Enabling software experts like developers, maintainers, and system operators to deploy secure, privacy-respecting, and trustworthy software potentially passes on benefits to their code, hundreds of dependent code bases, thousands of real-world deployments, and millions of end users.
In this talk, I will present my past and ongoing research contributions in computer security and privacy that aim to empower software experts to create a more secure and trustworthy software ecosystem. The presented research spans a variety of areas including open source (S&P 2022, SOUPS 2017), software development (USENIX 2021, ACSAC 2018, CCS 2017), cryptography (SOUPS 2021, 2018), and privacy perceptions (SOUPS 2020). For this research, I utilized both quantitative and qualitative methods to explore aspects not necessarily visible in code, such as the considerations, decisions, and processes of software experts. My findings include that by directly engaging and collaborating with the software community, we can close the gap between researchers and developers and work together towards a more secure and trustworthy software ecosystem.
Short Bio #
Dominik Wermke is a Usable Security & Privacy researcher at CISPA Helmholtz Center for Information Security, a Computer Science PhD student at the Leibniz University Hannover, and a visiting scholar at the GWUSEC lab at George Washington University.
His research enables developers and administrators to deploy secure, privacy-respecting, and trust-worthy software that benefits the security of hundreds of dependent code bases, thousands of real-world deployments, and millions of end users. His research leverages this multiplicative effect by supporting open source maintainers, developers, and system administrators in the shared endeavor towards a more secure and trustworthy software ecosystem.
Wermke’s work has appeared in the top-tier security venues such as IEEE S&P (including a Distinguished Paper Award in 2022), USENIX Security, and ACM CCS, as well as field-specific venues such as SOUPS and ACSAC.