Dominik Wermke

Web Curriculum Vitae
https://dwermke.com, dwermke@ncsu.edu
Last updated Mar 10, 2025

Table of Contents

About #

I am an Assistant Professor in the Department of Computer Science at the North Carolina State University with research areas of interest including usable security and privacy, security of and trust in the software supply chain and open source ecosystem, as well as supporting software experts in designing, developing, and deploying secure, privacy-respecting, and user-friendly systems.


Pronunciation: VERM-keh [/veeːm.ke/]

I actually love all the different pronunciations for my last name, so feel free to go with whatever feels right in your language / accent.

The German pronunciation sounds like “VERM-keh” (/veeːm.ke/ in IPA). “Verm-” rhymes with “term” and “-ke” as in “kettle”.

Affiliations #

Current:
Past Affiliations
Past:
TeamUSEC (Member)
George Washington University (Visiting Researcher)
Leibniz University Hannover (PhD)
Saarland University (MSc, BSc)

Academic Bio #

Perspective:
Include:

I am an Assistant Professor in the Department of Computer Science at the North Carolina State University. Prior to NC State, I worked as a researcher at the CISPA Helmholtz Center for Information Security and was part of the TeamUSEC research group for human-centered security. I received my Dr. rer. nat. (PhD equivalent) in computer science from Leibniz University Hannover in 2023 and both a M.Sc. and B.Sc. from Saarland University in 2016 and 2015 respectively.

My research enables developers and administrators to deploy secure, privacy-respecting, and trust-worthy software that benefits the security of hundreds of dependent code bases, thousands of real-world deployments, and millions of end users. I leverage this multiplicative effect by supporting open source maintainers, developers, and system administrators in the shared endeavor towards a more secure and trustworthy software ecosystem.

My research areas of interest include usable security, supporting software experts, the software supply chain, and the open source ecosystem. Designing secure and user-friendly systems, developing tools to assist software professionals, enhancing transparency and trust in the software supply chain, and improving collaboration and security in open source communities.

My work has appeared in the top-tier security venues IEEE S&P, USENIX Security, ACM CCS, and NDSS, as well as field-specific venues such as CHI, SOUPS, and ACSAC.

Dominik Wermke is an Assistant Professor in the Department of Computer Science at the North Carolina State University. Prior to NC State, he worked as a researcher at the CISPA Helmholtz Center for Information Security and was part of the TeamUSEC research group for human-centered security. He received his Dr. rer. nat. (PhD equivalent) in computer science from Leibniz University Hannover in 2023 and both a M.Sc. and B.Sc. from Saarland University in 2016 and 2015 respectively.

His research enables developers and administrators to deploy secure, privacy-respecting, and trust-worthy software that benefits the security of hundreds of dependent code bases, thousands of real-world deployments, and millions of end users. His research leverages this multiplicative effect by supporting open source maintainers, developers, and system administrators in the shared endeavor towards a more secure and trustworthy software ecosystem.

Research areas of interest include usable security, supporting software experts, the software supply chain, and the open source ecosystem. Designing secure and user-friendly systems, developing tools to assist software professionals, enhancing transparency and trust in the software supply chain, and improving collaboration and security in open source communities.

His work has appeared in the top-tier security venues IEEE S&P, USENIX Security, ACM CCS, and NDSS, as well as field-specific venues such as CHI, SOUPS, and ACSAC.


Dominik Wermke, Jan H. Klemmer, Noah Wöhler, Juliane Schmüser, Harshini Sri Ramulu, Yasemin Acar, and Sascha Fahl. "Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain. In Proceedings of the 44th IEEE Symposium on Security and Privacy (IEEE S&P 23), San Francisco, CA, USA, May 22-24, 2023.

Marcel Fourné, Dominik Wermke, Will Enck, Sascha Fahl, and Yasemin Acar. It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security. In Proceedings of the 44th IEEE Symposium on Security and Privacy (IEEE S&P 23), San Francisco, CA, USA, May 22-24, 2023.

Dominik Wermke, Noah Wöhler, Jan H. Klemmer, Marcel Fourné, Yasemin Acar, and Sascha Fahl. Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects. In Proceedings of the 43rd IEEE Symposium on Security and Privacy (IEEE S&P 22), San Francisco, CA, USA, May 23-26, 2022.

Peer-Reviewed Publications #

Detailed list and filters at publications. In computer security, conferences are the primary publication venue.

Conference #

[C17]
Jan-Ulrich Holtgrave, Kay Friedrich, Fabian Fischer, Nicolas Huaman, Niklas Busch, Jan Klemmer, Marcel Fourné, Oliver Wiese, Dominik Wermke, Sascha Fahl. Attributing Open-Source Contributions is Critical but Difficult: A Systematic Analysis of GitHub Practices and Their Impact on Software Supply Chain Security. In Proceedings of the Network and Distributed System Security Symposium (NDSS), February 24, 2025.
[C16]
Harshini Sri Ramulu, Helen Schmitt, Dominik Wermke, Yasemin Acar. Security and Privacy Software Creators’ Perspectives on Unintended Consequences. In Proceedings of the 33rd USENIX Security Symposium (USENIX Sec), August 14-16, 2024.
[C15]
Juliane Schmüser, Harshini Sri Ramulu, Noah Wöhler, Christian Stransky, Felix Bensmann, Dimitar Dimitrov, Sebastian Schellhammer, Dominik Wermke, Stefan Dietze, Yasemin Acar, Sascha Fahl. Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on Twitter. In Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (CHI), May 11-16, 2024.
[C14]
Alexander Krause, Jan H. Klemmer, Nicolas Huaman, Dominik Wermke, Yasemin Acar, Sascha Fahl. Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories. In Proceedings of the 32nd USENIX Security Symposium (USENIX Sec), Anaheim, CA, USA, August 9-11, 2023.
[C13]
Marcel Fourné, Dominik Wermke, William Enck, Sascha Fahl, Yasemin Acar. It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security. In Proceedings of the 44th IEEE Symposium on Security and Privacy (IEEE S&P), San Francisco, CA, USA, May 22-24, 2023.
[C12]
Dominik Wermke, Jan H. Klemmer, Noah Wöhler, Juliane Schmüser, Harshini Sri Ramulu, Yasemin Acar, Sascha Fahl. "Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain. In Proceedings of the 44th IEEE Symposium on Security and Privacy (IEEE S&P), San Francisco, CA, USA, May 22-24, 2023.
[C11]
Nicolas Huaman, Alexander Krause, Dominik Wermke, Christian Stransky, Jan H. Klemmer, Yasemin Acar, Sascha Fahl. If You Can’t Get Them to the Lab: Evaluating a Virtual Study Environment with Security Information Workers. In Proceedings of the 18th Symposium on Usable Privacy and Security (SOUPS), Santa Clara, CA, USA, August 7-9, 2022.
[C10]
Dominik Wermke, Noah Wöhler, Jan H. Klemmer, Marcel Fourné, Yasemin Acar, Sascha Fahl. Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects. In Proceedings of the 43rd IEEE Symposium on Security and Privacy (IEEE S&P), San Francisco, CA, USA, May 23-26, 2022.
[C9]
Nicolas Huaman, Bennet von Skarczinski, Dominik Wermke, Christian Stransky, Yasemin Acar, Arne Dreißigacker, Sascha Fahl. A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises. In Proceedings of the 30th USENIX Security Symposium (USENIX Sec), August 11-13, 2021.
[C8]
Christian Stransky, Dominik Wermke, Johanna Schrader, Nicolas Huaman, Yasemin Acar, Anna Lena Fehlhaber, Miranda Wei, Blase Ur, Sascha Fahl. On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security. In Proceedings of the 17th Symposium on Usable Privacy and Security (SOUPS), August 8-10, 2021.
[C7]
Maximilian Häring, Eva Gerlitz, Christian Tiefenau, Matthew Smith, Dominik Wermke, Sascha Fahl, Yasemin Acar. Never ever or no matter what: Investigating Adoption Intentions and Misconceptions about the Corona-Warn-App in Germany. In Proceedings of the 17th Symposium on Usable Privacy and Security (SOUPS), August 8-10, 2021.
[C6]
Dominik Wermke, Christian Stransky, Nicolas Huaman, Niklas Busch, Yasemin Acar, Sascha Fahl. Cloudy with a Chance of Misconceptions: Exploring Users' Perceptions and Expectations of Security and Privacy in Cloud Office Suites. In Proceedings of the 16th Symposium on Usable Privacy and Security (SOUPS), August 12-14, 2020.
[C5]
Dominik Wermke, Nicolas Huaman, Yasemin Acar, Bradley Reaves, Patrick Traynor, Sascha Fahl. A Large Scale Investigation of Obfuscation Use in Google Play. In Proceedings of the 34th Annual Computer Security Applications Conference (ACSAC), San Juan, PR, USA, December 03-07, 2018.
[C4]
Peter Leo Gorski, Luigi Lo Iacono, Dominik Wermke, Christian Stransky, Sebastian Möller, Yasemin Acar, Sascha Fahl. Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse. In Proceedings of the 14th Symposium on Usable Privacy and Security (SOUPS), Baltimore, MD, USA, August 12-14, 2018.
[C3]
Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, Sascha Fahl. A Stitch in Time: Supporting Android Developers in Writing Secure Code. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS), Dallas, TX, USA, October 30 - November 03, 2017.
[C2]
Yasemin Acar, Christian Stransky, Dominik Wermke, Charles Weir, Michelle L. Mazurek, Sascha Fahl. Developers Need Support, Too: A Survey of Security Advice for Software Developers. In Proceedings of the IEEE Secure Development Conference (SecDev), Cambridge, MA, USA, September 24-26, 2017.
[C1]
Yasemin Acar, Christian Stransky, Dominik Wermke, Michelle L. Mazurek, Sascha Fahl. Security Developer Studies with GitHub Users: Exploring a Convenience Sample. In Proceedings of the 13th Symposium on Usable Privacy and Security (SOUPS), Santa Clara, CA, USA, July 12-14, 2017.

Journal #

[J1]
Laurie Williams, Giacomo Benedetti, Sivana Hamer, Ranindya Paramitha, Imranur Rahman, Mahzabin Tamanna, Greg Tystahl, Nusrat Zahan, Patrick Morrison, Yasemin Acar, Michel Cukier, Christian Kästner, Alexandros Kapravelos, Dominik Wermke, William Enck. Research Directions in Software Supply Chain Security. ACM Transactions on Software Engineering and Methodology (TOSEM), January 27, 2025.

Workshop #

[W4]
Rami Sammak, Anna Lena Rotthaler, Harshini Sri Ramulu, Dominik Wermke, Yasemin Acar. Developers’ Approaches to Software Supply Chain Security: An Interview Study. In Proceedings of the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED), October 18, 2024.
[W3]
Lina Boughton, Courtney Miller, Yasemin Acar, Dominik Wermke, Christian Kästner. Decomposing and Measuring Trust in Open-Source Software Supply Chains. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER), April 14-20, 2024.
[W2]
Karoline Busse, Dominik Wermke, Sabrina Amft, Sascha Fahl, Emanuel von Zezschwitz, Matthew Smith. Replication: Do We Snooze If We Can't Lose? Modelling Risk with Incentives in Habituation User Studies. In Proceedings of the 2019 Workshop on Usable Security (USEC), San Diego, CA, USA, February 24, 2019.
[W1]
Christian Stransky, Yasemin Acar, Duc Cuong Nguyen, Dominik Wermke, Doowon Kim, Elissa M. Redmiles, Michael Backes, Simson L. Garfinkel, Michelle L. Mazurek, Sascha Fahl. Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers. In Proceedings of the 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET), Vancouver, BC, Canada, August 14, 2017.

Poster #

[P9]
Alexander Krause, Jan H. Klemmer, Nicolas Huaman, Dominik Wermke, Yasemin Acar, Sascha Fahl. Poster: Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories. At 19th Symposium on Usable Privacy and Security (SOUPS), Anaheim, CA, USA, August 6-8, 2023.
[P8]
Alexander Krause, Nicolas Huaman, Dominik Wermke, Yasemin Acar, Sascha Fahl. Poster: Committed by Accident - Prevention and Remediation Strategies Against Secret Leakage. At 43rd IEEE Symposium on Security and Privacy (IEEE S&P), May 23-26, 2022.
[P7]
Mindy Tran, Sabrina Amft, Dominik Wermke. Poster: User Awareness of Phishing and WebAuthn. At 43rd IEEE Symposium on Security and Privacy (IEEE S&P), May 23-26, 2022.
[P6]
Nicolas Huaman, Alexander Krause, Bennet von Skarczinski, Christian Stransky, Dominik Wermke, Yasemin Acar, Arne Dreißigacker, Sascha Fahl. Poster: Cybercrime in Small and Medium-sized Enterprises. At 17th Symposium on Usable Privacy and Security (SOUPS), August 8-10, 2021.
[P5]
Dominik Wermke, Christian Stransky, Nicolas Huaman, Niklas Busch, Alexander Krause, Yasemin Acar, Sascha Fahl. Poster: Perceptions of Handling Sensitive Data in Cloud Office Applications. At 41st IEEE Symposium on Security and Privacy (IEEE S&P), May 18-20, 2020.
[P4]
Christian Stransky, Dominik Wermke, Johanna Schrader, Nicolas Huaman, Anna Lena Fehlhaber, Yasemin Acar, Sascha Fahl. Poster: Towards Understanding the WhatsApp Dilemma. At 28th USENIX Security Symposium (USENIX Sec), Santa Clara, CA, USA, August 14-16, 2019.
[P3]
Dominik Wermke, Nicolas Huaman, Yasemin Acar, Bradley Reaves, Patrick Traynor, Sascha Fahl. Poster: A Large Scale Investigation of Obfuscation Use in Google Play. At 26th Annual Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 24-27, 2019.
[P2]
Dominik Wermke, Nicolas Huaman, Christian Stransky, Yasemin Acar, Sascha Fahl. Poster: Project Leine - A Virtualized Study Infrastructure. At 26th Annual Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 24-27, 2019.
[P1]
Karoline Busse, Dominik Wermke, Sabrina Amft, Sascha Fahl, Emanuel von Zezschwitz, Matthew Smith. Poster: Replication: Do We Snooze If We Can't Lose? Modelling Risk with Incentives in Habituation User Studies. At 14th Symposium on Usable Privacy and Security (SOUPS), Baltimore, MD, USA, August 12-14, 2018.

Academic Service #

Group:

2025
2024
2023
2022
2021
2020
2019
2018

Students #

All at NC State unless noted otherwise. Names redacted in the web version for privacy.

PhD Committees #

Ongoing
  • ███████
  • ███████
  • ███████
2024
  • ███████
  • ███████
  • ███████, Leibniz University Hannover
  • ███████, Leibniz University Hannover

Master Students #

2025
  • ███████

Master Committees #

2023
  • ███████, Leibniz University Hannover

Independent Studies #

Ongoing
  • ███████
2024
  • ███████
  • ███████

Teaching #

Detailed list at teaching.

NC State #

2025
2024
2023