Forschung

Publications

PEER-REVIEWED PAPERS

2025

Relationship Status: „It’s complicated“ Developer-Security Expert Dynamics in Scrum

Houda Naji, Marco Gutfleisch, Alena Naiakshina

In Proceedings of the IEEE/ACM 47th International Conference on Software Engineering (ICSE)

2024

Selling Satisfaction: A Qualitative Analysis of Cybersecurity Awareness Vendors’ Promises
Jonas Hielscher, Markus Schöps, Jens Opdenbusch, Felix Reichmann, Marco Gutfleisch, Karola Marky, Simon Parkin
In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS 2024)

Using AI Assistants in Software Development: A Qualitative Study on Security Practices and Concerns

Jan H. Klemmer, Stefan Albert Horstmann, Nikhil Patnaik, Cordelia Ludden, Cordell Burton Jr, Carson Powers, Fabio Massacci, Akond Rahman, Daniel Votipka, Heather Lipford, Awais Rashid, Alena Naiakshina, Sascha Fahl

Defying the Odds: Solana’s Unexpected Resilience in Spite of the Security Challenges Faced by Developers

Sebastien Andreina, Tobias Cloosters, Lucas Davi, Jens-Rene Giesen, Marco Gutfleisch, Ghassan Karame, Alena Naiakshina, Houda Naji

In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS 2024)

Engaging Company Developers in Security Research Studies: A Comprehensive Literature Review and Quantitative Survey

Raphael Serafini, Stefan Albert Horstmann, Alena Naiakshina

USENIX Security Symposium (USENIX 2024)

ChatGPT-Resistant Screening Instrument for Identifying Non-Programmers
Raphael Serafini, Clemens Otto, Stefan Albert Horstmann, Alena Naiakshina
In Proceedings of the 46th International Conference on Software Engineering 2024 (ICSE 2024)

Supplementary Material

„Those things are written by lawyers, and programmers are reading that.“
Mapping the Communication Gap Between Software Developers and Privacy Experts
Stefan Albert Horstmann, Samuel Domiks, Marco Gutfleisch, Mindy Tran, Yasemin Acar, Veelasha Moonsamy, Alena Naiakshina
Privacy Enhancing Technologies Symposium (PETS 2024)

2023

Security Champions Without Support:
Results from a Case Study with OWASP SAMM in a Large-Scale E-Commerce Enterprise
Marco Gutfleisch, Markus Schöps, Stefan Albert Horstmann, Daniel Wichmann, Martina Angela Sasse
Proceedings of the 2023 European Symposium on Usable Security

”As Usual, I Needed Assistance of a Seeing Person”:
Experiences and Challenges of People with Disabilities and Authentication Methods
A. Erinola, A. Buckmann, J. Friedauer, A. Yardim and M. Sasse
2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

On the Recruitment of Company Developers for Security Studies: Results from a Qualitative Interview Study
Raphael Serafini, Marco Gutfleisch, Stefan Albert Horstmann, Alena Naiakshina
Symposium on Usable Privacy and Security (SOUPS 2023)

2022

Let’s Hash: Helping Developers with Password Security
Lisa Geierhaas, Anna-Marie Ortloff, Matthew Smith, Alena Naiakshina
Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)

Testing Screener Questions for Software Developer Studies with Time Limits
Anastasia Danilova, Stefan Horstmann, Matthew Smith, Alena Naiakshina
In Proceedings of the 44rd International Conference on Software Engineering 2022 (ICSE 2022)

2021

Do you really code? Designing and Evaluating Screening Questions for Online Surveys with Programmers
Anastasia Danilova, Alena Naiakshina, Stefan Horstmann, Matthew Smith
In Proceedings of the 43rd International Conference on Software Engineering 2021 (ICSE 2021)

Code Reviewing as Methodology for Online Security Studies with Developers – A Case Study with Freelancers on Password Storage
Anastasia Danilova, Alena Naiakshina, Anna Rasgauski, Matthew Smith
Symposium on Usable Privacy and Security (SOUPS 2021)

2020

On Conducting Security Developer Studies with CS Students: Examining a Password-Storage Study with CS Students, Freelancers, and Company Developers
Alena Naiakshina, Anastasia Danilova, Eva Gerlitz, Matthew Smith
In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (CHI 2020)

One Size Does Not Fit All: A Grounded Theory and Online Survey Study of Developer Preferences for Security Warning Types
Anastasia Danilova, Alena Naiakshina, Matthew Smith
In Proceedings of the 42nd International Conference on Software Engineering 2020 (ICSE 2020)

Replication: On the Ecological Validity of Online Security Developer Studies: Exploring Deception in a Password-Storage Study with Freelancers
Anastasia Danilova, Alena Naiakshina, Johanna Deuter, Matthew Smith
Symposium on Usable Privacy and Security (SOUPS 2020)

2019

“If you want, I can store the encrypted password.” A Password-Storage Field Study with Freelance Developers (Honorable Mention)
Alena Naiakshina, Anastasia Danilova, Eva Gerlitz, Emanuel von Zezschwitz, Matthew Smith
In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (CHI 2019)

“In Encryption We Don’t Trust: The Effect of End-To-End Encryption to the Masses on User Perception”
Sergej Dechand, Alena Naiakshina, Anastasia Danilova, Matthew Smith
IEEE European Symposium on Security and Privacy (Euro S&P 2019)

2018

Deception Task Design in Developer Password Studies: Exploring a Student Sample
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Matthew Smith
Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018)

2017

Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study
Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Marco Herzog, Sergej Dechand, Matthew Smith
In Proceedings of the 2017 ACM SIGSAC Conference on Computer and
Communications Security (CCS 2017)

Obstacles to the Adoption of Secure Communication Tools
Ruba Abu-Salma, M. Angela Sasse, Joseph Bonneau, Anastasia Danilova, Alena Naiakshina, Matthew Smith
IEEE Symposium on Security and Privacy (S&P 2017)