Riccardo Scandariato

Learn More
Architectural and design patterns represent effective techniques to package expert knowledge in a reusable way. Over time, they have proven to be very successful in software engineering. Moreover, in the security discipline, a well-known principle calls for the use of standard, time-tested solutions rather than inventing ad-hoc solutions from scratch.(More)
Ready or not, the digitalization of information has come and privacy is standing out there, possibly at stake. Although digital privacy is an identified priority in our society , few systematic, effective methodologies exist that deal with privacy threats thoroughly. This paper presents a comprehensive framework to model privacy threats in software-based(More)
Development processes for software construction are common knowledge and mainstream practice in most development organizations. Unfortunately, these processes offer little support in order to meet security requirements. Over the years, research efforts have been invested in specific methodologies and techniques for secure software engineering, yet complete,(More)
Development processes for software construction are common knowledge and mainstream practice in most development organizations. Unfortunately, these processes offer little support in order to meet security requirements. Over the years, research efforts have been invested in specific methodologies and techniques for secure software engineering, yet dedicated(More)
Among the different quality attributes of software artifacts, security has lately gained a lot of interest. However, both qualitative and quantitative methodologies to assess security are still missing. This is possibly due to the lack of knowledge about which properties must be considered when it comes to evaluate security. The above-mentioned gap is even(More)
Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security(More)
The feedback from architectural decisions to the elaboration of requirements is an established concept in the software engineering community. However, pinpointing the nature of this feedback in a precise way is a largely open problem. Often, the feedback is generically characterized as additional qualities that might be affected by an architect's choice.(More)