@inproceedings{schmueser2024analyzing, title = {Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on Twitter}, author = {Juliane Schm{\"u}ser and Harshini Sri Ramulu and Noah W{\"o}hler and Christian Stransky and Felix Bensmann and Dimitar Dimitrov and Sebastian Schellhammer and Dominik Wermke and Stefan Dietze and Yasemin Acar and Sascha Fahl.}, year = {2024}, month = may, booktitle = {In Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI '24)}, publisher = {ACM}, date = {2024-05-11}, } @inproceedings{boughton2024decomposing, title = {Decomposing and Measuring Trust in Open-Source Software Supply Chains}, author = {Boughton, Lina and Miller, Courtney and Acar, Yasemin and Wermke, Dominik and K{\"a}stner, Christian}, year = {2024}, month = apr, booktitle = {In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering: New Ideas and Emerging Results (IEEE/ACM ICSE-NIER '24)}, publisher = {IEEE/ACM}, date = {2024-04-14}, } @article{fourne2023viewpoint, title = {A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda}, author = {Fourn\'{e}, Marcel and Wermke, Dominik and Fahl, Sascha and Acar, Yasemin}, year = {2023}, month = nov, journal = {IEEE Security \& Privacy}, publisher = {IEEE Computer Society}, volume = {21}, number = {06}, pages = {59--63}, date = {2023-11-13}, } @inproceedings{krause2023pushed, title = {Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories}, author = {Alexander Krause and Jan H. Klemmer and Nicolas Huaman and Dominik Wermke and Yasemin Acar and Sascha Fahl}, year = {2023}, month = aug, booktitle = {In Proceedings of the 32nd {USENIX} Security Symposium, {USENIX} 2023, Anaheim CA, USA, August 9-11, 2023}, publisher = {USENIX Association}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/krause}, date = {2023-08-09}, } @inproceedings{fourne2023flossing, title = {It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security}, author = {Marcel Fourn\'{e} and Dominik Wermke and William Enck and Sascha Fahl and Yasemin Acar}, year = {2023}, month = may, booktitle = {In Proceedings of the 44th IEEE Symposium on Security and Privacy (IEEE S\&P '23)}, publisher = {IEEE Computer Society}, url = {https://www.ieee-security.org/TC/SP2023/program-papers.html}, date = {2023-05-22}, } @inproceedings{wermke2023always, title = {``Always Contribute Back'': A Qualitative Study on Security Challenges of the Open Source Supply Chain}, author = {Dominik Wermke and Jan H. Klemmer and Noah W\"{o}hler and Juliane Schm\"{u}ser and Harshini Sri Ramulu and Yasemin Acar and Sascha Fahl}, year = {2023}, month = may, booktitle = {In Proceedings of the 44th IEEE Symposium on Security and Privacy (IEEE S\&P '23)}, publisher = {IEEE Computer Society}, url = {https://www.ieee-security.org/TC/SP2023/program-papers.html}, date = {2023-05-22}, } @inproceedings{huaman2022if, title = {If You Can't Get Them to the Lab: Evaluating a Virtual Study Environment with Security Information Workers}, author = {Nicolas Huaman and Alexander Krause and Dominik Wermke and Jan H. Klemmer and Christian Stransky and Yasemin Acar and Sascha Fahl}, year = {2022}, month = aug, booktitle = {Eighteenth Symposium on Usable Privacy and Security, SOUPS 2022, Boston MA, USA, August 8-9, 2022}, publisher = {USENIX Association}, url = {https://www.usenix.org/conference/soups2022/presentation/huaman}, date = {2023-08-08}, } @inproceedings{wermke2022committed, title = {Committed to Trust: A Qualitative Study on Security \& Trust in Open Source Software Projects}, author = {Dominik Wermke and Noah W\"{o}hler and Jan H. Klemmer and Marcel Fourn\'{e} and Yasemin Acar and Sascha Fahl}, year = {2022}, month = may, booktitle = {In Proceedings of the 43rd IEEE Symposium on Security and Privacy}, url = {https://www.ieee-security.org/TC/SP2022/index.html}, date = {2022-05-22}, } @inproceedings{haering2021never, title = {Never ever or no matter what: Investigating Adoption Intentions and Misconceptions about the Corona-Warn-App in Germany}, author = {Maximilian H\"{a}ring and Eva Gerlitz and Christian Tiefenau and Matthew Smith and Dominik Wermke and Sascha Fahl and Yasemin Acar}, year = {2021}, month = aug, booktitle = {Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021}, date = {2021-08-08}, } @inproceedings{stransky2021limited, title = {On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security}, author = {Christian Stransky and Dominik Wermke and Johanna Schrader and Nicolas Huaman and Yasemin Acar and Anna Lena Fehlhaber and Miranda Wei and Blase Ur and Sascha Fahl}, year = {2021}, month = aug, booktitle = {Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021}, date = {2021-08-08}, } @inproceedings{huaman2021large, title = {A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises}, author = {Nicolas Huaman and Bennet von Skarczinski and Dominik Wermke and Christian Stransky and Yasemin Acar and Arne Drei\ss{}igacker and Sascha Fahl}, year = {2021}, month = aug, booktitle = {In Proceedings of the 30th USENIX Security Symposium, USENIX Security '21, Vancouver, B.C., Canada, August 11-13, 2021}, publisher = {USENIX Association}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/huaman}, date = {2021-08-11}, } @inproceedings{wermke2020cloudy, title = {Cloudy with a Chance of Misconceptions: Exploring Users' Perceptions and Expectations of Security and Privacy in Cloud Office Suites}, author = {Dominik Wermke and Nicolas Huaman and Christian Stransky and Niklas Busch and Yasemin Acar and Sascha Fahl}, year = {2020}, month = aug, booktitle = {Sixteenth Symposium on Usable Privacy and Security, SOUPS 2020, August 7-11, 2020}, publisher = {USENIX Association}, pages = {359--377}, url = {https://www.usenix.org/conference/soups2020/presentation/wermke}, date = {2020-08-07}, } @inproceedings{busse2019replication, title = {Replication: Do We Snooze If We Can't Lose? Modelling Risk with Incentives in Habituation User Studies}, author = {Karoline Busse and Dominik Wermke and Sabrina Amft and Sascha Fahl and Emanuel von Zezschwitz and Matthew Smith}, year = {2019}, month = feb, booktitle = {In Proceedings of the 2019 Workshop on Usable Security (USEC), USEC 2019, San Diego, CA, USA, February 24, 2019}, doi = {10.14722/usec.2019.23001}, url = {https://dx.doi.org/10.14722/usec.2019.23001}, date = {2019-02-24}, } @inproceedings{wermke2018large, title = {A Large Scale Investigation of Obfuscation Use in Google Play}, author = {Dominik Wermke and Nicolas Huaman and Yasemin Acar and Bradley Reaves and Patrick Traynor and Sascha Fahl}, year = {2018}, month = dec, booktitle = {In Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, December 03-07, 2018}, publisher = {ACM}, pages = {222--235}, doi = {10.1145/3274694.3274726}, url = {https://doi.org/10.1145/3274694.3274726}, date = {2018-12-03}, } @inproceedings{gorski2018developers, title = {Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse}, author = {Peter Leo Gorski and Luigi Lo Iacono and Dominik Wermke and Christian Stransky and Sebastian M\"{o}ller and Yasemin Acar and Sascha Fahl}, year = {2018}, month = aug, booktitle = {Fourteenth Symposium on Usable Privacy and Security, SOUPS 2018, Baltimore, MD, USA, August 12-14, 2018}, publisher = {USENIX Association}, pages = {265--281}, url = {https://www.usenix.org/conference/soups2018/presentation/gorski}, date = {2018-08-12}, } @inproceedings{nguyen2017stitch, title = {A Stitch in Time: Supporting Android Developers in WritingSecure Code}, author = {Duc Cuong Nguyen and Dominik Wermke and Yasemin Acar and Michael Backes and Charles Weir and Sascha Fahl}, year = {2017}, month = oct, booktitle = {In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017}, publisher = {ACM}, pages = {1065--1077}, doi = {10.1145/3133956.3133977}, url = {https://doi.org/10.1145/3133956.3133977}, date = {2017-10-30}, } @inproceedings{acar2017developers, title = {Developers Need Support, Too: A Survey of Security Advice for Software Developers}, author = {Yasemin Acar and Christian Stransky and Dominik Wermke and Charles Weir and Michelle L. Mazurek and Sascha Fahl}, year = {2017}, month = sep, booktitle = {IEEE Cybersecurity Development, SecDev 2017, Cambridge, MA, USA, September 24-26, 2017}, publisher = {IEEE Computer Society}, pages = {22--26}, doi = {10.1109/SecDev.2017.17}, url = {https://doi.org/10.1109/SecDev.2017.17}, date = {2017-09-24}, } @inproceedings{stransky2017lessons, title = {Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers}, author = {Christian Stransky and Yasemin Acar and Duc Cuong Nguyen and Dominik Wermke and Doowon Kim and Elissa M. Redmiles and Michael Backes and Simson L. Garfinkel and Michelle L. Mazurek and Sascha Fahl}, year = {2017}, month = aug, booktitle = {10th USENIX Workshop on Cyber Security Experimentation and Test, CSET 2017, Vancouver, BC, Canada, August 14, 2017}, publisher = {USENIX Association}, url = {https://www.usenix.org/conference/cset17/workshop-program/presentation/stransky}, date = {2017-08-14}, } @inproceedings{acar2017security, title = {Security Developer Studies with GitHub Users: Exploring a Convenience Sample}, author = {Yasemin Acar and Christian Stransky and Dominik Wermke and Michelle L. Mazurek and Sascha Fahl}, year = {2017}, month = jul, booktitle = {Thirteenth Symposium on Usable Privacy and Security, SOUPS 2017, Santa Clara, CA, USA, July 12-14, 2017}, publisher = {USENIX Association}, pages = {81--95}, url = {https://www.usenix.org/conference/soups2017/technical-sessions/presentation/acar}, date = {2017-07-12}, }