Dominik Wermke #

Security & privacy researcher at CISPA Helmholtz Center for Information Security and part of the TeamUSEC research group for human-centered security.

Affiliation:

CISPA,

TeamUSEC

Contact:

dominik.wermke@cispa.de, contact@[domain]

Socials:

@sun_grazer, dwermke, Google Scholar, DBLP, ORCID

Pronunciation:

[/veeːm.ke/]

I actually love all the ways people are pronouncing my last name, so feel free to go with whatever feels right.

The German pronunciation is roughly like /veeːm.ke/ in IPA. That’s “verm-ke”, with the first part like in “Verm-ont”, and the second part like in “ke-bab”.

Short Bio:

[Expand]

Dominik Wermke is a Usable Security & Privacy researcher at CISPA Helmholtz Center for Information Security and part of the TeamUSEC research group for human-centered security.

His research enables developers and administrators to deploy secure, privacy-respecting, and trust-worthy software that benefits the security of hundreds of dependent code bases, thousands of real-world deployments, and millions of end users. His research leverages this multiplicative effect by supporting open source maintainers, developers, and system administrators in the shared endeavor towards a more secure and trustworthy software ecosystem.

His work has appeared in the top-tier security venues such as IEEE S&P, USENIX Security, and ACM CCS, as well as field-specific venues such as SOUPS and ACSAC.

Publications #

Full list with citation count at Google Scholar.

"Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain

[Dominik Wermke Jan H. Klemmer Noah Wöhler Juliane Schmüser Harshini Sri Ramulu Yasemin Acar Sascha Fahl]

2023-05-24

44th IEEE Symposium on Security and Privacy

IEEE S&P '23

conference

[C13]

Dominik Wermke, Jan H. Klemmer, Noah Wöhler, Juliane Schmüser, Harshini Sri Ramulu, Yasemin Acar, and Sascha Fahl.

"Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain

IEEE S&P '23, In Proceedings of the 44th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 22-24, 2023.
It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security

[Marcel Fourné Dominik Wermke Will Enck Sascha Fahl Yasemin Acar]

2023-05-24

44th IEEE Symposium on Security and Privacy

IEEE S&P '23

conference

[C12]

Marcel Fourné, Dominik Wermke, Will Enck, Sascha Fahl, and Yasemin Acar.

It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security

IEEE S&P '23, In Proceedings of the 44th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 22-24, 2023.
If You Can’t Get Them to the Lab: Evaluating a Virtual Study Environment with Security Information Workers

[Nicolas Huaman Alexander Krause Dominik Wermke Christian Stransky Jan H. Klemmer Yasemin Acar Sascha Fahl]

2022-08-07

18th Symposium on Usable Privacy and Security

SOUPS '22

conference

[C11]

Nicolas Huaman, Alexander Krause, Dominik Wermke, Christian Stransky, Jan H. Klemmer, Yasemin Acar, and Sascha Fahl.

If You Can’t Get Them to the Lab: Evaluating a Virtual Study Environment with Security Information Workers

SOUPS '22, In Proceedings of the 18th Symposium on Usable Privacy and Security, Santa Clara, CA, USA, August 7-9, 2022.
Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects

[Dominik Wermke Noah Wöhler Jan H. Klemmer Marcel Fourné Yasemin Acar Sascha Fahl]

2022-05-26

43rd IEEE Symposium on Security and Privacy

IEEE S&P '22

conference

[C10]

Dominik Wermke, Noah Wöhler, Jan H. Klemmer, Marcel Fourné, Yasemin Acar, and Sascha Fahl.

Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects

IEEE S&P '22, In Proceedings of the 43rd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 23-26, 2022.

Distinguished Paper Award (4 out of 147 papers)
Poster: User Awareness of Phishing and WebAuthn

[Mindy Tran Sabrina Amft Dominik Wermke]

2022-05-23

43rd IEEE Symposium on Security and Privacy

IEEE S&P '22

poster

[P8]

Mindy Tran, Sabrina Amft, and Dominik Wermke.

Poster: User Awareness of Phishing and WebAuthn

IEEE S&P '22, At 43rd IEEE Symposium on Security and Privacy, May 23-26, 2022.
Poster: Committed by Accident - Prevention and Remediation Strategies Against Secret Leakage

[Alexander Krause Nicolas Huaman Dominik Wermke Yasemin Acar Sascha Fahl]

2022-05-23

43rd IEEE Symposium on Security and Privacy

IEEE S&P '22

poster

[P7]

Alexander Krause, Nicolas Huaman, Dominik Wermke, Yasemin Acar, and Sascha Fahl.

Poster: Committed by Accident - Prevention and Remediation Strategies Against Secret Leakage

IEEE S&P '22, At 43rd IEEE Symposium on Security and Privacy, May 23-26, 2022.
A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises

[Nicolas Huaman Bennet von Skarczinski Dominik Wermke Christian Stransky Yasemin Acar Arne Dreißigacker Sascha Fahl]

2021-08-11

30th USENIX Security Symposium

USENIX Sec '21

conference

[C9]

Nicolas Huaman, Bennet von Skarczinski, Dominik Wermke, Christian Stransky, Yasemin Acar, Arne Dreißigacker, and Sascha Fahl.

A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises

USENIX Sec '21, In Proceedings of the 30th USENIX Security Symposium, August 11-13, 2021.
Never ever or no matter what: Investigating Adoption Intentions and Misconceptions about the Corona-Warn-App in Germany

[Maximilian Häring Eva Gerlitz Christian Tiefenau Matthew Smith Dominik Wermke Sascha Fahl Yasemin Acar]

2021-08-08

17th Symposium on Usable Privacy and Security

SOUPS '21

conference

[C8]

Maximilian Häring, Eva Gerlitz, Christian Tiefenau, Matthew Smith, Dominik Wermke, Sascha Fahl, and Yasemin Acar.

Never ever or no matter what: Investigating Adoption Intentions and Misconceptions about the Corona-Warn-App in Germany

SOUPS '21, In Proceedings of the 17th Symposium on Usable Privacy and Security, August 8-10, 2021.
On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security

[Christian Stransky Dominik Wermke Johanna Schrader Nicolas Huaman Yasemin Acar Anna Lena Fehlhaber Miranda Wei Blase Ur Sascha Fahl]

2021-08-08

17th Symposium on Usable Privacy and Security

SOUPS '21

conference

[C7]

Christian Stransky, Dominik Wermke, Johanna Schrader, Nicolas Huaman, Yasemin Acar, Anna Lena Fehlhaber, Miranda Wei, Blase Ur, and Sascha Fahl.

On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security

SOUPS '21, In Proceedings of the 17th Symposium on Usable Privacy and Security, August 8-10, 2021.
Poster: Cybercrime in Small and Medium-sized Enterprises

[Nicolas Huaman Alexander Krause Bennet von Skarczinski Christian Stransky Dominik Wermke Yasemin Acar Arne Dreißigacker Sascha Fahl]

2021-08-08

17th Symposium on Usable Privacy and Security

SOUPS '21

poster

[P6]

Nicolas Huaman, Alexander Krause, Bennet von Skarczinski, Christian Stransky, Dominik Wermke, Yasemin Acar, Arne Dreißigacker, and Sascha Fahl.

Poster: Cybercrime in Small and Medium-sized Enterprises

SOUPS '21, At 17th Symposium on Usable Privacy and Security, August 8-10, 2021.
Cloudy with a Chance of Misconceptions: Exploring Users' Perceptions and Expectations of Security and Privacy in Cloud Office Suites

[Dominik Wermke Christian Stransky Nicolas Huaman Niklas Busch Yasemin Acar Sascha Fahl]

2020-08-12

16th Symposium on Usable Privacy and Security

SOUPS '20

conference

[C6]

Dominik Wermke, Christian Stransky, Nicolas Huaman, Niklas Busch, Yasemin Acar, and Sascha Fahl.

Cloudy with a Chance of Misconceptions: Exploring Users' Perceptions and Expectations of Security and Privacy in Cloud Office Suites

SOUPS '20, In Proceedings of the 16th Symposium on Usable Privacy and Security, August 12-14, 2020.
Poster: Perceptions of Handling Sensitive Data in Cloud Office Applications

[Dominik Wermke Christian Stransky Nicolas Huaman Niklas Busch Alexander Krause Yasemin Acar Sascha Fahl]

2020-05-18

41st IEEE Symposium on Security and Privacy

IEEE S&P '20

poster

[P5]

Dominik Wermke, Christian Stransky, Nicolas Huaman, Niklas Busch, Alexander Krause, Yasemin Acar, and Sascha Fahl.

Poster: Perceptions of Handling Sensitive Data in Cloud Office Applications

IEEE S&P '20, At 41st IEEE Symposium on Security and Privacy, May 18-20, 2020.
Towards Understanding the WhatsApp Dilemma

[Christian Stransky Dominik Wermke Johanna Schrader Nicolas Huaman Anna Lena Fehlhaber Yasemin Acar Sascha Fahl]

2019-08-14

28th USENIX Security Symposium

USENIX Sec '19

poster

[P4]

Christian Stransky, Dominik Wermke, Johanna Schrader, Nicolas Huaman, Anna Lena Fehlhaber, Yasemin Acar, and Sascha Fahl.

Poster: Towards Understanding the WhatsApp Dilemma

USENIX Sec '19, At 28th USENIX Security Symposium, Santa Clara, CA, USA, August 14-16, 2019.
Project Leine - A Virtualized Study Infrastructure

[Dominik Wermke Nicolas Huaman Christian Stransky Yasemin Acar Sascha Fahl]

2019-02-24

26th Annual Network and Distributed System Security Symposium

NDSS '19

poster

[P3]

Dominik Wermke, Nicolas Huaman, Christian Stransky, Yasemin Acar, and Sascha Fahl.

Poster: Project Leine - A Virtualized Study Infrastructure

NDSS '19, At 26th Annual Network and Distributed System Security Symposium, San Diego, California, USA, February 24-27, 2019.
A Large Scale Investigation of Obfuscation Use in Google Play

[Dominik Wermke Nicolas Huaman Yasemin Acar Bradley Reaves Patrick Traynor Sascha Fahl]

2019-02-24

26th Annual Network and Distributed System Security Symposium

NDSS '19

poster

[P2]

Dominik Wermke, Nicolas Huaman, Yasemin Acar, Bradley Reaves, Patrick Traynor, and Sascha Fahl.

Poster: A Large Scale Investigation of Obfuscation Use in Google Play

NDSS '19, At 26th Annual Network and Distributed System Security Symposium, San Diego, California, USA, February 24-27, 2019.
Replication: Do We Snooze If We Can't Lose? Modelling Risk with Incentives in Habituation User Studies

[Karoline Busse Dominik Wermke Sabrina Amft Sascha Fahl Emanuel von Zezschwitz Matthew Smith]

2019-02-24

2019 Workshop on Usable Security

USEC '19

workshop

[W2]

Karoline Busse, Dominik Wermke, Sabrina Amft, Sascha Fahl, Emanuel von Zezschwitz, and Matthew Smith.

Replication: Do We Snooze If We Can't Lose? Modelling Risk with Incentives in Habituation User Studies

USEC '19, In Proceedings of the 2019 Workshop on Usable Security, San Diego, CA, USA, February 24, 2019.
Replication: Do We Snooze If We Can't Lose? Modelling Risk with Incentives in Habituation User Studies

[Karoline Busse Dominik Wermke Sabrina Amft Sascha Fahl Emanuel von Zezschwitz Matthew Smith]

2018-08-12

14th Symposium on Usable Privacy and Security

SOUPS '18

poster

[P1]

Karoline Busse, Dominik Wermke, Sabrina Amft, Sascha Fahl, Emanuel von Zezschwitz, and Matthew Smith.

Poster: Replication: Do We Snooze If We Can't Lose? Modelling Risk with Incentives in Habituation User Studies

SOUPS '18, At 14th Symposium on Usable Privacy and Security, Baltimore, MD, USA, August 12-14, 2018.
A Large Scale Investigation of Obfuscation Use in Google Play

[Dominik Wermke Nicolas Huaman Yasemin Acar Bradley Reaves Patrick Traynor Sascha Fahl]

2018-12-03

34th Annual Computer Security Applications Conference

ACSAC '18

conference

[C5]

Dominik Wermke, Nicolas Huaman, Yasemin Acar, Bradley Reaves, Patrick Traynor, and Sascha Fahl.

A Large Scale Investigation of Obfuscation Use in Google Play

ACSAC '18, In Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, PR, USA, December 03-07, 2018.
Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse

[Peter Leo Gorski Luigi Lo Iacono Dominik Wermke Christian Stransky Sebastian Möller Yasemin Acar Sascha Fahl]

2018-08-12

14th Symposium on Usable Privacy and Security

SOUPS '18

conference

[C4]

Peter Leo Gorski, Luigi Lo Iacono, Dominik Wermke, Christian Stransky, Sebastian Möller, Yasemin Acar, and Sascha Fahl.

Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse

SOUPS '18, In Proceedings of the 14th Symposium on Usable Privacy and Security, Baltimore, MD, USA, August 12-14, 2018.
A Stitch in Time: Supporting Android Developers in Writing Secure Code

[Duc Cuong Nguyen Dominik Wermke Yasemin Acar Michael Backes Charles Weir Sascha Fahl]

2017-10-30

2017 ACM SIGSAC Conference on Computer and Communications Security

CCS '17

conference

[C3]

Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, and Sascha Fahl.

A Stitch in Time: Supporting Android Developers in Writing Secure Code

CCS '17, In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA, October 30 - November 03, 2017.
Developers Need Support, Too: A Survey of Security Advice for Software Developers

[Yasemin Acar Christian Stransky Dominik Wermke Charles Weir Michelle L. Mazurek Sascha Fahl]

2017-09-24

IEEE Secure Development Conference

SecDev '17

conference

[C2]

Yasemin Acar, Christian Stransky, Dominik Wermke, Charles Weir, Michelle L. Mazurek, and Sascha Fahl.

Developers Need Support, Too: A Survey of Security Advice for Software Developers

SecDev '17, In Proceedings of the IEEE Secure Development Conference, Cambridge, MA, USA, September 24-26, 2017.
Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers

[Christian Stransky Yasemin Acar Duc Cuong Nguyen Dominik Wermke Doowon Kim Elissa M. Redmiles Michael Backes Simson L. Garfinkel Michelle L. Mazurek Sascha Fahl]

2017-08-14

10th USENIX Workshop on Cyber Security Experimentation and Test

CSET '17

workshop

[W1]

Christian Stransky, Yasemin Acar, Duc Cuong Nguyen, Dominik Wermke, Doowon Kim, Elissa M. Redmiles, Michael Backes, Simson L. Garfinkel, Michelle L. Mazurek, and Sascha Fahl.

Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers

CSET '17, In Proceedings of the 10th USENIX Workshop on Cyber Security Experimentation and Test, Vancouver, BC, Canada, August 14, 2017.
Security Developer Studies with GitHub Users: Exploring a Convenience Sample

[Yasemin Acar Christian Stransky Dominik Wermke Michelle L. Mazurek Sascha Fahl]

2017-07-12

13th Symposium on Usable Privacy and Security

SOUPS '17

conference

[C1]

Yasemin Acar, Christian Stransky, Dominik Wermke, Michelle L. Mazurek, and Sascha Fahl.

Security Developer Studies with GitHub Users: Exploring a Convenience Sample

SOUPS '17, In Proceedings of the 13th Symposium on Usable Privacy and Security, Santa Clara, CA, USA, July 12-14, 2017.

Academic Service #

2024

IEEE S&P'24, Member of PC

2023

IEEE SecDev'23, Member of PC

ACM WiSec'23, Member of PC

2022

EuroUSEC'22, Member of PC

SOUPS'22, Member of poster jury

WSIW'22, Member of PC

WSIW'22, Web Chair

2021

SOUPS'21, Member of poster jury

2020

CoSDEO'20, Member of PC

2019

SOUPS'19, Member of poster jury

2018

CoSDEO'18, Member of PC

SOUPS'18, Member of poster jury