1. Home
  2. /
  3. Developer Centered Security
  4. /
  5. Lehre
  6. /
  7. Lehrveranstaltungen
  8. /
  9. Seminar
  10. /
  11. Seminar Topics

Seminar Topics

Important: To participate in our seminars, you are expected to apply with a short exposé (max. two pages). Simply send the exposés for the topics you are interested in to the corresponding supervisor by the 17th of March. You will get feedback on the 20th of March. The remaining topics will be assigned through the seminar distribution system.

We have a short guide to help you write a seminar exposé.

Please note that sending in an exposé does not guarantee you a topic!

Stefan

Privacy practice information:

Users must be informed about the data usage and collection of applications they use. Lacking support from privacy experts, creating these notifications often falls under the duty of software developers. Without being experts themselves, developers can face difficulties creating accurate notifications. For this reason, guidelines to aid developers are published by app stores [1] but creating accurate privacy practice information remains difficult for many [2].  Your tasks for this seminar would be to compare the publicly available guidelines, as well as summarize current scientific literature on the topic.

Literature:

[1] https://developer.apple.com/app-store/app-privacy-details/ Accessed: February 2023

[2] Li, Tianshi, et al. „Understanding Challenges for Developers to Create Accurate Privacy Nutrition Labels.“ CHI Conference on Human Factors in Computing Systems. 2022.

Developers‘ attitude towards privacy adoption

With the introduction of privacy laws like the GDPR and the CCPA, adopting privacy into software development has become an important task. As software developers are responsible for implementing privacy, their attitude towards privacy and privacy enhancing techniques play an important role. Some scientific work already exists on the topic (e.g., [1],[2]). Your tasks in the seminar would be to research additional literature on the topic and to summarize the current status presented in the literature.

[1] Hadar, Irit, et al. „Privacy by designers: software developers’ privacy mindset.“ Empirical Software Engineering 23 (2018)

[2] van der Linden, Dirk, et al. „Data, data, everywhere: quantifying software developers’ privacy attitudes.“ Socio-Technical Aspects in Security and Trust: 9th International Workshop, STAST 2019

Houda

Supporting professional developers in assessing security needs

In a company setting, developers are expected to write secure code but numerous studies show that it is not an easy task since they lack the knowledge and competence in IT security to properly assess security needs. Developers need guidance, tools, adequate processes to be able to assess security needs and reduce vulnerabilities.

In this seminar your task is to look at different ways that can support and help developers in assessing security needs and vulnerabilities.

Literature:

Braz, L., Aeberhard, C., Çalikli, G.  and Bacchelli, A. (2022) Less is More: Supporting Developers in Vulnerability Detection during Code Review. In: 44th International Conference on Software Engineering (ICSE 2022)

Hala Assal and Sonia Chiasson. 2019. ’Think secure from the beginning’ A Survey with Software Developers. In Proceedings of the 2019 CHI conference on human factors in computing systems.

Raphael

Current security research with professional software developer

In recent years, more and more research is conducted with professional software developers on how to support them in implementing secure code. However, many researchers are conducting developer studies with participants recruited from platforms (e.g., Mturk, Prolific, Freelancer.com), where it isn’t clear how well this sample reflects actual professional software developers, who are working for a software development company. While there has been some research on the difference between these two types of developers, there is still much to learn.

Task:

During this seminar work, you will conduct a literature research on security studies with professional software developers (developers who are working in a company as a software developer) This includes:

-Differentiating between professional software developers and non-professional software developers

-Giving an overview of research involving professional software developers involving security

Starting Literature:

Survey on developer-centered security:

[1] Tahaei and K. Vaniea, „A Survey on Developer-Centred Security,“ 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2019, pp. 129-138, doi: 10.1109/EuroSPW.2019.00021 

Please note that while this paper is called „A Survey on Developer-Centred Security“ it includes many studies which used developers who are not working in a company. Your task is to find other papers as well.

Types of Software Developer

While there are many studies using software developers as participants, there is no consensus on what constitutes software developer. Some speak of participants with programming skills, others differentiate between software developers and professional software developers, still others use CS students or recruit participants from crowdsourcing or freelance platforms for developer studies.

In addition, there are different types of software developers working in different domains, such as mobile or web development or cloud computing. Software developers can also differ in the education they received. Some may be self-taught, others attained an academic degree, and again others may have received their education at a trade school.

Task:

In this seminar work, you will conduct a literature research on the different types and definitions of software developers and similar groups, such as CS students, and the challenges they face when developing software in their domain. This includes:

-Defining different types of software developers
-Give examples of studies conducting research with these types of software developers

Starting Literature:

This is a survey on developer-centered security from 2019, which will provide you with a starting list of developer studies. Since, this overview was published, many more developer studies have been published as well

[1] Tahaei and K. Vaniea, „A Survey on Developer-Centred Security,“ 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2019, pp. 129-138, doi: 10.1109/EuroSPW.2019.00021

Asli

How does the company culture affect security implementation?

The software development lifecycle includes various stages and involves multiple entities, such as developers, customers, managers, designers, etc. In addition to software developers’ skills and awareness, there are many different factors influencing security implementation in companies. Company culture is one of these factors. Your task in this seminar will be to find out which factors in company culture support security implementation and how can we address them? Additionally, what does a support system for developers look like?

Literature

[1] Marco Gutfleisch, Jan H. Klemmer, Niklas Busch, Yasemin Acar, M. Angela Sasse, and Sascha Fahl. „How does usable security (not) end up in software products? results from a qualitative interview study.” In 43rd IEEE Symposium on Security and Privacy, IEEE S&P 2022, May 22-26, 2022.

[2] Andreas Poller, Laura Kocksch, Sven Türpe, Felix Anand Epp, and Katharina Kinder-Kurlanda. 2017. “Can Security Become a Routine? A Study of Organizational Change in an Agile Software Development Group.” In Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing (CSCW ’17).