3 matches found
Reading between the Code Lines: On the Use of Self-Admitted Technical Debt for Security Analysis
Static Analysis Tools SATs are central to security engineering activities, as they enable early identification of code weaknesses without requiring execution. However, their effectiveness is often limited by high false-positive rates and incomplete coverage of vulnerability classes. At the same...
Putting Privacy to the Test: Introducing Red Teaming for Research Data Anonymization
Recently, the data protection practices of researchers in human-computer interaction and elsewhere have gained attention. Initial results suggest that researchers struggle with anonymization, partly due to a lack of clear, actionable guidance. In this work, we propose simulating re-identification...
Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys
Incident Response IR allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and...