TY - GEN

T1 - Supporting Software Engineers in IT Security and Privacy through Automated Knowledge Discovery

AU - Ehl, Marco

AU - Ahmadian, Amir Shayan

AU - Großer, Katharina

AU - Elsofi, Duaa Adel Ali

AU - Herrmann, Marc

AU - Specht, Alexander

AU - Schneider, Kurt

AU - Jürjens, Jan

N1 - Publisher Copyright: Copyright © 2025 held by the owner/author(s).

PY - 2025/5/14

Y1 - 2025/5/14

N2 - Security and privacy are increasingly essential concepts in software engineering. New threats and corresponding countermeasures are continuously discovered. Concurrently, projects are becoming more complex and are exposed to a greater number of threats. This presents a significant challenge for software engineers. As a result, security and privacy are often neglected due to a lack of knowledge, limited time, and financial constraints. While systematic literature reviews exist to address the increasing volume of publications, software engineers still require up-to-date knowledge of current threats and measures. This paper presents an automated, time-efficient, and cost-effective method for discovering knowledge from state-of-the-art literature and project artifacts, such as design documents. The presented method utilizes Large Language Models (LLMs) for data extraction and is demonstrated through a prototypical implementation and evaluation. This evaluation involves security and privacy in open-access scientific publications and project documentation from European Union research and development projects. The extracted knowledge is used to populate a quality model that is specifically designed to provide software engineers with information that helps them apply the findings. This quality model offers software engineers valuable, up-to-date insights into security and privacy, bridging the gap between scientific research and practical applications.

AB - Security and privacy are increasingly essential concepts in software engineering. New threats and corresponding countermeasures are continuously discovered. Concurrently, projects are becoming more complex and are exposed to a greater number of threats. This presents a significant challenge for software engineers. As a result, security and privacy are often neglected due to a lack of knowledge, limited time, and financial constraints. While systematic literature reviews exist to address the increasing volume of publications, software engineers still require up-to-date knowledge of current threats and measures. This paper presents an automated, time-efficient, and cost-effective method for discovering knowledge from state-of-the-art literature and project artifacts, such as design documents. The presented method utilizes Large Language Models (LLMs) for data extraction and is demonstrated through a prototypical implementation and evaluation. This evaluation involves security and privacy in open-access scientific publications and project documentation from European Union research and development projects. The extracted knowledge is used to populate a quality model that is specifically designed to provide software engineers with information that helps them apply the findings. This quality model offers software engineers valuable, up-to-date insights into security and privacy, bridging the gap between scientific research and practical applications.

KW - knowledge discovery

KW - large language model

KW - privacy

KW - quality model

KW - security

UR - http://www.scopus.com/inward/record.url?scp=105006451939&partnerID=8YFLogxK

U2 - 10.1145/3672608.3707798

DO - 10.1145/3672608.3707798

M3 - Conference contribution

AN - SCOPUS:105006451939

T3 - Proceedings of the ACM Symposium on Applied Computing

SP - 1647

EP - 1656

BT - 40th Annual ACM Symposium on Applied Computing, SAC 2025

PB - Association for Computing Machinery

T2 - 40th Annual ACM Symposium on Applied Computing, SAC 2025

Y2 - 31 March 2025 through 4 April 2025

ER -