Riccardo Scandariato

Welcome!

I'm an associate professor at the Software Engineering Division of the University of Gothenburg, in Sweden. My main research interests are in the area of Secure Software Engineering, with focus on:
  • Privacy-by-design and security-by-design (threat analysis, precise modeling and analysis of security & privacy properties in software architecture, patterns)
  • Empirical methods for security (controlled experiments and mining software repositories)

I'm also the Program Coordinator for the University of Gothenburg master program "Software Engineering and Management" and the Chalmes' master program "Software Engineering and Technology".

I spend my spare time taking photographs (see my photos here).

Under the spotlight

Our work on privacy threat modeling is favorably mentioned by Adam Shostack in his new book Threat Modeling: Designing for Security:
  • "LINDDUN is, in many ways, one of the most serious and thought-provoking approaches to privacy threat modeling, and those seriously interested in privacy should take a look at it."
We have published a systematic literature review comparing several techniques for secure design in the Journal of Software and Systems Modeling
  • Alexander van den Berghe, Riccardo Scandariato, Koen Yskout, Wouter Joosen, Design Notations for Secure Software: A Systematic Literature Review
Our work on dimensionality reduction when using text mining and software metrics as predictors of vulnerabilities has been published in the IEEE Transactions on Reliability
  • Jeffrey Stuckman, James Walden, Riccardo Scandariato, The Effect of Dimensionality Reduction on Software Vulnerability Prediction Models

Short bio

Prof. Riccardo Scandariato received his PhD in Computer Science in 2004 from Politecnico di Torino, Italy. In 2005, he was a post-doctoral researcher at Politecnico di Torino, with the Software Engineering research group. In 2006, he joined the DistriNet research group at KU Leuven, Belgium. In Leuven, he became the leader of a team of researchers in the area of secure software. In 2014, he moved to Gothenburg (Sweden) and joined the department of Computer Science and Engineering, which is shared between the Chalmers University of Technology and the University of Gothenburg.

Prof. Scandariato's main research interests are in the area of secure software engineering, with a particular focus on (i) privacy & security by design and (ii) empirical methods for security. He has published over 70 papers in the area of security and software engineering. He is an Associate Editor of the International Journal of Secure Software Engineering (IJSSE) and a member of the Review Editorial Board of Frontiers in ICT. He regularly participates to the Program Committees of several top-rated conferences in the area of security and software engineering.

Publications

I am the co-author of over 70 publications. Click here for a complete list. This is my Google Scholar page.

Empirical work

I am often busy performing controlled experiments (with human participants) about secure software engineering techniques.

I also routinely collaborate on studies that mine software repositories and use machine learning to predict vulnerable software components.

Please, have a look at my empirical page to see what's cooking at the moment.

PhD students

I have the privilege of supervising the following PhD students:

Former PhD students

  • Koen Buyens, graduated in January 2012. Analyzing software architectures for least privilege violations
  • Thomas Heyman, graduated in March 2013. A formal analysis technique for secure software architectures
  • Kim Wuyts, graduated in January 2014. Privacy Threats in Software Architectures
  • Koen Yskout, graduated in April 2013. Connecting security requirements and software architecture with patterns

Service

I am an Associate Editor of the International Journal of Secure Software Engineering (IJSSE) and a member of the Review Editorial Board of Frontiers in ICT.

See this page for a list of conferences and workshops I am and have been involved in.