I'm an associate professor
at the Software Engineering Division of the Chalmers University of Technology and the University of Gothenburg (GU)
, in Sweden
. I'm also affiliated with the DistriNet Research Group (KU Leuven, Belgium) as a part-time Research Expert in secure software. My main research interests are in the area of Secure Software Engineering, with focus on:
- Privacy-by-design and security-by-design (threat analysis, precise modeling and analysis of security & privacy properties in software architecture, patterns)
- Empirical methods for security (controlled experiments and mining software repositories)
I'm also the Program Coordinator (a.k.a. MPA) for the GU's master program "Software Engineering and Management" and the Chalmes' master program "Software Engineering and Technology".
I spend my spare time taking photographs (see my photos here) and playing tennis.
Here is my page at Chalmers.
Under the spotlight
|Our work on privacy threat modeling is favorably mentioned by Adam Shostack in his new book Threat Modeling: Designing for Security:
We have published a systematic litterature review comparing several techniques for secure design in the Journal of Software and Systems Modeling
- "LINDDUN is, in many ways, one of the most serious and thought-provoking approaches to privacy threat modeling, and those seriously interested in privacy should take a look at it."
Our empirical study on security patterns has been accepted at ICSE 2015
- Alexander van den Berghe, Riccardo Scandariato, Koen Yskout, Wouter Joosen, Design Notations for Secure Software: A Systematic Literature Review
Our work on comparing text mining and software metrics as predictors of vulnerabilities won the best paper award at ISSRE'14
- Koen Yskout, Riccardo Scandariato, Wouter Joosen, Do Security Patterns Really Help Designers?
and has been extended for the IEEE Transactions on Reliability
- James Walden, Jeffrey Stuckman, Riccardo Scandariato, Predicting Vulnerable Components: Software Metrics vs Text Mining
- Jeffrey Stuckman, James Walden, Riccardo Scandariato, The Effect of Dimensionality Reduction on Software Vulnerability Prediction Models
Prof. Riccardo Scandariato received his PhD in Computer Science in 2004 from Politecnico di Torino, Italy. In 2005, he was a post-doctoral researcher at Politecnico di Torino, with the Software Engineering research group. In 2006, he joined the DistriNet research group at KU Leuven, Belgium. In Leuven, he became the leader of a team of researchers in the area of secure software. In 2014, he moved to Gothenburg (Sweden) and joined the department of Computer Science and Engineering, which is shared between the Chalmers University of Technology and the University of Gothenburg.
Prof. Scandariato's main research interests are in the area of secure software engineering, with a particular focus on (i) privacy&security by design and (ii) empirical methods for security. He has published over 65 papers in the area of security and software engineering. He is an Associate Editor of the International Journal of Secure Software Engineering (IJSSE) and a member of the Review Editorial Board of Frontiers in ICT. He regularly participates to the Program Committees of several top-rated conferences in the area of security and software engineering.
I am the co-author of over 70 publications. Click here for a complete list. This is my Google Scholar page.
I am often busy performing controlled experiments
(with human participants) about secure software engineering techniques.
I also routinely collaborate on studies that mine software repositories and use machine learning to predict vulnerable software components.
Please, have a look at my empirical page
to see what's cooking at the moment.
I have the privilege of (co)supervising the following PhD students:
- Laurens Sion, working on code annotations for security
- Katja Tuma, working on secure software in the automotive domain
- Alexander van den Berghe, working on analyzing security properties in design
Former PhD students
- Koen Buyens, graduated in January 2012. Analyzing software architectures for least privilege violations
- Thomas Heyman, graduated in March 2013. A formal analysis technique for secure software architectures
- Kim Wuyts, graduated in January 2014. Privacy Threats in Software Architectures
- Koen Yskout, graduated in April 2013. Connecting security requirements and software architecture with patterns
I am an Associate Editor of the International Journal of Secure Software Engineering
(IJSSE) and a member of the Review Editorial Board of Frontiers in ICT
. I am a member of the Advisory Board of the ASPIRE
EU FP7 project.
See this page for a list of conferences and workshops I am and have been involved in.