Publications #

External:

Google Scholar, DBLP, ORCID ORCID

Bibfile:
wermke.bib (peer-reviewed publications)

Publication List #

Type:
1 Non-peer-reviewed publications like opinion pieces, summaries, and public comments.
Venue:

2025 #

[C17]
Attributing Open-Source Contributions is Critical but Difficult: A Systematic Analysis of GitHub Practices and Their Impact on Software Supply Chain Security
Jan-Ulrich Holtgrave, Kay Friedrich, Fabian Fischer, Nicolas Huaman, Niklas Busch, Jan Klemmer, Marcel Fourné, Oliver Wiese, Dominik Wermke, and Sascha Fahl.
NDSS, in Proceedings of the Network and Distributed System Security Symposium, February 24, 2025.

2024 #

[W4]
Developers’ Approaches to Software Supply Chain Security: An Interview Study
Rami Sammak, Anna Lena Rotthaler, Harshini Sri Ramulu, Dominik Wermke, and Yasemin Acar.
SCORED, in Proceedings of the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, October 18, 2024.
[O6]
S3C2 Summit 2023-11: Industry Secure Supply Chain Summit
Nusrat Zahan, Yasemin Acar, Michel Cukier, William Enck, Christian Kästner, Alexandros Kapravelos, Dominik Wermke, and Laurie Williams.
arXiv, arXiv preprint arXiv:2408.16529, August 30, 2024.
November 2023 Summit report
[C16]
Security and Privacy Software Creators’ Perspectives on Unintended Consequences
Harshini Sri Ramulu, Helen Schmitt, Dominik Wermke, and Yasemin Acar.
USENIX Sec, in Proceedings of the 33rd USENIX Security Symposium, August 14-16, 2024.
[O5]
S3C2 Summit 2024-03: Industry Secure Supply Chain Summit
Greg Tystahl, Yasemin Acar, Michel Cukier, William Enck, Christian Kästner, Alexandros Kapravelos, Dominik Wermke, and Laurie Williams.
arXiv, arXiv preprint arXiv:2405.08762, May 14, 2024.
March 2024 Summit report
[C15]
Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on Twitter
Juliane Schmüser, Harshini Sri Ramulu, Noah Wöhler, Christian Stransky, Felix Bensmann, Dimitar Dimitrov, Sebastian Schellhammer, Dominik Wermke, Stefan Dietze, Yasemin Acar, and Sascha Fahl.
CHI, in Proceedings of the ACM CHI Conference on Human Factors in Computing Systems, May 11-16, 2024.
Honorable Mention
[W3]
Decomposing and Measuring Trust in Open-Source Software Supply Chains
Lina Boughton, Courtney Miller, Yasemin Acar, Dominik Wermke, and Christian Kästner.
ICSE-NIER, in Proceedings of the IEEE/ACM 46th International Conference on Software Engineering: New Ideas and Emerging Results, April 14-20, 2024.
[O4]
Summary: Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects
Dominik Wermke, Noah Wöhler, Jan H. Klemmer, Marcel Fourné, Yasemin Acar, and Sascha Fahl.
SE, Software Engineering 2024, Gesellschaft für Informatik e.V., ser. LNI, vol. P-343, pp. 141-142, Linz, Austria, Feb 26-Mar 1, 2024.
Summary of [C10]
[O3]
Summary: Always Contribute Back: A Qualitative Study on Security Challenges of the Open Source Supply Chain
Dominik Wermke, Jan H. Klemmer, Noah Wöhler, Juliane Schmüser, Harshini Sri Ramulu, Yasemin Acar, and Sascha Fahl.
SE, Software Engineering 2024, Gesellschaft für Informatik e.V., ser. LNI, vol. P-343, pp. 139-140, Linz, Austria, Feb 26-Mar 1, 2024.
Summary of [C12]

2023 #

[O2]
Securing the Software Supply Chain: Research, Outreach, Education
Laurie Williams, Yasemin Acar, Michel Cukier, William Enck, Alexandros Kapravelos, Christian Kästner, and Dominik Wermke.
RFI, Request for Information on Open-Source Software Security: Areas of Long-Term Focus and Prioritization, November 14, 2023.
[O1]
A Viewpoint on Human Factors in Software Supply Chain Security: A Research Agenda
Marcel Fourné, Dominik Wermke, Sascha Fahl, and Yasemin Acar.
IEEE Security & Privacy, IEEE Security & Privacy (Journal), vol. 21, no. 06, pp. 59-63, November 13, 2023.
[C14]
Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories
Alexander Krause, Jan H. Klemmer, Nicolas Huaman, Dominik Wermke, Yasemin Acar, and Sascha Fahl.
USENIX Sec, in Proceedings of the 32nd USENIX Security Symposium, Anaheim, CA, USA, August 9-11, 2023.
[P9]
Poster: Pushed by Accident: A Mixed-Methods Study on Strategies of Handling Secret Information in Source Code Repositories
Alexander Krause, Jan H. Klemmer, Nicolas Huaman, Dominik Wermke, Yasemin Acar, and Sascha Fahl.
SOUPS, at 19th Symposium on Usable Privacy and Security, Anaheim, CA, USA, August 6-8, 2023.
[C13]
It's like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security
Marcel Fourné, Dominik Wermke, William Enck, Sascha Fahl, and Yasemin Acar.
IEEE S&P, in Proceedings of the 44th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 22-24, 2023.
[C12]
"Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain
Dominik Wermke, Jan H. Klemmer, Noah Wöhler, Juliane Schmüser, Harshini Sri Ramulu, Yasemin Acar, and Sascha Fahl.
IEEE S&P, in Proceedings of the 44th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 22-24, 2023.

2022 #

[]
Preprint: Committed by Accident: Studying Prevention and Remediation Strategies Against Secret Leakage in Source Code Repositories
Alexander Krause, Jan H Klemmer, Nicolas Huaman, Dominik Wermke, Yasemin Acar, and Sascha Fahl.
arXiv 2022.
[C11]
If You Can’t Get Them to the Lab: Evaluating a Virtual Study Environment with Security Information Workers
Nicolas Huaman, Alexander Krause, Dominik Wermke, Christian Stransky, Jan H. Klemmer, Yasemin Acar, and Sascha Fahl.
SOUPS, in Proceedings of the 18th Symposium on Usable Privacy and Security, Santa Clara, CA, USA, August 7-9, 2022.
[C10]
Committed to Trust: A Qualitative Study on Security & Trust in Open Source Software Projects
Dominik Wermke, Noah Wöhler, Jan H. Klemmer, Marcel Fourné, Yasemin Acar, and Sascha Fahl.
IEEE S&P, in Proceedings of the 43rd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 23-26, 2022.
Distinguished Paper Award (4 out of 147 papers)
[P7]
Poster: User Awareness of Phishing and WebAuthn
Mindy Tran, Sabrina Amft, and Dominik Wermke.
IEEE S&P, at 43rd IEEE Symposium on Security and Privacy, May 23-26, 2022.
[P8]
Poster: Committed by Accident - Prevention and Remediation Strategies Against Secret Leakage
Alexander Krause, Nicolas Huaman, Dominik Wermke, Yasemin Acar, and Sascha Fahl.
IEEE S&P, at 43rd IEEE Symposium on Security and Privacy, May 23-26, 2022.

2021 #

[C9]
A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises
Nicolas Huaman, Bennet von Skarczinski, Dominik Wermke, Christian Stransky, Yasemin Acar, Arne Dreißigacker, and Sascha Fahl.
USENIX Sec, in Proceedings of the 30th USENIX Security Symposium, August 11-13, 2021.
[P6]
Poster: Cybercrime in Small and Medium-sized Enterprises
Nicolas Huaman, Alexander Krause, Bennet von Skarczinski, Christian Stransky, Dominik Wermke, Yasemin Acar, Arne Dreißigacker, and Sascha Fahl.
SOUPS, at 17th Symposium on Usable Privacy and Security, August 8-10, 2021.
[C8]
On the Limited Impact of Visualizing Encryption: Perceptions of E2E Messaging Security
Christian Stransky, Dominik Wermke, Johanna Schrader, Nicolas Huaman, Yasemin Acar, Anna Lena Fehlhaber, Miranda Wei, Blase Ur, and Sascha Fahl.
SOUPS, in Proceedings of the 17th Symposium on Usable Privacy and Security, August 8-10, 2021.
[C7]
Never ever or no matter what: Investigating Adoption Intentions and Misconceptions about the Corona-Warn-App in Germany
Maximilian Häring, Eva Gerlitz, Christian Tiefenau, Matthew Smith, Dominik Wermke, Sascha Fahl, and Yasemin Acar.
SOUPS, in Proceedings of the 17th Symposium on Usable Privacy and Security, August 8-10, 2021.

2020 #

[C6]
Cloudy with a Chance of Misconceptions: Exploring Users' Perceptions and Expectations of Security and Privacy in Cloud Office Suites
Dominik Wermke, Christian Stransky, Nicolas Huaman, Niklas Busch, Yasemin Acar, and Sascha Fahl.
SOUPS, in Proceedings of the 16th Symposium on Usable Privacy and Security, August 12-14, 2020.
[P5]
Poster: Perceptions of Handling Sensitive Data in Cloud Office Applications
Dominik Wermke, Christian Stransky, Nicolas Huaman, Niklas Busch, Alexander Krause, Yasemin Acar, and Sascha Fahl.
IEEE S&P, at 41st IEEE Symposium on Security and Privacy, May 18-20, 2020.

2019 #

[P4]
Poster: Towards Understanding the WhatsApp Dilemma
Christian Stransky, Dominik Wermke, Johanna Schrader, Nicolas Huaman, Anna Lena Fehlhaber, Yasemin Acar, and Sascha Fahl.
USENIX Sec, at 28th USENIX Security Symposium, Santa Clara, CA, USA, August 14-16, 2019.
[W2]
Replication: Do We Snooze If We Can't Lose? Modelling Risk with Incentives in Habituation User Studies
Karoline Busse, Dominik Wermke, Sabrina Amft, Sascha Fahl, Emanuel von Zezschwitz, and Matthew Smith.
USEC, in Proceedings of the 2019 Workshop on Usable Security, San Diego, CA, USA, February 24, 2019.
[P2]
Poster: Project Leine - A Virtualized Study Infrastructure
Dominik Wermke, Nicolas Huaman, Christian Stransky, Yasemin Acar, and Sascha Fahl.
NDSS, at 26th Annual Network and Distributed System Security Symposium, San Diego, California, USA, February 24-27, 2019.
[P3]
Poster: A Large Scale Investigation of Obfuscation Use in Google Play
Dominik Wermke, Nicolas Huaman, Yasemin Acar, Bradley Reaves, Patrick Traynor, and Sascha Fahl.
NDSS, at 26th Annual Network and Distributed System Security Symposium, San Diego, California, USA, February 24-27, 2019.

2018 #

[C5]
A Large Scale Investigation of Obfuscation Use in Google Play
Dominik Wermke, Nicolas Huaman, Yasemin Acar, Bradley Reaves, Patrick Traynor, and Sascha Fahl.
ACSAC, in Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, PR, USA, December 03-07, 2018.
[P1]
Poster: Replication: Do We Snooze If We Can't Lose? Modelling Risk with Incentives in Habituation User Studies
Karoline Busse, Dominik Wermke, Sabrina Amft, Sascha Fahl, Emanuel von Zezschwitz, and Matthew Smith.
SOUPS, at 14th Symposium on Usable Privacy and Security, Baltimore, MD, USA, August 12-14, 2018.
[C4]
Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse
Peter Leo Gorski, Luigi Lo Iacono, Dominik Wermke, Christian Stransky, Sebastian Möller, Yasemin Acar, and Sascha Fahl.
SOUPS, in Proceedings of the 14th Symposium on Usable Privacy and Security, Baltimore, MD, USA, August 12-14, 2018.

2017 #

[C3]
A Stitch in Time: Supporting Android Developers in Writing Secure Code
Duc Cuong Nguyen, Dominik Wermke, Yasemin Acar, Michael Backes, Charles Weir, and Sascha Fahl.
CCS, in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA, October 30 - November 03, 2017.
[C2]
Developers Need Support, Too: A Survey of Security Advice for Software Developers
Yasemin Acar, Christian Stransky, Dominik Wermke, Charles Weir, Michelle L. Mazurek, and Sascha Fahl.
SecDev, in Proceedings of the IEEE Secure Development Conference, Cambridge, MA, USA, September 24-26, 2017.
[W1]
Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers
Christian Stransky, Yasemin Acar, Duc Cuong Nguyen, Dominik Wermke, Doowon Kim, Elissa M. Redmiles, Michael Backes, Simson L. Garfinkel, Michelle L. Mazurek, and Sascha Fahl.
CSET, in Proceedings of the 10th USENIX Workshop on Cyber Security Experimentation and Test, Vancouver, BC, Canada, August 14, 2017.
[C1]
Security Developer Studies with GitHub Users: Exploring a Convenience Sample
Yasemin Acar, Christian Stransky, Dominik Wermke, Michelle L. Mazurek, and Sascha Fahl.
SOUPS, in Proceedings of the 13th Symposium on Usable Privacy and Security, Santa Clara, CA, USA, July 12-14, 2017.