Security

Reviewed: 2025-01-01

Dr. Oleksandr Adamov

Questions regarding the research presented on this page? Contact Dr. Oleksandr Adamov.

SERL treats security and privacy as everyday engineering work - automated, explainable, and aligned with product flow. One line operationalizes “compliance as code,” connecting standards and audits to CI/CD so evidence is continuously produced rather than retrofitted. Another examines how organizations gauge capability using OWASP SAMM and what different stakeholder groups learn from maturity assessments. Privacy is brought closer to requirements and teams: a natural-language method helps practitioners specify concrete privacy needs, while studies capture how agile developers actually think about data protection in day-to-day work.

At the architecture and operations layer, work focuses on microservices and cloud-native delivery. Results catalogue integration techniques, automate failure analysis from Kubernetes logs, and detect security deficiencies with actionable refactoring advice - helping teams diagnose issues rapidly and fix them in the same loop. Large-scale reuse ecosystems (InnerSource + CI/CD) show how organizations share secure, reusable services without slowing teams, and what governance patterns make reuse stick. Complementary threads cover cybersecurity knowledge automation, confidentiality barriers for SMEs, backward-compatibility debt in service APIs, competency models for security roles, and early lessons from LLMs on enterprise data retrieval.

Together, these insights make security and privacy measurable and improvable within the delivery system - so teams can move fast without losing control of risk.

Current and Future Work

Near-term directions point to end-to-end compliance pipelines linked to OWASP SAMM metrics, giving leaders and teams shared, continuously updated views of risk and progress. Expect privacy-aware requirement toolchains that turn text into checks, plus secure-by-default microservice patterns informed by integration taxonomies and auto-refactoring advice. Logs-driven diagnostics and lightweight knowledge automation will shrink mean-time-to-remediate, while reuse ecosystems spread hardened services across products.

Important context

This text was generated by AI and edited by humans. It is based on SERL's research publications between January 2020 and September 2025. For technical questions, please contact Dr. Michael Unterkalmsteiner.