83 Publications
2024 | Conference Paper | LibreCat-ID: 54863
J. Schmüser et al., “Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on Twitter,” in Proceedings of the CHI Conference on Human Factors in Computing Systems, CHI 2024, Honolulu, HI, USA, May 11-16, 2024, 2024, p. 574:1–574:16, doi: 10.1145/3613904.3642826.
LibreCat
| DOI
2024 | Conference Paper | LibreCat-ID: 54862
L. Boughton, C. Miller, Y. Acar, D. Wermke, and C. Kästner, “Decomposing and Measuring Trust in Open-Source Software Supply Chains,” in Proceedings of the 2024 {ACM/IEEE} 44th International Conference on Software Engineering: New Ideas and Emerging Results, NIER@ICSE 2024, Lisbon, Portugal, April 14-20, 2024, 2024, pp. 57–61, doi: 10.1145/3639476.3639775.
LibreCat
| DOI
2024 | Journal Article | LibreCat-ID: 54864
S. A. Horstmann et al., “‘Those things are written by lawyers, and programmers are reading that.’ Mapping the Communication Gap Between Software Developers and Privacy Experts,” Proc. Priv. Enhancing Technol., vol. 2024, no. 1, pp. 151–170, 2024, doi: 10.56553/POPETS-2024-0010.
LibreCat
| DOI
2024 | Conference Paper | LibreCat-ID: 55633
S. Höltervennhoff et al., “A Mixed-Methods Study on User Experiences and Challenges of Recovery Codes for an End-to-End Encrypted Service,” in 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024, 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55632
K. Fischer, I. Trummová, P. Gajland, Y. Acar, S. Fahl, and M. A. Sasse, “The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with Experts,” in 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024, 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55634
M. Fourné et al., “‘These results must be false’: A usability evaluation of constant-time analysis tools,” in 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024, 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55636
N. Huaman et al., “‘You have to read 50 different RFCs that contradict each other’: An Interview Study on the Experiences of Implementing Cryptographic Standards,” in 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024, 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55641
K. Panahi, S. Robertson, Y. Acar, A. G. Bardas, T. Kohno, and L. Simko, “"But they have overlooked a few things in Afghanistan: " An Analysis of the Integration of Biometric Voter Verification in the 2019 Afghan Presidential Elections,” in 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024, 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55642
H. S. Ramulu, H. Schmitt, D. Wermke, and Y. Acar, “Security and Privacy Software Creators’ Perspectives on Unintended Consequences,” in 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024, 2024.
LibreCat
2024 | Journal Article | LibreCat-ID: 58368
N. Zahan et al., “S3C2 Summit 2023-11: Industry Secure Supply Chain Summit,” CoRR, vol. abs/2408.16529, 2024, doi: 10.48550/ARXIV.2408.16529.
LibreCat
| DOI
2024 | Journal Article | LibreCat-ID: 58369
G. Tystahl et al., “S3C2 Summit 2024-03: Industry Secure Supply Chain Summit,” CoRR, vol. abs/2405.08762, 2024, doi: 10.48550/ARXIV.2405.08762.
LibreCat
| DOI
2024 | Conference Paper | LibreCat-ID: 56624 | 
A. Kostan, S. Olschar, L. Simko, and Y. Acar, “Exploring digital security and privacy in relative poverty in Germany through qualitative interviews,” in 33rd USENIX Security Symposium (USENIX Security 24), 2024, pp. 2029–2046.
LibreCat
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 47306
F. Herbert et al., “A World Full of Privacy and Security (Mis)conceptions? Findings of a Representative Survey in 12 Countries,” in Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems, CHI 2023, Hamburg, Germany, April 23-28, 2023, 2023, p. 582:1–582:23, doi: 10.1145/3544548.3581410.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47304
D. Wermke et al., “‘Always Contribute Back’: A Qualitative Study on Security Challenges of the Open Source Supply Chain,” in 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023, 2023, pp. 1545–1560, doi: 10.1109/SP46215.2023.10179378.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47299
A. Krause, J. H. Klemmer, N. Huaman, D. Wermke, Y. Acar, and S. Fahl, “Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories,” in 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47310
M. Fourné, D. Wermke, W. Enck, S. Fahl, and Y. Acar, “It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security,” in 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023, 2023, pp. 1527–1544, doi: 10.1109/SP46215.2023.10179320.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47311
C. W. Munyendo, Y. Acar, and A. J. Aviv, “‘In Eighty Percent of the Cases, I Select the Password for Them’: Security and Privacy Challenges, Advice, and Opportunities at Cybercafes in Kenya,” in 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023, 2023, pp. 570–587, doi: 10.1109/SP46215.2023.10179410.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47303
D. Keküllüoglu and Y. Acar, “‘We are a startup to the core’: A qualitative interview study on the security and privacy development practices in Turkish software startups,” in 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023, 2023, pp. 2015–2031, doi: 10.1109/SP46215.2023.10179339.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47296
T. Kohno, Y. Acar, and W. Loh, “Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations,” CoRR, vol. abs/2302.14326, 2023, doi: 10.48550/arXiv.2302.14326.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47305
S. Amft, S. Höltervennhoff, N. Huaman, Y. Acar, and S. Fahl, “‘Would You Give the Same Priority to the Bank and a Game? I Do Not!’ Exploring Credential Management Strategies and Obstacles during Password Manager Setup,” in Nineteenth Symposium on Usable Privacy and Security, SOUPS 2023, Anaheim, CA, USA, August 5-7, 2023, 2023, pp. 171–190.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47301
S. Höltervennhoff, P. Klostermeyer, N. Wöhler, Y. Acar, and S. Fahl, “‘I wouldn’t want my unsafe code to run my pacemaker’: An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust,” in 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47298
J. Mink, H. Kaur, J. Schmüser, S. Fahl, and Y. Acar, “‘Security is not my field, I’m a stats guy’: A Qualitative Root Cause Analysis of Barriers to Adversarial Machine Learning Defenses in Industry,” in 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47842
M. Fourné, D. Wermke, W. Enck, S. Fahl, and Y. Acar, “It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security,” 2023, doi: 10.1109/sp46215.2023.10179320.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47295
S. Amft et al., “Lost and not Found: An Investigation of Recovery Methods for Multi-Factor Authentication,” CoRR, vol. abs/2306.09708, 2023, doi: 10.48550/arXiv.2306.09708.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47294
M. Tran et al., “S3C2 Summit 2202-09: Industry Secure Suppy Chain Summit,” CoRR, vol. abs/2307.15642, 2023, doi: 10.48550/arXiv.2307.15642.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47293
T. Dunlap et al., “S3C2 Summit 2023-02: Industry Secure Supply Chain Summit,” CoRR, vol. abs/2307.16557, 2023, doi: 10.48550/arXiv.2307.16557.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47292
W. Enck, Y. Acar, M. Cukier, A. Kapravelos, C. Kästner, and L. A. Williams, “S3C2 Summit 2023-06: Government Secure Supply Chain Summit,” CoRR, vol. abs/2308.06850, 2023, doi: 10.48550/arXiv.2308.06850.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47300
T. Kohno, Y. Acar, and W. Loh, “Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations,” in 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47312
L. Neil, H. Sri Ramulu, Y. Acar, and B. Reaves, “Who Comes Up with this Stuff? Interviewing Authors to Understand How They Produce Security Advice,” in Nineteenth Symposium on Usable Privacy and Security, SOUPS 2023, Anaheim, CA, USA, August 5-7, 2023, 2023, pp. 283–299.
LibreCat
2023 | Journal Article | LibreCat-ID: 47291
J. H. Klemmer, M. Gutfleisch, C. Stransky, Y. Acar, M. A. Sasse, and S. Fahl, “‘Make Them Change it Every Week!’: A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication,” CoRR, vol. abs/2309.00744, 2023, doi: 10.48550/arXiv.2309.00744.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 53362
S. Amft et al., “‘We’ve Disabled MFA for You’: An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments,” in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS 2023, Copenhagen, Denmark, November 26-30, 2023, 2023, pp. 3138–3152, doi: 10.1145/3576915.3623180.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 49438
S. Krüger et al., “Securing Your Crypto-API Usage Through Tool Support - A Usability Study,” 2023, doi: 10.1109/secdev56634.2023.00015.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 53369
S. Amft et al., “‘We’ve Disabled MFA for You’: An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments,” in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023, pp. 3138–3152.
LibreCat
2023 | Journal Article | LibreCat-ID: 53368
M. Fourné, D. Wermke, S. Fahl, and Y. Acar, “A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda,” IEEE Security & Privacy, vol. 21, no. 6, pp. 59–63, 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 53366
M. Tran et al., “Security, Privacy, and Data-sharing Trade-offs When Moving to the United States: Insights from a Qualitative Study,” in 2024 IEEE Symposium on Security and Privacy (SP), 2023, pp. 4–4.
LibreCat
2023 | Journal Article | LibreCat-ID: 53348
M. Fourné, D. Wermke, S. Fahl, and Y. Acar, “A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda,” IEEE Secur. Priv., vol. 21, no. 6, pp. 59–63, 2023, doi: 10.1109/MSEC.2023.3316569.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 53352
L. Simko, H. Sri Ramulu, T. Kohno, and Y. Acar, “The Use and Non-Use of Technology During Hurricanes,” Proc. ACM Hum. Comput. Interact., vol. 7, no. CSCW2, pp. 1–54, 2023, doi: 10.1145/3610215.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 46500
J. Pottebaum et al., “Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth,” in 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Delft, Netherlands, 2023, pp. 379–385, doi: 10.1109/eurospw59978.2023.00048.
LibreCat
| Files available
| DOI
| Download (ext.)
2022 | Conference Paper | LibreCat-ID: 47289
N. Huaman et al., “If You Can’t Get Them to the Lab: Evaluating a Virtual Study Environment with Security Information Workers,” in Eighteenth Symposium on Usable Privacy and Security, SOUPS 2022, Boston, MA, USA, August 7-9, 2022, 2022, pp. 313–330.
LibreCat
2022 | Conference Paper | LibreCat-ID: 47844
J. Jancar et al., “‘They’re not that hard to mitigate’: What Cryptographic Library Developers Think About Timing Attacks,” 2022, doi: 10.1109/sp46214.2022.9833713.
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47286
M. Gutfleisch, J. H. Klemmer, N. Busch, Y. Acar, M. A. Sasse, and S. Fahl, “How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study,” in 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022, 2022, pp. 893–910, doi: 10.1109/SP46214.2022.9833756.
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47287
C. Stransky, O. Wiese, V. Roth, Y. Acar, and S. Fahl, “27 Years and 81 Million Opportunities Later: Investigating the Use of Email Encryption for an Entire University,” in 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022, 2022, pp. 860–875, doi: 10.1109/SP46214.2022.9833755.
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47283
H. Kaur, S. Amft, D. Votipka, Y. Acar, and S. Fahl, “Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples,” in 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022, 2022, pp. 4041–4058.
LibreCat
2022 | Journal Article | LibreCat-ID: 47290
N. Huaman, S. Amft, M. Oltrogge, Y. Acar, and S. Fahl, “They Would Do Better If They Worked Together: Interaction Problems Between Password Managers and the Web,” IEEE Secur. Priv., vol. 20, no. 2, pp. 49–60, 2022, doi: 10.1109/MSEC.2021.3123795.
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47843
D. Wermke, N. Wohler, J. H. Klemmer, M. Fourné, Y. Acar, and S. Fahl, “Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects,” 2022, doi: 10.1109/sp46214.2022.9833686.
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47288
J. Jancar et al., “‘They’re not that hard to mitigate’: What Cryptographic Library Developers Think About Timing Attacks,” in 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022, 2022, pp. 632–649, doi: 10.1109/SP46214.2022.9833713.
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47285
D. Wermke, N. Wöhler, J. H. Klemmer, M. Fourné, Y. Acar, and S. Fahl, “Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects,” in 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022, 2022, pp. 1880–1896, doi: 10.1109/SP46214.2022.9833686.
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47284
C. W. Munyendo, Y. Acar, and A. J. Aviv, “‘Desperate Times Call for Desperate Measures’: User Concerns with Mobile Loan Apps in Kenya,” in 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022, 2022, pp. 2304–2319, doi: 10.1109/SP46214.2022.9833779.
LibreCat
| DOI
2022 | Journal Article | LibreCat-ID: 47281
A. Krause, J. H. Klemmer, N. Huaman, D. Wermke, Y. Acar, and S. Fahl, “Committed by Accident: Studying Prevention and Remediation Strategies Against Secret Leakage in Source Code Repositories,” CoRR, vol. abs/2211.06213, 2022, doi: 10.48550/arXiv.2211.06213.
LibreCat
| DOI
2021 | Conference Paper | LibreCat-ID: 47265
N. Huaman et al., “A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises,” in 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, 2021, pp. 1235–1252.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47268
C. Stransky et al., “On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security,” in Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021, 2021, pp. 437–454.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47267
N. Huaman, S. Amft, M. Oltrogge, Y. Acar, and S. Fahl, “They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites,” 2021, doi: 10.1109/sp40001.2021.00094.
LibreCat
| DOI
2021 | Conference Paper | LibreCat-ID: 47266
J. M. Haney, Y. Acar, and S. Furman, “‘It’s the Company, the Government, You and I’: User Perceptions of Responsibility for Smart Home Privacy and Security,” in 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, 2021, pp. 411–428.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47264
M. Oltrogge, N. Huaman, S. Amft, Y. Acar, M. Backes, and S. Fahl, “Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications,” in 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, 2021, pp. 4347–4364.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47269
L. Neil, E. Bouma-Sims, E. Lafontaine, Y. Acar, and B. Reaves, “Investigating Web Service Account Remediation Advice,” in Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021, 2021, pp. 359–376.
LibreCat
2021 | Dissertation | LibreCat-ID: 47271
Y. Acar, Human Factors in Secure Software Development. University of Marburg, Germany, 2021.
LibreCat
2020 | Conference Paper | LibreCat-ID: 47260
D. Wermke, N. Huaman, C. Stransky, N. Busch, Y. Acar, and S. Fahl, “Cloudy with a Chance of Misconceptions: Exploring Users’ Perceptions and Expectations of Security and Privacy in Cloud Office Suites,” in Sixteenth Symposium on Usable Privacy and Security, SOUPS 2020, August 7-11, 2020, 2020, pp. 359–377.
LibreCat
2020 | Conference Paper | LibreCat-ID: 47262
P. L. Gorski, Y. Acar, L. Lo Iacono, and S. Fahl, “Listen to Developers! A Participatory Design Study on Security Warnings for Cryptographic APIs,” 2020, doi: 10.1145/3313831.3376142.
LibreCat
| DOI
2020 | Conference Paper | LibreCat-ID: 47879
J. Haney, S. Furman, and Y. Acar, “Smart Home Security and Privacy Mitigations: Consumer Perceptions, Practices, and Challenges,” 2020.
LibreCat
2018 | Conference Paper | LibreCat-ID: 47253
Y. Wu, P. Gupta, M. Wei, Y. Acar, S. Fahl, and B. Ur, “Your Secrets Are Safe,” 2018, doi: 10.1145/3178876.3186088.
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 47255
J. M. Haney, M. Theofanos, Y. Acar, and S. S. Prettyman, “‘We make it a big deal in the company’: Security Mindsets in Organizations that Develop Cryptographic Products,” in Fourteenth Symposium on Usable Privacy and Security, SOUPS 2018, Baltimore, MD, USA, August 12-14, 2018, 2018, pp. 357–373.
LibreCat
2018 | Conference Paper | LibreCat-ID: 47256
P. L. Gorski et al., “Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse,” in Fourteenth Symposium on Usable Privacy and Security, SOUPS 2018, Baltimore, MD, USA, August 12-14, 2018, 2018, pp. 265–281.
LibreCat
2018 | Conference Paper | LibreCat-ID: 47254
M. Oltrogge et al., “The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators,” 2018, doi: 10.1109/sp.2018.00005.
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 47252
D. Wermke, N. Huaman, Y. Acar, B. Reaves, P. Traynor, and S. Fahl, “A Large Scale Investigation of Obfuscation Use in Google Play,” in Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, December 03-07, 2018, 2018, pp. 222–235, doi: 10.1145/3274694.3274726.
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47249
E. Derr, S. Bugiel, S. Fahl, Y. Acar, and M. Backes, “Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android,” 2017, doi: 10.1145/3133956.3134059.
LibreCat
| DOI
2017 | Journal Article | LibreCat-ID: 47309
Y. Acar, M. Backes, S. Fahl, D. Kim, M. L. Mazurek, and C. Stransky, “How Internet Resources Might Be Helping You Develop Faster but Less Securely,” IEEE Secur. Priv., vol. 15, no. 2, pp. 50–60, 2017, doi: 10.1109/MSP.2017.24.
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47245
C. Stransky et al., “Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers,” in 10th USENIX Workshop on Cyber Security Experimentation and Test, CSET 2017, Vancouver, BC, Canada, August 14, 2017, 2017.
LibreCat
2017 | Conference Paper | LibreCat-ID: 47243
F. Fischer et al., “Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security,” in 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22-26, 2017, 2017, pp. 121–136, doi: 10.1109/SP.2017.31.
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47250
D. C. Nguyen, D. Wermke, Y. Acar, M. Backes, C. Weir, and S. Fahl, “A Stitch in Time: Supporting Android Developers in Writing Secure Code,” 2017, doi: 10.1145/3133956.3133977.
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47248
Y. Acar, C. Stransky, D. Wermke, C. Weir, M. L. Mazurek, and S. Fahl, “Developers Need Support, Too: A Survey of Security Advice for Software Developers,” 2017, doi: 10.1109/secdev.2017.17.
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47242
Y. Acar, S. Fahl, and M. L. Mazurek, “You are Not Your Developer, Either: A Research Agenda for Usable Security and Privacy Research Beyond End Users,” 2017, doi: 10.1109/secdev.2016.013.
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47246
Y. Acar et al., “Comparing the Usability of Cryptographic APIs,” 2017, doi: 10.1109/sp.2017.52.
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47244
Y. Acar, C. Stransky, D. Wermke, M. L. Mazurek, and S. Fahl, “Security Developer Studies with GitHub Users: Exploring a Convenience Sample,” in Thirteenth Symposium on Usable Privacy and Security, SOUPS 2017, Santa Clara, CA, USA, July 12-14, 2017, 2017, pp. 81–95.
LibreCat
2016 | Conference Paper | LibreCat-ID: 47240
Y. Acar, M. Backes, S. Bugiel, S. Fahl, P. McDaniel, and M. Smith, “SoK: Lessons Learned from Android Security Research for Appified Software Platforms,” 2016, doi: 10.1109/sp.2016.33.
LibreCat
| DOI
2016 | Conference Paper | LibreCat-ID: 47239
S. Dechand, D. Schürmann, K. Busse, Y. Acar, S. Fahl, and M. Smith, “An Empirical Study of Textual Key-Fingerprint Representations,” in 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016, 2016, pp. 193–208.
LibreCat
2016 | Conference Paper | LibreCat-ID: 47241
Y. Acar, M. Backes, S. Fahl, D. Kim, M. L. Mazurek, and C. Stransky, “You Get Where You’re Looking for: The Impact of Information Sources on Code Security,” 2016, doi: 10.1109/sp.2016.25.
LibreCat
| DOI
2015 | Conference Paper | LibreCat-ID: 47233
H. Perl et al., “VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits,” 2015, doi: 10.1145/2810103.2813604.
LibreCat
| DOI
2015 | Conference Paper | LibreCat-ID: 47232
M. Oltrogge, Y. Acar, S. Dechand, M. Smith, and S. Fahl, “To Pin or Not to Pin-Helping App Developers Bullet Proof Their TLS Connections,” in 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015, 2015, pp. 239–254.
LibreCat
2014 | Conference Paper | LibreCat-ID: 47162
S. Fahl, Y. Acar, H. Perl, and M. Smith, “Why eve and mallory (also) love webmasters,” 2014, doi: 10.1145/2590296.2590341.
LibreCat
| DOI
2013 | Conference Paper | LibreCat-ID: 47161
S. Fahl, M. Harbach, Y. Acar, and M. Smith, “On the ecological validity of a password study,” 2013, doi: 10.1145/2501604.2501617.
LibreCat
| DOI
83 Publications
2024 | Conference Paper | LibreCat-ID: 54863
J. Schmüser et al., “Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on Twitter,” in Proceedings of the CHI Conference on Human Factors in Computing Systems, CHI 2024, Honolulu, HI, USA, May 11-16, 2024, 2024, p. 574:1–574:16, doi: 10.1145/3613904.3642826.
LibreCat
| DOI
2024 | Conference Paper | LibreCat-ID: 54862
L. Boughton, C. Miller, Y. Acar, D. Wermke, and C. Kästner, “Decomposing and Measuring Trust in Open-Source Software Supply Chains,” in Proceedings of the 2024 {ACM/IEEE} 44th International Conference on Software Engineering: New Ideas and Emerging Results, NIER@ICSE 2024, Lisbon, Portugal, April 14-20, 2024, 2024, pp. 57–61, doi: 10.1145/3639476.3639775.
LibreCat
| DOI
2024 | Journal Article | LibreCat-ID: 54864
S. A. Horstmann et al., “‘Those things are written by lawyers, and programmers are reading that.’ Mapping the Communication Gap Between Software Developers and Privacy Experts,” Proc. Priv. Enhancing Technol., vol. 2024, no. 1, pp. 151–170, 2024, doi: 10.56553/POPETS-2024-0010.
LibreCat
| DOI
2024 | Conference Paper | LibreCat-ID: 55633
S. Höltervennhoff et al., “A Mixed-Methods Study on User Experiences and Challenges of Recovery Codes for an End-to-End Encrypted Service,” in 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024, 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55632
K. Fischer, I. Trummová, P. Gajland, Y. Acar, S. Fahl, and M. A. Sasse, “The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with Experts,” in 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024, 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55634
M. Fourné et al., “‘These results must be false’: A usability evaluation of constant-time analysis tools,” in 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024, 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55636
N. Huaman et al., “‘You have to read 50 different RFCs that contradict each other’: An Interview Study on the Experiences of Implementing Cryptographic Standards,” in 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024, 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55641
K. Panahi, S. Robertson, Y. Acar, A. G. Bardas, T. Kohno, and L. Simko, “"But they have overlooked a few things in Afghanistan: " An Analysis of the Integration of Biometric Voter Verification in the 2019 Afghan Presidential Elections,” in 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024, 2024.
LibreCat
2024 | Conference Paper | LibreCat-ID: 55642
H. S. Ramulu, H. Schmitt, D. Wermke, and Y. Acar, “Security and Privacy Software Creators’ Perspectives on Unintended Consequences,” in 33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024, 2024.
LibreCat
2024 | Journal Article | LibreCat-ID: 58368
N. Zahan et al., “S3C2 Summit 2023-11: Industry Secure Supply Chain Summit,” CoRR, vol. abs/2408.16529, 2024, doi: 10.48550/ARXIV.2408.16529.
LibreCat
| DOI
2024 | Journal Article | LibreCat-ID: 58369
G. Tystahl et al., “S3C2 Summit 2024-03: Industry Secure Supply Chain Summit,” CoRR, vol. abs/2405.08762, 2024, doi: 10.48550/ARXIV.2405.08762.
LibreCat
| DOI
2024 | Conference Paper | LibreCat-ID: 56624 |
A. Kostan, S. Olschar, L. Simko, and Y. Acar, “Exploring digital security and privacy in relative poverty in Germany through qualitative interviews,” in 33rd USENIX Security Symposium (USENIX Security 24), 2024, pp. 2029–2046.
LibreCat
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 47306
F. Herbert et al., “A World Full of Privacy and Security (Mis)conceptions? Findings of a Representative Survey in 12 Countries,” in Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems, CHI 2023, Hamburg, Germany, April 23-28, 2023, 2023, p. 582:1–582:23, doi: 10.1145/3544548.3581410.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47304
D. Wermke et al., “‘Always Contribute Back’: A Qualitative Study on Security Challenges of the Open Source Supply Chain,” in 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023, 2023, pp. 1545–1560, doi: 10.1109/SP46215.2023.10179378.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47299
A. Krause, J. H. Klemmer, N. Huaman, D. Wermke, Y. Acar, and S. Fahl, “Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories,” in 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47310
M. Fourné, D. Wermke, W. Enck, S. Fahl, and Y. Acar, “It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security,” in 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023, 2023, pp. 1527–1544, doi: 10.1109/SP46215.2023.10179320.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47311
C. W. Munyendo, Y. Acar, and A. J. Aviv, “‘In Eighty Percent of the Cases, I Select the Password for Them’: Security and Privacy Challenges, Advice, and Opportunities at Cybercafes in Kenya,” in 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023, 2023, pp. 570–587, doi: 10.1109/SP46215.2023.10179410.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47303
D. Keküllüoglu and Y. Acar, “‘We are a startup to the core’: A qualitative interview study on the security and privacy development practices in Turkish software startups,” in 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023, 2023, pp. 2015–2031, doi: 10.1109/SP46215.2023.10179339.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47296
T. Kohno, Y. Acar, and W. Loh, “Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations,” CoRR, vol. abs/2302.14326, 2023, doi: 10.48550/arXiv.2302.14326.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47305
S. Amft, S. Höltervennhoff, N. Huaman, Y. Acar, and S. Fahl, “‘Would You Give the Same Priority to the Bank and a Game? I Do Not!’ Exploring Credential Management Strategies and Obstacles during Password Manager Setup,” in Nineteenth Symposium on Usable Privacy and Security, SOUPS 2023, Anaheim, CA, USA, August 5-7, 2023, 2023, pp. 171–190.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47301
S. Höltervennhoff, P. Klostermeyer, N. Wöhler, Y. Acar, and S. Fahl, “‘I wouldn’t want my unsafe code to run my pacemaker’: An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust,” in 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47298
J. Mink, H. Kaur, J. Schmüser, S. Fahl, and Y. Acar, “‘Security is not my field, I’m a stats guy’: A Qualitative Root Cause Analysis of Barriers to Adversarial Machine Learning Defenses in Industry,” in 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47842
M. Fourné, D. Wermke, W. Enck, S. Fahl, and Y. Acar, “It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security,” 2023, doi: 10.1109/sp46215.2023.10179320.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47295
S. Amft et al., “Lost and not Found: An Investigation of Recovery Methods for Multi-Factor Authentication,” CoRR, vol. abs/2306.09708, 2023, doi: 10.48550/arXiv.2306.09708.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47294
M. Tran et al., “S3C2 Summit 2202-09: Industry Secure Suppy Chain Summit,” CoRR, vol. abs/2307.15642, 2023, doi: 10.48550/arXiv.2307.15642.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47293
T. Dunlap et al., “S3C2 Summit 2023-02: Industry Secure Supply Chain Summit,” CoRR, vol. abs/2307.16557, 2023, doi: 10.48550/arXiv.2307.16557.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 47292
W. Enck, Y. Acar, M. Cukier, A. Kapravelos, C. Kästner, and L. A. Williams, “S3C2 Summit 2023-06: Government Secure Supply Chain Summit,” CoRR, vol. abs/2308.06850, 2023, doi: 10.48550/arXiv.2308.06850.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 47300
T. Kohno, Y. Acar, and W. Loh, “Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations,” in 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 47312
L. Neil, H. Sri Ramulu, Y. Acar, and B. Reaves, “Who Comes Up with this Stuff? Interviewing Authors to Understand How They Produce Security Advice,” in Nineteenth Symposium on Usable Privacy and Security, SOUPS 2023, Anaheim, CA, USA, August 5-7, 2023, 2023, pp. 283–299.
LibreCat
2023 | Journal Article | LibreCat-ID: 47291
J. H. Klemmer, M. Gutfleisch, C. Stransky, Y. Acar, M. A. Sasse, and S. Fahl, “‘Make Them Change it Every Week!’: A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication,” CoRR, vol. abs/2309.00744, 2023, doi: 10.48550/arXiv.2309.00744.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 53362
S. Amft et al., “‘We’ve Disabled MFA for You’: An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments,” in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS 2023, Copenhagen, Denmark, November 26-30, 2023, 2023, pp. 3138–3152, doi: 10.1145/3576915.3623180.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 49438
S. Krüger et al., “Securing Your Crypto-API Usage Through Tool Support - A Usability Study,” 2023, doi: 10.1109/secdev56634.2023.00015.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 53369
S. Amft et al., “‘We’ve Disabled MFA for You’: An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments,” in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023, pp. 3138–3152.
LibreCat
2023 | Journal Article | LibreCat-ID: 53368
M. Fourné, D. Wermke, S. Fahl, and Y. Acar, “A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda,” IEEE Security & Privacy, vol. 21, no. 6, pp. 59–63, 2023.
LibreCat
2023 | Conference Paper | LibreCat-ID: 53366
M. Tran et al., “Security, Privacy, and Data-sharing Trade-offs When Moving to the United States: Insights from a Qualitative Study,” in 2024 IEEE Symposium on Security and Privacy (SP), 2023, pp. 4–4.
LibreCat
2023 | Journal Article | LibreCat-ID: 53348
M. Fourné, D. Wermke, S. Fahl, and Y. Acar, “A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda,” IEEE Secur. Priv., vol. 21, no. 6, pp. 59–63, 2023, doi: 10.1109/MSEC.2023.3316569.
LibreCat
| DOI
2023 | Journal Article | LibreCat-ID: 53352
L. Simko, H. Sri Ramulu, T. Kohno, and Y. Acar, “The Use and Non-Use of Technology During Hurricanes,” Proc. ACM Hum. Comput. Interact., vol. 7, no. CSCW2, pp. 1–54, 2023, doi: 10.1145/3610215.
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 46500
J. Pottebaum et al., “Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth,” in 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Delft, Netherlands, 2023, pp. 379–385, doi: 10.1109/eurospw59978.2023.00048.
LibreCat
| Files available
| DOI
| Download (ext.)
2022 | Conference Paper | LibreCat-ID: 47289
N. Huaman et al., “If You Can’t Get Them to the Lab: Evaluating a Virtual Study Environment with Security Information Workers,” in Eighteenth Symposium on Usable Privacy and Security, SOUPS 2022, Boston, MA, USA, August 7-9, 2022, 2022, pp. 313–330.
LibreCat
2022 | Conference Paper | LibreCat-ID: 47844
J. Jancar et al., “‘They’re not that hard to mitigate’: What Cryptographic Library Developers Think About Timing Attacks,” 2022, doi: 10.1109/sp46214.2022.9833713.
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47286
M. Gutfleisch, J. H. Klemmer, N. Busch, Y. Acar, M. A. Sasse, and S. Fahl, “How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study,” in 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022, 2022, pp. 893–910, doi: 10.1109/SP46214.2022.9833756.
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47287
C. Stransky, O. Wiese, V. Roth, Y. Acar, and S. Fahl, “27 Years and 81 Million Opportunities Later: Investigating the Use of Email Encryption for an Entire University,” in 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022, 2022, pp. 860–875, doi: 10.1109/SP46214.2022.9833755.
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47283
H. Kaur, S. Amft, D. Votipka, Y. Acar, and S. Fahl, “Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples,” in 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022, 2022, pp. 4041–4058.
LibreCat
2022 | Journal Article | LibreCat-ID: 47290
N. Huaman, S. Amft, M. Oltrogge, Y. Acar, and S. Fahl, “They Would Do Better If They Worked Together: Interaction Problems Between Password Managers and the Web,” IEEE Secur. Priv., vol. 20, no. 2, pp. 49–60, 2022, doi: 10.1109/MSEC.2021.3123795.
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47843
D. Wermke, N. Wohler, J. H. Klemmer, M. Fourné, Y. Acar, and S. Fahl, “Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects,” 2022, doi: 10.1109/sp46214.2022.9833686.
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47288
J. Jancar et al., “‘They’re not that hard to mitigate’: What Cryptographic Library Developers Think About Timing Attacks,” in 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022, 2022, pp. 632–649, doi: 10.1109/SP46214.2022.9833713.
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47285
D. Wermke, N. Wöhler, J. H. Klemmer, M. Fourné, Y. Acar, and S. Fahl, “Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects,” in 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022, 2022, pp. 1880–1896, doi: 10.1109/SP46214.2022.9833686.
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 47284
C. W. Munyendo, Y. Acar, and A. J. Aviv, “‘Desperate Times Call for Desperate Measures’: User Concerns with Mobile Loan Apps in Kenya,” in 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022, 2022, pp. 2304–2319, doi: 10.1109/SP46214.2022.9833779.
LibreCat
| DOI
2022 | Journal Article | LibreCat-ID: 47281
A. Krause, J. H. Klemmer, N. Huaman, D. Wermke, Y. Acar, and S. Fahl, “Committed by Accident: Studying Prevention and Remediation Strategies Against Secret Leakage in Source Code Repositories,” CoRR, vol. abs/2211.06213, 2022, doi: 10.48550/arXiv.2211.06213.
LibreCat
| DOI
2021 | Conference Paper | LibreCat-ID: 47265
N. Huaman et al., “A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises,” in 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, 2021, pp. 1235–1252.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47268
C. Stransky et al., “On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security,” in Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021, 2021, pp. 437–454.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47267
N. Huaman, S. Amft, M. Oltrogge, Y. Acar, and S. Fahl, “They Would do Better if They Worked Together: The Case of Interaction Problems Between Password Managers and Websites,” 2021, doi: 10.1109/sp40001.2021.00094.
LibreCat
| DOI
2021 | Conference Paper | LibreCat-ID: 47266
J. M. Haney, Y. Acar, and S. Furman, “‘It’s the Company, the Government, You and I’: User Perceptions of Responsibility for Smart Home Privacy and Security,” in 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, 2021, pp. 411–428.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47264
M. Oltrogge, N. Huaman, S. Amft, Y. Acar, M. Backes, and S. Fahl, “Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications,” in 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, 2021, pp. 4347–4364.
LibreCat
2021 | Conference Paper | LibreCat-ID: 47269
L. Neil, E. Bouma-Sims, E. Lafontaine, Y. Acar, and B. Reaves, “Investigating Web Service Account Remediation Advice,” in Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021, 2021, pp. 359–376.
LibreCat
2021 | Dissertation | LibreCat-ID: 47271
Y. Acar, Human Factors in Secure Software Development. University of Marburg, Germany, 2021.
LibreCat
2020 | Conference Paper | LibreCat-ID: 47260
D. Wermke, N. Huaman, C. Stransky, N. Busch, Y. Acar, and S. Fahl, “Cloudy with a Chance of Misconceptions: Exploring Users’ Perceptions and Expectations of Security and Privacy in Cloud Office Suites,” in Sixteenth Symposium on Usable Privacy and Security, SOUPS 2020, August 7-11, 2020, 2020, pp. 359–377.
LibreCat
2020 | Conference Paper | LibreCat-ID: 47262
P. L. Gorski, Y. Acar, L. Lo Iacono, and S. Fahl, “Listen to Developers! A Participatory Design Study on Security Warnings for Cryptographic APIs,” 2020, doi: 10.1145/3313831.3376142.
LibreCat
| DOI
2020 | Conference Paper | LibreCat-ID: 47879
J. Haney, S. Furman, and Y. Acar, “Smart Home Security and Privacy Mitigations: Consumer Perceptions, Practices, and Challenges,” 2020.
LibreCat
2018 | Conference Paper | LibreCat-ID: 47253
Y. Wu, P. Gupta, M. Wei, Y. Acar, S. Fahl, and B. Ur, “Your Secrets Are Safe,” 2018, doi: 10.1145/3178876.3186088.
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 47255
J. M. Haney, M. Theofanos, Y. Acar, and S. S. Prettyman, “‘We make it a big deal in the company’: Security Mindsets in Organizations that Develop Cryptographic Products,” in Fourteenth Symposium on Usable Privacy and Security, SOUPS 2018, Baltimore, MD, USA, August 12-14, 2018, 2018, pp. 357–373.
LibreCat
2018 | Conference Paper | LibreCat-ID: 47256
P. L. Gorski et al., “Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse,” in Fourteenth Symposium on Usable Privacy and Security, SOUPS 2018, Baltimore, MD, USA, August 12-14, 2018, 2018, pp. 265–281.
LibreCat
2018 | Conference Paper | LibreCat-ID: 47254
M. Oltrogge et al., “The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators,” 2018, doi: 10.1109/sp.2018.00005.
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 47252
D. Wermke, N. Huaman, Y. Acar, B. Reaves, P. Traynor, and S. Fahl, “A Large Scale Investigation of Obfuscation Use in Google Play,” in Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, December 03-07, 2018, 2018, pp. 222–235, doi: 10.1145/3274694.3274726.
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47249
E. Derr, S. Bugiel, S. Fahl, Y. Acar, and M. Backes, “Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android,” 2017, doi: 10.1145/3133956.3134059.
LibreCat
| DOI
2017 | Journal Article | LibreCat-ID: 47309
Y. Acar, M. Backes, S. Fahl, D. Kim, M. L. Mazurek, and C. Stransky, “How Internet Resources Might Be Helping You Develop Faster but Less Securely,” IEEE Secur. Priv., vol. 15, no. 2, pp. 50–60, 2017, doi: 10.1109/MSP.2017.24.
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47245
C. Stransky et al., “Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers,” in 10th USENIX Workshop on Cyber Security Experimentation and Test, CSET 2017, Vancouver, BC, Canada, August 14, 2017, 2017.
LibreCat
2017 | Conference Paper | LibreCat-ID: 47243
F. Fischer et al., “Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security,” in 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22-26, 2017, 2017, pp. 121–136, doi: 10.1109/SP.2017.31.
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47250
D. C. Nguyen, D. Wermke, Y. Acar, M. Backes, C. Weir, and S. Fahl, “A Stitch in Time: Supporting Android Developers in Writing Secure Code,” 2017, doi: 10.1145/3133956.3133977.
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47248
Y. Acar, C. Stransky, D. Wermke, C. Weir, M. L. Mazurek, and S. Fahl, “Developers Need Support, Too: A Survey of Security Advice for Software Developers,” 2017, doi: 10.1109/secdev.2017.17.
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47242
Y. Acar, S. Fahl, and M. L. Mazurek, “You are Not Your Developer, Either: A Research Agenda for Usable Security and Privacy Research Beyond End Users,” 2017, doi: 10.1109/secdev.2016.013.
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47246
Y. Acar et al., “Comparing the Usability of Cryptographic APIs,” 2017, doi: 10.1109/sp.2017.52.
LibreCat
| DOI
2017 | Conference Paper | LibreCat-ID: 47244
Y. Acar, C. Stransky, D. Wermke, M. L. Mazurek, and S. Fahl, “Security Developer Studies with GitHub Users: Exploring a Convenience Sample,” in Thirteenth Symposium on Usable Privacy and Security, SOUPS 2017, Santa Clara, CA, USA, July 12-14, 2017, 2017, pp. 81–95.
LibreCat
2016 | Conference Paper | LibreCat-ID: 47240
Y. Acar, M. Backes, S. Bugiel, S. Fahl, P. McDaniel, and M. Smith, “SoK: Lessons Learned from Android Security Research for Appified Software Platforms,” 2016, doi: 10.1109/sp.2016.33.
LibreCat
| DOI
2016 | Conference Paper | LibreCat-ID: 47239
S. Dechand, D. Schürmann, K. Busse, Y. Acar, S. Fahl, and M. Smith, “An Empirical Study of Textual Key-Fingerprint Representations,” in 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016, 2016, pp. 193–208.
LibreCat
2016 | Conference Paper | LibreCat-ID: 47241
Y. Acar, M. Backes, S. Fahl, D. Kim, M. L. Mazurek, and C. Stransky, “You Get Where You’re Looking for: The Impact of Information Sources on Code Security,” 2016, doi: 10.1109/sp.2016.25.
LibreCat
| DOI
2015 | Conference Paper | LibreCat-ID: 47233
H. Perl et al., “VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits,” 2015, doi: 10.1145/2810103.2813604.
LibreCat
| DOI
2015 | Conference Paper | LibreCat-ID: 47232
M. Oltrogge, Y. Acar, S. Dechand, M. Smith, and S. Fahl, “To Pin or Not to Pin-Helping App Developers Bullet Proof Their TLS Connections,” in 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015, 2015, pp. 239–254.
LibreCat
2014 | Conference Paper | LibreCat-ID: 47162
S. Fahl, Y. Acar, H. Perl, and M. Smith, “Why eve and mallory (also) love webmasters,” 2014, doi: 10.1145/2590296.2590341.
LibreCat
| DOI
2013 | Conference Paper | LibreCat-ID: 47161
S. Fahl, M. Harbach, Y. Acar, and M. Smith, “On the ecological validity of a password study,” 2013, doi: 10.1145/2501604.2501617.
LibreCat
| DOI