The underpinnings of the research we conduct are scientific rigour and sound empirical evaluation of security methodologies and solutions from risk assessment and threat analysis to mining software vulnerabilities and analysing Java and cloud microservices. We promote a foundational approach for conducting research in the intersection between Security, Software Engineering and Risk Analysis. The empirical approach allows us to solve security problems and defends against adversaries that are real instead of our own making.
We work from the mathematical foundations and models of risk analysis to their empirical validation with either large scale retrospective studies on software repositories or controlled experiments with students and professionals. The broad goal of the group is to provide industry and society with evidence-based advice about security risks.
To see who is who, check below.