I'm an  associate professor at the Software Engineering Division of the Chalmers University of Technology and the University of Gothenburg, in Sweden. I'm also affiliated with the DistriNet Research Group (KU Leuven, Belgium) as a part-time Research Expert in secure software. My main research interests are in the area of Secure Software Engineering, with focus on:
  • Security-by-design and privacy-by-design (threat analysis, precise modeling and analysis of security & privacy properties in software architecture, patterns)
  • Empirical methods for security (controlled experiments and mining software repositories)

I spend my spare time taking photographs (see my photos here) and playing tennis.

Here is my page at Chalmers.

Under the spotlight

Our work on privacy threat modeling is favorably mentioned by Adam Shostack in his new book Threat Modeling: Designing for Security:
  • "LINDDUN is, in many ways, one of the most serious and thought-provoking approaches to privacy threat modeling, and those seriously interested in privacy should take a look at it."
We have published a systematic litterature review comparing several techniques for secure design in the Journal of Software and Systems Modeling
  • Alexander van den Berghe, Riccardo Scandariato, Koen Yskout, Wouter Joosen, Design Notations for Secure Software: A Systematic Literature Review
Our empirical study on security patterns has been accepted at ICSE 2015
  • Koen Yskout, Riccardo Scandariato, Wouter Joosen, Do Security Patterns Really Help Designers?
Our work on comparing text mining and software metrics as predictors of vulnerabilities won the best paper award at ISSRE'14
  • James Walden, Jeffrey Stuckman, Riccardo Scandariato, Predicting Vulnerable Components: Software Metrics vs Text Mining
and has been extended for the IEEE Transactions on Reliability
  • Jeffrey Stuckman, James Walden, Riccardo Scandariato, The Effect of Dimensionality Reduction on Software Vulnerability Prediction Models

Short bio

Prof. Riccardo Scandariato received his PhD in Computer Science in 2004 from Politecnico di Torino, Italy. In 2005, he was a post-doctoral researcher at Politecnico di Torino, with the Software Engineering research group. In 2006, he joined the DistriNet research group at KU Leuven, Belgium. In Leuven, he became the leader of a team of researchers in the area of secure software. In 2014, he joined the department of Computer Science and Engineering, which is shared between the Chalmers University of Technology and the University of Gothenburg. In Gothenburg, Prof. Scandariato teaches a master course on software architecture.

Prof. Scandariato's main research interests are in the area of secure software engineering, with a particular focus on (i) empirical methods for security and (ii) security&privacy in software design. He has published over 60 papers in the area of security and software engineering. He is an Associate Editor of the International Journal of Secure Software Engineering (IJSSE) and a member of the Review Editorial Board of Frontiers in ICT. He regularly participates to the Program Committees of several top-rated conferences in the area of security and software engineering.

Publications

I am the co-author of over 65 publications. Click here for a complete list. This is my Google Scholar page.

Empirical work

I am often busy performing controlled experiments (with human participants) about secure software engineering techniques.

I also routinely collaborate on studies that mine software repositories and use machine learning to predict vulnerable software components.

Please, have a look at my empirical page to see what's cooking at the moment. 

PhD students

I have the privilege of (co)supervising the following PhD students:
  • Laurens Sion, working on code annotations for security 
  • Katja Tuma, working on secure software in the automotive domain
  • Alexander van den Berghe, working on analyzing security properties in design

Former PhD students

  • Koen Buyens, graduated in January 2012. Analyzing software architectures for least privilege violations
  • Thomas Heyman, graduated in March 2013. A formal analysis technique for secure software architectures
  • Kim Wuyts, graduated in January 2014. Privacy Threats in Software Architectures
  • Koen Yskout, graduated in April 2013. Connecting security requirements and software architecture with patterns

Service

I am an Associate Editor of the International Journal of Secure Software Engineering (IJSSE) and a member of the Review Editorial Board of Frontiers in ICT.  I am a member of the Advisory Board of the ASPIRE EU FP7 project.

See this page for a list of conferences and workshops I am and have been involved in.