[{"year":"2023","citation":{"ieee":"G. Piskachev, M. Becker, and E. Bodden, “Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study,” <i>Empirical Software Engineering</i>, vol. 28, no. 5, Art. no. 118, 2023, doi: <a href=\"https://doi.org/10.1007/s10664-023-10354-3\">10.1007/s10664-023-10354-3</a>.","chicago":"Piskachev, Goran, Matthias Becker, and Eric Bodden. “Can the Configuration of Static Analyses Make Resolving Security Vulnerabilities More Effective? - A User Study.” <i>Empirical Software Engineering</i> 28, no. 5 (2023). <a href=\"https://doi.org/10.1007/s10664-023-10354-3\">https://doi.org/10.1007/s10664-023-10354-3</a>.","ama":"Piskachev G, Becker M, Bodden E. Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study. <i>Empirical Software Engineering</i>. 2023;28(5). doi:<a href=\"https://doi.org/10.1007/s10664-023-10354-3\">10.1007/s10664-023-10354-3</a>","bibtex":"@article{Piskachev_Becker_Bodden_2023, title={Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study}, volume={28}, DOI={<a href=\"https://doi.org/10.1007/s10664-023-10354-3\">10.1007/s10664-023-10354-3</a>}, number={5118}, journal={Empirical Software Engineering}, publisher={Springer Science and Business Media LLC}, author={Piskachev, Goran and Becker, Matthias and Bodden, Eric}, year={2023} }","short":"G. Piskachev, M. Becker, E. Bodden, Empirical Software Engineering 28 (2023).","mla":"Piskachev, Goran, et al. “Can the Configuration of Static Analyses Make Resolving Security Vulnerabilities More Effective? - A User Study.” <i>Empirical Software Engineering</i>, vol. 28, no. 5, 118, Springer Science and Business Media LLC, 2023, doi:<a href=\"https://doi.org/10.1007/s10664-023-10354-3\">10.1007/s10664-023-10354-3</a>.","apa":"Piskachev, G., Becker, M., &#38; Bodden, E. (2023). Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study. <i>Empirical Software Engineering</i>, <i>28</i>(5), Article 118. <a href=\"https://doi.org/10.1007/s10664-023-10354-3\">https://doi.org/10.1007/s10664-023-10354-3</a>"},"intvolume":"        28","publication_status":"published","publication_identifier":{"issn":["1382-3256","1573-7616"]},"issue":"5","title":"Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study","doi":"10.1007/s10664-023-10354-3","date_updated":"2023-12-04T11:29:49Z","publisher":"Springer Science and Business Media LLC","date_created":"2023-12-04T11:14:34Z","author":[{"last_name":"Piskachev","orcid":"0000-0003-4424-5838","full_name":"Piskachev, Goran","id":"41936","first_name":"Goran"},{"first_name":"Matthias","orcid":"https://orcid.org/0000-0003-2465-9347","last_name":"Becker","full_name":"Becker, Matthias","id":"4870"},{"first_name":"Eric","full_name":"Bodden, Eric","id":"59256","orcid":"0000-0003-3470-3647","last_name":"Bodden"}],"volume":28,"abstract":[{"text":"<jats:title>Abstract</jats:title><jats:p>The use of static analysis security testing (SAST) tools has been increasing in recent years. However, previous studies have shown that, when shipped to end users such as development or security teams, the findings of these tools are often unsatisfying. Users report high numbers of false positives or long analysis times, making the tools unusable in the daily workflow. To address this, SAST tool creators provide a wide range of configuration options, such as customization of rules through domain-specific languages or specification of the application-specific analysis scope. In this paper, we study the configuration space of selected existing SAST tools when used within the integrated development environment (IDE). We focus on the configuration options that impact three dimensions, for which a trade-off is unavoidable, i.e., precision, recall, and analysis runtime. We perform a between-subjects user study with 40 users from multiple development and security teams - to our knowledge, the largest population for this kind of user study in the software engineering community. The results show that users who configure SAST tools are more effective in resolving security vulnerabilities detected by the tools than those using the default configuration. Based on post-study interviews, we identify common strategies that users have while configuring the SAST tools to provide further insights for tool creators. Finally, an evaluation of the configuration options of two commercial SAST tools, <jats:sc>Fortify</jats:sc> and <jats:sc>CheckMarx</jats:sc>, reveals that a quarter of the users do not understand the configuration options provided. The configuration options that are found most useful relate to the analysis scope.</jats:p>","lang":"eng"}],"status":"public","type":"journal_article","publication":"Empirical Software Engineering","article_number":"118","keyword":["Software"],"language":[{"iso":"eng"}],"_id":"49439","user_id":"15249","department":[{"_id":"76"},{"_id":"662"}]},{"title":"A KPI-based Condition Monitoring System for the Beer Brewing Process","author":[{"last_name":"Pasic","full_name":"Pasic, Faruk","id":"49576","first_name":"Faruk"},{"first_name":"Benedict","last_name":"Wohlers","full_name":"Wohlers, Benedict","id":"53786"},{"orcid":"http://orcid.org/0000-0002-8679-6673","last_name":"Dziwok","id":"3901","full_name":"Dziwok, Stefan","first_name":"Stefan"},{"first_name":"Matthias","orcid":"https://orcid.org/0000-0003-2465-9347","last_name":"Becker","full_name":"Becker, Matthias","id":"4870"},{"first_name":"Matthias","full_name":"Heinrich, Matthias","last_name":"Heinrich"}],"date_created":"2020-11-13T08:34:51Z","date_updated":"2022-01-06T06:54:26Z","citation":{"apa":"Pasic, F., Wohlers, B., Dziwok, S., Becker, M., &#38; Heinrich, M. (2019). A KPI-based Condition Monitoring System for the Beer Brewing Process. <i>2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA)</i>, 1469–1472.","mla":"Pasic, Faruk, et al. “A KPI-Based Condition Monitoring System for the Beer Brewing Process.” <i>2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA)</i>, 2019, pp. 1469–72.","short":"F. Pasic, B. Wohlers, S. Dziwok, M. Becker, M. Heinrich, in: 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), 2019, pp. 1469–1472.","bibtex":"@inproceedings{Pasic_Wohlers_Dziwok_Becker_Heinrich_2019, title={A KPI-based Condition Monitoring System for the Beer Brewing Process}, booktitle={2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA)}, author={Pasic, Faruk and Wohlers, Benedict and Dziwok, Stefan and Becker, Matthias and Heinrich, Matthias}, year={2019}, pages={1469–1472} }","ama":"Pasic F, Wohlers B, Dziwok S, Becker M, Heinrich M. A KPI-based Condition Monitoring System for the Beer Brewing Process. In: <i>2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA)</i>. ; 2019:1469-1472.","chicago":"Pasic, Faruk, Benedict Wohlers, Stefan Dziwok, Matthias Becker, and Matthias Heinrich. “A KPI-Based Condition Monitoring System for the Beer Brewing Process.” In <i>2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA)</i>, 1469–72, 2019.","ieee":"F. Pasic, B. Wohlers, S. Dziwok, M. Becker, and M. Heinrich, “A KPI-based Condition Monitoring System for the Beer Brewing Process,” in <i>2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA)</i>, 2019, pp. 1469–1472."},"page":"1469-1472","year":"2019","language":[{"iso":"eng"}],"user_id":"14931","department":[{"_id":"241"}],"_id":"20347","status":"public","type":"conference","publication":"2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA)"},{"citation":{"ieee":"B. Wohlers, S. Dziwok, F. Pasic, A. Lipsmeier, and M. Becker, “Monitoring and Control of Production Processes based on Key Performance Indicators for Mechatronic Systems,” <i>International Journal of Production Economics</i>, 2019.","chicago":"Wohlers, Benedict, Stefan Dziwok, Faruk Pasic, Andre Lipsmeier, and Matthias Becker. “Monitoring and Control of Production Processes Based on Key Performance Indicators for Mechatronic Systems.” <i>International Journal of Production Economics</i>, 2019.","ama":"Wohlers B, Dziwok S, Pasic F, Lipsmeier A, Becker M. Monitoring and Control of Production Processes based on Key Performance Indicators for Mechatronic Systems. <i>International Journal of Production Economics</i>. 2019.","mla":"Wohlers, Benedict, et al. “Monitoring and Control of Production Processes Based on Key Performance Indicators for Mechatronic Systems.” <i>International Journal of Production Economics</i>, 2019.","bibtex":"@article{Wohlers_Dziwok_Pasic_Lipsmeier_Becker_2019, title={Monitoring and Control of Production Processes based on Key Performance Indicators for Mechatronic Systems}, journal={International Journal of Production Economics}, author={Wohlers, Benedict and Dziwok, Stefan and Pasic, Faruk and Lipsmeier, Andre and Becker, Matthias}, year={2019} }","short":"B. Wohlers, S. Dziwok, F. Pasic, A. Lipsmeier, M. Becker, International Journal of Production Economics (2019).","apa":"Wohlers, B., Dziwok, S., Pasic, F., Lipsmeier, A., &#38; Becker, M. (2019). Monitoring and Control of Production Processes based on Key Performance Indicators for Mechatronic Systems. <i>International Journal of Production Economics</i>."},"year":"2019","title":"Monitoring and Control of Production Processes based on Key Performance Indicators for Mechatronic Systems","date_created":"2020-12-16T14:06:20Z","author":[{"first_name":"Benedict","full_name":"Wohlers, Benedict","id":"53786","last_name":"Wohlers"},{"last_name":"Dziwok","orcid":"http://orcid.org/0000-0002-8679-6673","id":"3901","full_name":"Dziwok, Stefan","first_name":"Stefan"},{"full_name":"Pasic, Faruk","id":"49576","last_name":"Pasic","first_name":"Faruk"},{"first_name":"Andre","full_name":"Lipsmeier, Andre","last_name":"Lipsmeier"},{"first_name":"Matthias","orcid":"https://orcid.org/0000-0003-2465-9347","last_name":"Becker","full_name":"Becker, Matthias","id":"4870"}],"date_updated":"2022-01-06T06:54:36Z","status":"public","abstract":[{"lang":"eng","text":"The processes for manufacturing and operating modern technical products require expertise in multiple disciplines like mechanical engineer-ing, electrical engineering, and software engineering. Assessing the current condition and quality of these processes and the machines in-volved is challenging due to the inherent complexity of the products and the required expertise in multiple engineering domains. Globaliza-tion and increasing competition make it necessary to reduce production costs while at the same time ensuring high throughput and product quality. Without the ability to precisely assess the condition and quality of production processes and involved machines, taking action to steer these metrics is nearly impossible and results in unnecessary high production costs. In our previous publications, we introduced the concept of Key Performance Indicators (KPIs) for mechatronic systems as a concept to assess the condition and quality of products and production processes in a graspable yet substantial and efficient way. In this paper, we further refine our KPI concepts und evaluate them for two different use cases: we apply our KPI concept to a manufacturing process in the mechatronic system domain and an operation process in the food production domain. We provide detailed insights in how we applied our concepts within these domains and report about lessons learned. In addition, we provide a business case estimation for our soft-ware solution that assesses the KPIs of our food production domain example."}],"type":"journal_article","publication":"International Journal of Production Economics","language":[{"iso":"eng"}],"user_id":"3901","department":[{"_id":"241"}],"_id":"20761"}]