices of other companies.}},
author = {{Wilke, Daria and Grothe, Robin and Bretz, Lukas and Anacker, Harald and Dumitrescu, Roman}},
issn = {{2079-8954}},
journal = {{Systems}},
keywords = {{Information Systems and Management, Computer Networks and Communications, Modeling and Simulation, Control and Systems Engineering, Software}},
number = {{3}},
publisher = {{MDPI AG}},
title = {{{Lessons Learned from the Introduction of Systems Engineering}}},
doi = {{10.3390/systems11030119}},
volume = {{11}},
year = {{2023}},
}
@article{48777,
abstract = {{AbstractExplainable artificial intelligence has mainly focused on static learning scenarios so far. We are interested in dynamic scenarios where data is sampled progressively, and learning is done in an incremental rather than a batch mode. We seek efficient incremental algorithms for computing feature importance (FI). Permutation feature importance (PFI) is a well-established model-agnostic measure to obtain global FI based on feature marginalization of absent features. We propose an efficient, model-agnostic algorithm called iPFI to estimate this measure incrementally and under dynamic modeling conditions including concept drift. We prove theoretical guarantees on the approximation quality in terms of expectation and variance. To validate our theoretical findings and the efficacy of our approaches in incremental scenarios dealing with streaming data rather than traditional batch settings, we conduct multiple experimental studies on benchmark data with and without concept drift.}},
author = {{Fumagalli, Fabian and Muschalik, Maximilian and Hüllermeier, Eyke and Hammer, Barbara}},
issn = {{0885-6125}},
journal = {{Machine Learning}},
keywords = {{Artificial Intelligence, Software}},
publisher = {{Springer Science and Business Media LLC}},
title = {{{Incremental permutation feature importance (iPFI): towards online explanations on data streams}}},
doi = {{10.1007/s10994-023-06385-y}},
year = {{2023}},
}
@article{46816,
author = {{Torres, Adriano and Costa, Pedro and Amaral, Luis and Pastro, Jonata and Bonifácio, Rodrigo and d'Amorim, Marcelo and Legunsen, Owolabi and Bodden, Eric and Dias Canedo, Edna}},
issn = {{0098-5589}},
journal = {{IEEE Transactions on Software Engineering}},
keywords = {{Software}},
number = {{10}},
pages = {{4510 -- 4525}},
publisher = {{Institute of Electrical and Electronics Engineers (IEEE)}},
title = {{{Runtime Verification of Crypto APIs: An Empirical Study}}},
doi = {{10.1109/tse.2023.3301660}},
volume = {{49}},
year = {{2023}},
}
@article{49439,
abstract = {{AbstractThe use of static analysis security testing (SAST) tools has been increasing in recent years. However, previous studies have shown that, when shipped to end users such as development or security teams, the findings of these tools are often unsatisfying. Users report high numbers of false positives or long analysis times, making the tools unusable in the daily workflow. To address this, SAST tool creators provide a wide range of configuration options, such as customization of rules through domain-specific languages or specification of the application-specific analysis scope. In this paper, we study the configuration space of selected existing SAST tools when used within the integrated development environment (IDE). We focus on the configuration options that impact three dimensions, for which a trade-off is unavoidable, i.e., precision, recall, and analysis runtime. We perform a between-subjects user study with 40 users from multiple development and security teams - to our knowledge, the largest population for this kind of user study in the software engineering community. The results show that users who configure SAST tools are more effective in resolving security vulnerabilities detected by the tools than those using the default configuration. Based on post-study interviews, we identify common strategies that users have while configuring the SAST tools to provide further insights for tool creators. Finally, an evaluation of the configuration options of two commercial SAST tools, Fortify and CheckMarx, reveals that a quarter of the users do not understand the configuration options provided. The configuration options that are found most useful relate to the analysis scope.}},
author = {{Piskachev, Goran and Becker, Matthias and Bodden, Eric}},
issn = {{1382-3256}},
journal = {{Empirical Software Engineering}},
keywords = {{Software}},
number = {{5}},
publisher = {{Springer Science and Business Media LLC}},
title = {{{Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study}}},
doi = {{10.1007/s10664-023-10354-3}},
volume = {{28}},
year = {{2023}},
}
@article{51770,
abstract = {{AbstractWorkarounds are goal‐driven deviations from the standard operating procedures performed to overcome obstacles constraining day‐to‐day work. Despite starting as temporary fixes, they can become established across an organisation and trigger the innovation of processes and IT artefacts that can resolve misfits permanently. Although prior research has elicited antecedents and types of workarounds, it is not known how workarounds diffuse in an organisation and, thereby, innovating co‐workers' activities, IT artefacts, and organisational structures. The results of our multiple two‐year case study provide unique empirical insights into the diffusion of workarounds and how they can act as generative mechanisms for bottom‐up process innovation.}},
author = {{Bartelheimer, Christian and Wolf, Verena and Beverungen, Daniel}},
issn = {{1350-1917}},
journal = {{Information Systems Journal}},
keywords = {{Computer Networks and Communications, Information Systems, Software}},
number = {{5}},
pages = {{1085--1150}},
publisher = {{Wiley}},
title = {{{Workarounds as generative mechanisms for bottom‐up process innovation—Insights from a multiple case study}}},
doi = {{10.1111/isj.12435}},
volume = {{33}},
year = {{2023}},
}
@inbook{52662,
abstract = {{Static analysis tools support developers in detecting potential coding issues, such as bugs or vulnerabilities. Research emphasizes technical challenges of such tools but also mentions severe usability shortcomings. These shortcomings hinder the adoption of static analysis tools, and user dissatisfaction may even lead to tool abandonment. To comprehensively assess the state of the art, we present the first systematic usability evaluation of a wide range of static analysis tools. We derived a set of 36 relevant criteria from the literature and used them to evaluate a total of 46 static analysis tools complying with our inclusion and exclusion criteria - a representative set of mainly non-proprietary tools. The evaluation against the usability criteria in a multiple-raters approach shows that two thirds of the considered tools off er poor warning messages, while about three-quarters provide hardly any fix support. Furthermore, the integration of user knowledge is strongly neglected, which could be used for instance, to improve handling of false positives. Finally, issues regarding workflow integration and specialized user interfaces are revealed. These findings should prove useful in guiding and focusing further research and development in user experience for static code analyses.}},
author = {{Nachtigall, Marcus and Schlichtig, Michael and Bodden, Eric}},
booktitle = {{Software Engineering 2023}},
isbn = {{978-3-88579-726-5}},
keywords = {{Automated static analysis, Software usability}},
pages = {{95–96}},
publisher = {{Gesellschaft für Informatik e.V.}},
title = {{{Evaluation of Usability Criteria Addressed by Static Analysis Tools on a Large Scale}}},
year = {{2023}},
}
@article{46264,
abstract = {{System-level interconnects provide the
backbone for increasingly complex systems on a chip. Their
vulnerability to electromigration and crosstalk can lead to
serious reliability and safety issues during the system lifetime.
This article presents an approach for periodic in-system testing
which maintains a reliability profile to detect potential
problems before they actually cause a failure. Relying on a
common infrastructure for EM-aware system workload
management and test, it minimizes the stress induced by the
test itself and contributes to the self-healing of system-induced
electromigration degradations. }},
author = {{Sadeghi-Kohan, Somayeh and Hellebrand, Sybille and Wunderlich, Hans-Joachim}},
issn = {{2168-2356}},
journal = {{IEEE Design &Test}},
keywords = {{Electrical and Electronic Engineering, Hardware and Architecture, Software}},
pages = {{1--1}},
publisher = {{Institute of Electrical and Electronics Engineers (IEEE)}},
title = {{{Workload-Aware Periodic Interconnect BIST}}},
doi = {{10.1109/mdat.2023.3298849}},
year = {{2023}},
}
@article{53220,
author = {{Tavana, Madjid and Khalili Nasr, Arash and Ahmadabadi, Alireza Barati and Amiri, Alireza Shamekhi and Mina, Hassan}},
issn = {{2542-6605}},
journal = {{Internet of Things}},
keywords = {{Management of Technology and Innovation, Artificial Intelligence, Computer Science Applications, Hardware and Architecture, Engineering (miscellaneous), Information Systems, Computer Science (miscellaneous), Software}},
publisher = {{Elsevier BV}},
title = {{{An interval multi-criteria decision-making model for evaluating blockchain-IoT technology in supply chain networks}}},
doi = {{10.1016/j.iot.2023.100786}},
volume = {{22}},
year = {{2023}},
}
@article{53215,
author = {{Tavana, Madjid and Heidary, Mohammad Saeed and Mina, Hassan}},
issn = {{1568-4946}},
journal = {{Applied Soft Computing}},
keywords = {{Software}},
publisher = {{Elsevier BV}},
title = {{{A fuzzy preference programming and weighted influence non-linear gauge system for mission architecture assessment at NASA}}},
doi = {{10.1016/j.asoc.2023.110572}},
volume = {{145}},
year = {{2023}},
}
@article{53230,
author = {{Mahdiraji, Hannan Amoozad and Tavana, Madjid and Rezayar, Ali}},
issn = {{0196-9722}},
journal = {{Cybernetics and Systems}},
keywords = {{Artificial Intelligence, Information Systems, Software}},
number = {{1}},
pages = {{104--137}},
publisher = {{Informa UK Limited}},
title = {{{A Game-Theoretic Framework for Analyzing the Impact of Social Responsibility and Supply Chain Profitability}}},
doi = {{10.1080/01969722.2022.2055402}},
volume = {{54}},
year = {{2023}},
}
@article{44077,
author = {{Maack, Marten}},
issn = {{0167-6377}},
journal = {{Operations Research Letters}},
keywords = {{Applied Mathematics, Industrial and Manufacturing Engineering, Management Science and Operations Research, Software}},
number = {{3}},
pages = {{220--225}},
publisher = {{Elsevier BV}},
title = {{{Online load balancing on uniform machines with limited migration}}},
doi = {{10.1016/j.orl.2023.02.013}},
volume = {{51}},
year = {{2023}},
}
@article{44382,
abstract = {{The success of engineering complex technical systems is determined by meeting customer requirements and institutional regulations. One example relevant to the automobile industry is the United Nations Economic Commission of Europe (UN ECE), which specifies the homologation of automobile series and requires proof of traceability. The required traceability can be achieved by modeling system artifacts and their relations in a consistent, seamless model—an effect-chain model. Currently, no in-depth methodology exists to support engineers in developing certification-compliant effect-chain models. For this purpose, a new methodology for certification-compliant effect-chain modeling was developed, which includes extensions of an existing method, suitable models, and tools to support engineers in the modeling process. For evaluation purposes, applicability is proven based on the experience of more than 300 workshops at an automotive OEM and an automotive supplier. The following case example is chosen to demonstrate applicability: the development of a window lifter that has to meet the demands of UN ECE Regulations R156 and R21. Results indicate multiple benefits in supporting engineers with the certification-compliant modeling of effect chains. Three benefits are goal-oriented modeling to reduce the necessary modeling capacity, increasing model quality by applying information quality criteria, and the potential to reduce costs through automatable effect-chain analyses for technical changes. Further, companies in the automotive and other industries will benefit from increased modeling capabilities that can be used for architecture modeling and to comply with other regulations such as ASPICE or ISO 26262.}},
author = {{Gräßler, Iris and Wiechel, Dominik and Koch, Anna-Sophie and Sturm, Tim and Markfelder, Thomas}},
issn = {{2079-8954}},
journal = {{Systems}},
keywords = {{Information Systems and Management, Computer Networks and Communications, Modeling and Simulation, Control and Systems Engineering, Software}},
number = {{3}},
publisher = {{MDPI AG}},
title = {{{Methodology for Certification-Compliant Effect-Chain Modeling}}},
doi = {{10.3390/systems11030154}},
volume = {{11}},
year = {{2023}},
}
@article{45361,
abstract = {{ The non-orthogonal local submatrix method applied to electronic structure–based molecular dynamics simulations is shown to exceed 1.1 EFLOP/s in FP16/FP32-mixed floating-point arithmetic when using 4400 NVIDIA A100 GPUs of the Perlmutter system. This is enabled by a modification of the original method that pushes the sustained fraction of the peak performance to about 80%. Example calculations are performed for SARS-CoV-2 spike proteins with up to 83 million atoms. }},
author = {{Schade, Robert and Kenter, Tobias and Elgabarty, Hossam and Lass, Michael and Kühne, Thomas and Plessl, Christian}},
issn = {{1094-3420}},
journal = {{The International Journal of High Performance Computing Applications}},
keywords = {{Hardware and Architecture, Theoretical Computer Science, Software}},
publisher = {{SAGE Publications}},
title = {{{Breaking the exascale barrier for the electronic structure problem in ab-initio molecular dynamics}}},
doi = {{10.1177/10943420231177631}},
year = {{2023}},
}
@article{50262,
abstract = {{AbstractExplainable artificial intelligence has mainly focused on static learning scenarios so far. We are interested in dynamic scenarios where data is sampled progressively, and learning is done in an incremental rather than a batch mode. We seek efficient incremental algorithms for computing feature importance (FI). Permutation feature importance (PFI) is a well-established model-agnostic measure to obtain global FI based on feature marginalization of absent features. We propose an efficient, model-agnostic algorithm called iPFI to estimate this measure incrementally and under dynamic modeling conditions including concept drift. We prove theoretical guarantees on the approximation quality in terms of expectation and variance. To validate our theoretical findings and the efficacy of our approaches in incremental scenarios dealing with streaming data rather than traditional batch settings, we conduct multiple experimental studies on benchmark data with and without concept drift.}},
author = {{Fumagalli, Fabian and Muschalik, Maximilian and Hüllermeier, Eyke and Hammer, Barbara}},
issn = {{0885-6125}},
journal = {{Machine Learning}},
keywords = {{Artificial Intelligence, Software}},
number = {{12}},
pages = {{4863--4903}},
publisher = {{Springer Science and Business Media LLC}},
title = {{{Incremental permutation feature importance (iPFI): towards online explanations on data streams}}},
doi = {{10.1007/s10994-023-06385-y}},
volume = {{112}},
year = {{2023}},
}