Forschungsbericht 2025
Software Security E-22
Leitung: Scandariato, Riccardo
Institut auf TORE
Institutswebsite
Publikationen
-
Beyond prompting: the role of phrasing tasks in vulnerability prediction for Java - Journal Article
Hinrichs, Torge; Iannone, Emanuele; Scandariato, Riccardo
Cybersecurity 8: 111 (2025)
Open Access | Publisher DOI
-
Discrete prompt optimization using genetic algorithm for secure Python code generation - Journal Article
Tony, Catherine; Pintor, Maura; Kretschmann, Max; Scandariato, Riccardo
Journal of Systems and Software 232: 112682 (2026) Open Access | Publisher DOI
-
Automatic Rule Checking for Microservices: Supporting Security Analysis with Explainability - Journal Article
Schneider, Simon Malte; Queval, Pierre-Jean; Milánkovich, Ákos; Díaz Ferreyra, Nicolás; Zdun, Uwe; Scandariato, Riccardo
ACM transactions on software engineering and methodology (in Press): (2025)
Publisher DOI
-
Prompting techniques for secure code generation: a systematic investigation - Journal Article
Tony, Catherine; Díaz Ferreyra, Nicolás E.; Mutas, Markus; Dhif, Salem; Scandariato, Riccardo
ACM transactions on software engineering and methodology 34 (4): 1-53 (2025) Open Access | Publisher DOI
-
Comparison of static analysis architecture recovery tools for microservice applications - Journal Article
Schneider, Simon Malte; Bakhtin, Alexander; Li, Xiaozhou; Soldani, Jacopo; Brogi, Antonio; Cerny, Tomas; Scandariato, Riccardo; Taibi, Davide
Empirical Software Engineering 30 (5): 128 (2025) Open Access | Publisher DOI
-
Back to the Roots: Assessing Mining Techniques for Java Vulnerability-Contributing Commits - Journal Article
Hinrichs, Torge; Iannone, Emanuele; Tamás, Aladics; Péter Hegedűs; De Lucia, Andrea; Palomba, Fabio; Scandariato, Riccardo
ACM transactions on software engineering and methodology (in Press): (2025)
Publisher DOI
-
Retrieve, Refine, or Both? Using Task-Specific Guidelines for Secure Python Code Generation - Conference Paper
Tony, Catherine; Iannone, Emanuele; Scandariato, Riccardo
41st International Conference on Software Maintenance and Evolution, ICSME 2025
Publisher DOI
-
In specs we trust? Conformance-analysis of implementation to specifications in Node-RED and associated security risks - Conference Paper
Schneider, Simon Malte; Kashish, Komal; Tuma, Katja; Scandariato, Riccardo
20th International Conference on Availability, Reliability and Security, ARES 2025
Publisher DOI
-
A taxonomy of functional security features and how they can be located - Journal Article
Hermann, Kevin; Schneider, Simon Malte; Tony, Catherine; Yardim, Asli; Peldszus, Sven; Berger, Thorsten; Scandariato, Riccardo; Sasse, M. Angela; Naiakshina, Alena
Empirical Software Engineering 30 (5): 117 (2025) Open Access | Publisher DOI
-
Impact of identifier normalization on vulnerability detection techniques - Conference Paper
Hinrichs, Torge; Diercks, Tim; Scandariato, Riccardo
IEEE International Conference on Software Analysis, Evolution and Reengineering - Companion, SANER-C 2025
Publisher DOI
-
The Good, the Bad, and the (Un)Usable: A Rapid Literature Review on Privacy as Code - Conference Paper
Díaz Ferreyra, Nicolás; Khelifi, Sirine; Arachchilage, Nalin; Scandariato, Riccardo
18th IEEE/ACM International Conference on Cooperative and Human Aspects of Software Engineering, CHASE 2025
Publisher DOI
-
The ground truth effect: investigating SZZ variants in Just-in-Time vulnerability prediction - Conference Paper
Cannavale, Alfonso; Iannone, Emanuele; Di Lillo, Gianluca; Palomba, Fabio; De Lucia, Andrea
51st Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2025
Publisher DOI
Projekte
-
Sec4AI4Sec -
Cybersecurity for AI-Augmented Systems
European Commission; Laufzeit 2023-2026
Projektleitung: Scandariato, Riccardo
Externe beteiligte Einrichtungen: University of Trento; SAP SE; Airbus Operations GmbH; University of Cagliari; Thales SIX GTS France SAS; FRONTENDART SZOFTVER KFT; Pluribus One SRL; Cefriel; VU Amsterdam; OPPIDA
