I'm a full professor and the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany.

I'm a father of two boys and spend my (limited) spare time taking photographs.

My favorite saying is "done is better than perfect".

I don't have Twitter, Facebook, Instagram, TikTok, you name it...

Contact info

You are welcome to visit me at the:

Institute of Software Security
Hamburg University of Technology (TUHH)
Blohmstraße 15
21079 Hamburg

My email is:

ric***do . sca***to @ tuhh . de

Research interests

Together with my team, I apply an inter-disciplinary approach to create innovative tools and techniques to design and implement secure and privacy-friendly applications. My target application domains are micro-services, Internet-of-Things ecosystems, and cyber-physical systems. While my main interest is in the technical aspects of software security, I also investigate how security techniques can be made more effective and usable for the developers. My core research topics are:

  • Model-based security
  • Program repair for software security
  • Benchmarking security features in application software
  • Prediction of software vulnerabilities
  • Threat and risk analysis
  • Usable security and privacy
In this research agenda, an important role is played by the use of ML/AI to solve cybersecurity challenges. My work is also characterized by the systematic use of empirical methods for security, including controlled experiments and mining software repositories.

Very condensed CV

I received my PhD in Computer Science in 2004 from Politecnico di Torino, Italy. In my academic career I had the opportunity to work in several countries, including the United States (University of Virginia, 2003), Italy (Politecnico di Torino, 2004-2005), Belgium (KU Leuven, 2006-2014) and Sweden (University of Gothenburg, 2014-2020). Since late 2020, I'm the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany.

H-index: Google Scholar page


Working with young researchers is one the perks of being a professor. It's something I truly enjoy and dedicate time to. I have the privilege of supervising the following research associates:

  • Catherine Tony, working on automatic generation of secure and privacy-friendly application code
  • Cuong Bui Quang, working on automated program repair techniques for security vulnerabilities
  • Simon Schneider, working on lightweight techniques to identify security features in application code (e.g., microservices)
  • Torge Hinrichs, working on predicting software vulnerabilities via machine learning

The team is also inspired by the excellent work of our senior researchers:

  • Nicolas Diaz Ferreyra is a post-doctoral researcher working on privacy.

I have also the pleasure of co-supervising these brilliant researchers:

  • Mazen Mohamad, PhD student working on security assurance cases for automotive at the University of Gothenburg, under the main supervision of Prof. Jan-Philipp Steghöfer
  • Max Neuendorf, PhD fast-track student at the University of Hamburg, under the main supervision of Prof. Mathias Fisher


In the past, I worked with these very bright individuals:

  • Mrs. Komal Kashish, collaboration on security of IoT edge frameworks in 2021-2022
  • Mrs. Anusha Bambhore Tukaram, collaboration on security of microservice applications in 2021-2022
  • Dr. Katja Tuma, graduated in January 2021 (University of Gothenburg) with a PhD thesis titled Efficiency and Automation in Threat Analysis of Software Systems
  • Dr. Rodi Jolak, PostDoc (University of Gothenburg) working on resilience of automotive systems in 2020-2021
  • Dr. Tomasz Kosinski, graduated in September 2021 (University of Gothenburg, co-supervisor) with a PhD thesis titled Privacy expectations and challenges of smart home ecosystems
  • Dr. Alexander van den Berghe, graduated in March 2020 (KU Leuven) with a PhD thesis titled SMILE: A Security-Centric, Formally-Founded Modelling Language for Humans
  • Dr. Kim Wuyts, graduated in January 2014 (KU Leuven) with a PhD thesis titled Privacy Threats in Software Architectures
  • Dr. Thomas Heyman, graduated in March 2013 (KU Leuven) with a PhD thesis titled A formal analysis technique for secure software architectures
  • Dr. Koen Yskout, graduated in April 2013 (KU Leuven) with a PhD thesis titled Connecting security requirements and software architecture with patterns
  • Dr. Koen Buyens, graduated in January 2012 (KU Leuven, co-supervisor) with a PhD thesis titled Analyzing software architectures for least privilege violations