Daniel Votipka

Latest

• 'I’m trying to learn…and I’m shooting myself in the foot': Beginners’ Struggles When Solving Binary Exploitation Exercises
• 'Threat modeling is very formal, it’s very technical, and also very hard to do correctly': Investigating Threat Modeling Practices in Open-Source Software Projects
• An Investigation of Interaction and Information Needs for Protocol Reverse Engineering Automation
• Expert Insights into Advanced Persistent Threats: Analysis, Attribution, and Challenges
• Using AI Assistants in Software Development: A Qualitative Study on Security Practices and Concerns
• A Survey of Cybersecurity Professionals’ Perceptions and Experiences of Safety and Belonging in the Community
• “I can say I’m John Travolta...but I’m not John Travolta.” Investigating the Impact of Changes to Social Media Verification Policies on User Perceptions of Verified Accounts
• 'There are Rabbit Holes I Want to Go Down that I'm Not Allowed to Go Down': An Investigation of Security Expert Threat Modeling Practices for Medical Devices
• An Investigation of US Universities’ Implementation of FERPA Student Directory Policies and Student Privacy Preferences
• Bug Hunters’ Perspectives on the Challenges and Benefits of the Bug Bounty Ecosystem
• Everybody’s Got ML, Tell Me What Else You Have: Practitioners' Perception of ML-Based Security Tools and Explanations
• Vulnerability Discovery for All: Experiences of Marginalization in Vulnerability Discovery
• Understanding the How and the Why: Exploring Secure Development Practices Through a Course Competition
• A Qualitative Evaluation of Reverse Engineering Tool Usability
• How Ready is Your Ready? Assessing the Usability of Incident Response Playbook Frameworks
• Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples
• Benefits and Drawbacks of Adopting a Secure Programming Language: Rust as a Case Study
• An Investigation of Online Reverse Engineering Community Discussions in the Context of Ghidra
• HackEd: A Pedagogical Analysis of Online Vulnerability Discovery Exercises
• On the Other Side of the Table: Hosting Capture-the-Flag (CTF) Competitions, An Investigation from the CTF Organizer’s Perspective
• The Hackers’ Viewpoint: Exploring Challenges and Benefits of Bug-Bounty Programs
• An Observational Investigation of Reverse Engineers' Processes
• Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It
• Building and Validating a Scale for Secure Software Development Self-Efficacy
• Symbolic Path Tracing to Find Android Permission-Use Triggers
• Does Being Verified Make You More Credible? The Effect of Account Verification on Tweet Credibility
• The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level
• User Comfort with Android Background Resource Accesses in Different Contexts
• Toward a Field Study on the Impact of Hacking Competitions on Secure Development
• Hackers vs Testers: A Comparison of Software Vulnerability Discovery Processes
• User Interactions and Permission Use on Android
• Passe-Partout:A General Collection Methodology for Android Devices
• All Your Droids are Belong to Us: A Survey of Current Android Attacks