Dominik Wermke #

Hi, I am an Assistant Professor in the Department of Computer Science at North Carolina State University (NC State). I am a member of the Secure Computing Institute (SCI), the Wolfpack Security and Privacy Research (WSPR) Lab, and the Secure Software Supply Chain Center (S3C2).

My research focuses on computer security, with an emphasis on human-centered security (including but not limited to usable security), often involving software experts such as developers and maintainers.

For Prospective Students: If you are a student interested in working with me, please check out this post before reaching out: Prospective Students

My Research #

My research focuses on computer security, particularly human-centered security. I examine how security mechanisms intersect with the practices, constraints, and decision-making of software professionals and end users.

Interests:

My recent publications are available on the publications page. Some of my main research interests include:

Human-Centered Security and Privacy. Investigating how developers, security professionals, and other stakeholders understand and respond to security concerns, especially in complex environments and systems [C19, C17, C16, C11, C9].

Software Supply Chain Security. Studying how software is packaged, built, and distributed, with focus on security-relevant issues such as reproducibility, dependency management, and vulnerability metadata [C20, J1, W3, C14, C13].

Open Source Security and Trust. Analyzing practices in distributed development environments, including contribution workflows, coordination mechanisms, and the handling of vulnerabilities or secrets [C18, C15, C12, C10].

Methods:
I leverage both qualitative and quantitative methods, often in a mixed-methods approach. This includes interviews [C19, C17, C14, C13, C12, C10], large-scale analyses of software ecosystems and repositories [C20, C18, C16, C14], user experiments [C11, C8], and surveys [C14, C6] to identify behavioral patterns, systemic risks, and the practical constraints software experts encounter when engaging with security mechanisms.
Outcome:
My research supports software professionals in navigating security challenges when building, maintaining, and distributing modern software systems.

Selected Publications #

Some recent-ish publications that highlight my research interests, full list available at publications:

[C20]
Your Build Scripts Stink: The State of Code Smells in Build Scripts
Mahzabin Tamanna, Yash Chandrani, Matthew Burrows, Brandon Wroblewski, Laurie Williams, and Dominik Wermke.
ASE. In Proceedings of the 40th IEEE/ACM International Conference on Automated Software Engineering, November 16-20, 2025.
To appear
[C19]
Context Matters: Qualitative Insights into Developers’ Approaches and Challenges with Software Composition Analysis
Elizabeth Lin, Sparsha Gowda, William Enck, and Dominik Wermke.
USENIX Sec. In Proceedings of the 34th USENIX Security Symposium, August 13-15, 2025, pp. 2165-2183.
[J1]
Research Directions in Software Supply Chain Security
Laurie Williams, Giacomo Benedetti, Sivana Hamer, Ranindya Paramitha, Imranur Rahman, Mahzabin Tamanna, Greg Tystahl, Nusrat Zahan, Patrick Morrison, Yasemin Acar, Michel Cukier, Christian Kästner, Alexandros Kapravelos, Dominik Wermke, and William Enck.
TOSEM, ACM Transactions on Software Engineering and Methodology, Volume 34, Issue 5 (Nr. 146), May 26, 2025, pp. 1-38. 10.1145/3714464

Contact #

Profiles #

Mail Address #

Dominik Wermke
890 Oval Drive, Box 8206
Engineering Building II
Raleigh, NC 27695-8206

Office Hours #

Flexible appointments available via scheduling links on individual course pages. For non-course-related meetings, feel free to send an email.