TY - GEN
T1 - Supporting Software Engineers in IT Security and Privacy through Automated Knowledge Discovery
AU - Ehl, Marco
AU - Ahmadian, Amir Shayan
AU - Großer, Katharina
AU - Elsofi, Duaa Adel Ali
AU - Herrmann, Marc
AU - Specht, Alexander
AU - Schneider, Kurt
AU - Jürjens, Jan
N1 - Publisher Copyright:
Copyright © 2025 held by the owner/author(s).
PY - 2025/5/14
Y1 - 2025/5/14
N2 - Security and privacy are increasingly essential concepts in software engineering. New threats and corresponding countermeasures are continuously discovered. Concurrently, projects are becoming more complex and are exposed to a greater number of threats. This presents a significant challenge for software engineers. As a result, security and privacy are often neglected due to a lack of knowledge, limited time, and financial constraints. While systematic literature reviews exist to address the increasing volume of publications, software engineers still require up-to-date knowledge of current threats and measures. This paper presents an automated, time-efficient, and cost-effective method for discovering knowledge from state-of-the-art literature and project artifacts, such as design documents. The presented method utilizes Large Language Models (LLMs) for data extraction and is demonstrated through a prototypical implementation and evaluation. This evaluation involves security and privacy in open-access scientific publications and project documentation from European Union research and development projects. The extracted knowledge is used to populate a quality model that is specifically designed to provide software engineers with information that helps them apply the findings. This quality model offers software engineers valuable, up-to-date insights into security and privacy, bridging the gap between scientific research and practical applications.
AB - Security and privacy are increasingly essential concepts in software engineering. New threats and corresponding countermeasures are continuously discovered. Concurrently, projects are becoming more complex and are exposed to a greater number of threats. This presents a significant challenge for software engineers. As a result, security and privacy are often neglected due to a lack of knowledge, limited time, and financial constraints. While systematic literature reviews exist to address the increasing volume of publications, software engineers still require up-to-date knowledge of current threats and measures. This paper presents an automated, time-efficient, and cost-effective method for discovering knowledge from state-of-the-art literature and project artifacts, such as design documents. The presented method utilizes Large Language Models (LLMs) for data extraction and is demonstrated through a prototypical implementation and evaluation. This evaluation involves security and privacy in open-access scientific publications and project documentation from European Union research and development projects. The extracted knowledge is used to populate a quality model that is specifically designed to provide software engineers with information that helps them apply the findings. This quality model offers software engineers valuable, up-to-date insights into security and privacy, bridging the gap between scientific research and practical applications.
KW - knowledge discovery
KW - large language model
KW - privacy
KW - quality model
KW - security
UR - https://www.scopus.com/pages/publications/105006451939
U2 - 10.1145/3672608.3707798
DO - 10.1145/3672608.3707798
M3 - Conference contribution
AN - SCOPUS:105006451939
T3 - Proceedings of the ACM Symposium on Applied Computing
SP - 1647
EP - 1656
BT - 40th Annual ACM Symposium on Applied Computing, SAC 2025
PB - Association for Computing Machinery
T2 - 40th Annual ACM Symposium on Applied Computing, SAC 2025
Y2 - 31 March 2025 through 4 April 2025
ER -