I'm an associate professor
at the Software Engineering Division of the Chalmers University of Technology and the University of Gothenburg
, in Sweden
. I'm also affiliated with the DistriNet Research Group (KU Leuven, Belgium) as a part-time Research Expert in secure software. My main research interests are in the area of Secure Software Engineering, with focus on:
- Empirical methods for security (controlled experiments and mining software repositories)
- Security & privacy in software architectures (principles, patterns and methods)
I spend my spare time taking photographs (see my photos here) and playing tennis.
Here is my page at Chalmers.
Under the spotlight
Our empirical study on security patterns has been accepted at ICSE 2015
Our work on comparing text mining and software metrics as predictors of vulnerabilities won the best paper award at ISSRE'14
- Koen Yskout, Riccardo Scandariato, Wouter Joosen, Do Security Patterns Really Help Designers?
Our work on vulnerability prediction via text mining has been accepted in the IEEE Transactions on Software Engineering
- James Walden, Jeffrey Stuckman, Riccardo Scandariato, Predicting Vulnerable Components: Software Metrics vs Text Mining
Our work on privacy threat modeling is favorably mentioned by Adam Shostack in his new book Threat Modeling: Designing for Security:
- Riccardo Scandariato, James Walden, Aram Hovsepyan, Wouter Joosen, Predicting Vulnerable Software Components via Text Mining
- "LINDDUN is, in many ways, one of the most serious and thought-provoking approaches to privacy threat modeling, and those seriously interested in privacy should take a look at it."
Prof. Riccardo Scandariato received his PhD in Computer Science in 2004 from Politecnico di Torino, Italy. In 2005, he was a post-doctoral researcher at Politecnico di Torino, with the Software Engineering research group. In 2006, he joined the DistriNet research group at KU Leuven, Belgium. In Leuven, he became the leader of a team of researchers in the area of secure software. In 2014, he joined the department of Computer Science and Engineering, which is shared between the Chalmers University of Technology and the University of Gothenburg. In Gothenburg, Prof. Scandariato teaches a master course on software architecture.
Prof. Scandariato's main research interests are in the area of secure software engineering, with a particular focus on (i) empirical methods for security and (ii) security&privacy in software design. He has published over 60 papers in the area of security and software engineering. He is an Associate Editor of the International Journal of Secure Software Engineering (IJSSE) and a member of the Review Editorial Board of Frontiers in ICT. He regularly participates to the Program Committees of several top-rated conferences in the area of security and software engineering.
I am the co-author of over 60 publications. Click here for a complete list. This is my Google Scholar page.
I am often busy performing controlled experiments
(with human participants) about secure software engineering techniques.
I also routinely collaborate on studies that mine software repositories and use machine learning to predict vulnerable software components.
Please, have a look at my empirical page
to see what's cooking at the moment.
I have the privilege of (co)supervising the following PhD students:
Former PhD students
- Koen Buyens, graduated in January 2012. Analyzing software architectures for least privilege violations
- Thomas Heyman, graduated in March 2013. A formal analysis technique for secure software architectures
- Kim Wuyts, graduated in January 2014. Privacy Threats in Software Architectures
- Koen Yskout, graduated in April 2013. Connecting security requirements and software architecture with patterns
I am an Associate Editor of the International Journal of Secure Software Engineering
(IJSSE) and a member of the Review Editorial Board of Frontiers in ICT
. I am a member of the Advisory Board of the ASPIRE
EU FP7 project.
See this page for a list of conferences and workshops I am and have been involved in.