Bashar Nuseibeh

• University of Limerick

The security of software systems remains a critical sociotechnical challenge despite existing tools and processes. The articles in this special issue address aspects of security that go beyond code, offering ways to empower developers, provide trust and assurance, and address planning and regulation requirements.

Security attacks are rising, as evidenced by the number of reported vulnerabilities. Among them, unknown attacks, including new variants of existing attacks, technical blind spots or previously undiscovered attacks, challenge enduring security. This is due to the limited number of techniques that diagnose these attacks and enable the selection of a...

In this column, we illustrate real-world scenarios in which modern systems cannot preserve security during operation. We examine the notion of sustainable security and discuss the challenges to engineering sustainably secure systems.

Autonomous systems, such as drones and rescue robots, are increasingly used during emergencies. They deliver services and provide situational awareness that facilitate emergency management and response. To do so, they need to interact and cooperate with humans in their environment. Human behaviour is uncertain and complex, so it can be difficult to...

Student employability is a key goal of a computer science undergraduate education. A soft skills gap has previously been reported between employer requirements and the skills graduates offer, suggesting that educators are inadequately preparing students for their future careers. It is important to identify the links between educators and the materi...

Security vulnerabilities are present in many software systems, putting those who entrust software with their data in harm's way. Many vulnerabilities are avoidable since they are not new and are well-described. Despite this awareness, they remain widespread. One hypothesis for their persistence is that they represent software blindspots, problems t...

Discusses digital humanism in contexts such as AI, platform power, surveillance, democracy and technology ethics Each chapter focuses on a specific topic and includes questions to be answered and an annotated reading list Chapters are written by computer scientists, philosophers, social scientists, political journalists and law experts

In this chapter, we provide an introduction to the discipline of requirements engineering as part of the software engineering process. We indicate how to elicit, articulate, and organize the goals of complex software systems as an explicit expression of the requirements that the proposed or existing software system is expected to achieve and mainta...

As autonomous systems increasingly become part of our lives, it is crucial to foster trust between humans and these systems, to ensure positive outcomes and mitigate harmful ones.

Software engineering skills are broad and varied, encompassing not only technical abilities, but cognitive and social dimensions as well. Previous research establishes soft skills as being central for software engineering, e.g., teamwork, communication, and problem solving, but the relationship between these skills and how higher education prepares...

Autonomous systems, such as drones, are critical for emergency mitigation, management, and recovery. They provide situational awareness and deliver communication services which effectively guide emergency responders’ decision making. This combination of technology and people comprises a socio-technical system. Yet, focusing on the use of drone tech...

Microservice-based applications may include multiple instances of microservices running on containerised infrastructures. These infrastructures pose challenges to digital investigations of security incidents because digital evidence can be destroyed when containers are terminated. Observability techniques are used to facilitate the investigation of...

Secure software is a cornerstone to safe and resilient digital ecosystems. It offers strong foundation to protect users' sensitive data and guard against cyber-threats. The rapidly increasing landscape of digital economy has encouraged developers from different socio-technical and socio-economic backgrounds to join online freelance marketplaces. Wh...

With software systems permeating our lives, we are entitled to expect that such systems are secure by design, and that such security endures throughout the use of these systems and their subsequent evolution. Although adaptive security systems have been proposed to continuously protect assets from harm, they can only mitigate threats arising from c...

Context and motivation: Organisational values such as inclusion are often explicit, providing a common language to guide behaviour and motivate employees. Personal values are often less explicit but do guide individuals’ decisions, and when challenged they generate an emotional response. However, understanding organisational values and linking them...

Software development is a complex process requiring aspects of social, cognitive, and technical skills. Software engineers face high levels of uncertainty and risk during functional and security decision making. This preregistered study investigates behavioural measures of cognitive reflection, risk aversion, and optimism bias among professional fr...

Background Loneliness is a significant well-being issue that affects older adults. Existing, commonly used social connection platforms do not contain facilities to break the cognitive cycle of loneliness, and loneliness interventions implemented without due processes could have detrimental effects on well-being. There is also a lack of digital tech...

We apply a social and cognitive psychological approach to better understand software developers’ perceptions of secure software development. Drawing upon psychological theories of social identity and cognitive processing, we illustrate how software developers’ self-defined social identities affect their approaches to development. We also point to b...

Cyberattacks against Industrial Control Systems (ICS) can have harmful physical impacts. Investigating such attacks can be difficult, as evidence could be lost to physical damage. This is especially true with stealthy attacks; i.e., attacks that can evade detection. In this paper, we aim to engineer Forensic Readiness (FR) in safety-critical, geogr...

Kindness can boost happiness and wellbeing. It can benefit individuals (e.g., increasing resilience) as well as society (e.g., increasing trust). With digital technology permeating our daily lives, there are increasing opportunities for such technology to enable, mediate, and amplify kindness in society. In this paper, we propose kind computing, a...

Activity recognition using wearable sensors has become essential for a variety of applications. Tri-axial accelerometers are the most widely used sensor for activity recognition. Although various features have been used to capture patterns and classify the accelerometer signals to recognise activities, there is no consensus on the best features to...

The pressure on software developers to produce secure software has never been greater. But what does security look like in environments that don’t produce security-critical software? In answer to this question, this multi-sited ethnographic study characterises security episodes and identifies five typical behaviors in software development. Using th...

Supply chain fraud involving counterfeit or adulterated products presents threats to human health and safety. Quality Inspection is a key fraud mitigation tool where inspection planning involves allocating inspection resources across geographically dispersed assets considering both the cost and value of the inspection. I4.0 environments pose furthe...

BACKGROUND The COVID-19 pandemic impacted older adults' social connections and increased loneliness, but also led to increased technology adoption, providing new opportunities to develop technology interventions to meet their social needs. Existing off the shelf social connection platforms do not contain facilities designed to break the cognitive c...

As autonomous systems are becoming part of our daily lives, ensuring their trustworthiness is crucial. There are a number of techniques for demonstrating trustworthiness. Common to all these techniques is the need to articulate specifications. In this paper, we take a broad view of specification, concentrating on top-level requirements including bu...

Background: The global population is aging, leading to shifts in health care needs. In addition to developing technology to support physical health, there is an increasing recognition of the need to consider how technology can support emotional health. This raises the question of how to design devices that older adults can interact with to log the...

Background: Recent studies show that secure coding is about not only technical requirements but also developers' behaviour. Objective: To understand the influence of socio-technical contexts on how developers attend to and engage with security in code, software engineering researchers collaborated with social psychologists on a psychologically-inf...

Objective This study aims to gather public opinion on the Irish “COVID Tracker” digital contact tracing (DCT) App, with particular focus on App usage, usability, usefulness, technological issues encountered, and potential changes to the App. Methods A 35-item online questionnaire was deployed for 10 days in October 2020, 3 months after the launch...

It is imperative for all stakeholders that digital forensics investigations produce reliable results to ensure the field delivers a positive contribution to the pursuit of justice across the globe. Some aspects of these investigations are inevitably contingent on trust, however this is not always explicitly considered or critically evaluated. Erron...

It is imperative for all stakeholders that digital forensics investigations produce reliable results to ensure the field delivers a positive contribution to the pursuit of justice across the globe. Some aspects of these investigations are inevitably contingent on trust, however this is not always explicitly considered or critically evaluated. Erron...

The COVID-19 pandemic is worsening loneliness for many older people through the challenges it poses in engaging with their social worlds. Digital technology has been offered as a potential aid, however, many popular digital tools have not been designed to address the needs of older adults during times of limited contact. We propose that the Social...

Privacy is an essential consideration when designing interactive systems for humans. However, at a time when interactive technologies are increasingly targeted at non-human animals and deployed within multispecies contexts, the question arises as to whether we should extend privacy considerations to other animals. To address this question, we revis...

Attacks on industrial control systems (ICSs) can lead to significant physical damage. While off-line safety and security assessments can provide insight into vulnerable system components, they may not account for stealthy attacks designed to evade anomaly detectors during long operational transients. In this article, we propose a predictive online...

BACKGROUND The global population is aging, leading to shifts in health care needs. In addition to developing technology to support physical health, there is an increasing recognition of the need to consider how technology can support emotional health. This raises the question of how to design devices that older adults can interact with to log their...

Stealthy attacks on Industrial Control Systems can cause significant damage. In this paper, instead of focusing on the detection of stealthy attacks, we aim to provide early warnings to operators, in order to avoid physical damage and preserve in advance data that may serve as an evidence during an investigation. We propose a framework to provide g...

The effective functioning of society is increasingly reliant on supply chains which are susceptible to fraud, such as the distribution of adulterated products. Inspection is a key tool for mitigating fraud, however it has traditionally been constrained by physical characteristics of supply chains such as their size and geographical distribution. Th...

Despite the availability of various methods and tools to facilitate secure coding, developers continue to write code that contains common vulnerabilities. It is important to understand why technological advances do not sufficiently facilitate developers in writing secure code. In order to widen our understanding of developers' behaviour, we conside...

Older adults face significant challenges in regards to the various stereotypes associated with ageing, which have consequences for their mental health and wellbeing. The COVID-19 pandemic has heightened these age-based stereotypes due to older adults' proportionally higher vulnerability to the virus. The present research explored how the pandemic h...

Stealthy attacks on Industrial Control Systems can cause significant damage while evading detection. In this paper, instead of focusing on the detection of stealthy attacks, we aim to provide early warnings to operators, in order to avoid physical damage and preserve in advance data that may serve as an evidence during an investigation. We propose...

Background: Digital contact tracing apps have the potential to augment contact tracing systems and disrupt COVID-19 transmission by rapidly identifying secondary cases prior to the onset of infectiousness and linking them into a system of quarantine, testing, and health care worker case management. The international experience of digital contact tr...

Attacks on Industrial Control Systems (ICS) can lead to significant physical damage. While offline safety and security assessments can provide insight into vulnerable system components, they may not account for stealthy attacks designed to evade anomaly detectors during long operational transients. In this paper, we propose a predictive online moni...

BACKGROUND The silent transmission of COVID-19 has led to an exponential growth of fatal infections. With over 3 million deaths world-wide, the need to control and stem transmission has never been more critical. New COVID-19 vaccines offer hope. However, administration timelines, long-term protection, and effectiveness against variants are still un...

The COVID-19 pandemic is increasing older people's existing challenges in engaging with their physical and social worlds, and is thereby likely to worsen their loneliness. Digital technology has been offered as a potential aid for social connectedness during social distancing/isolation. However, many popular digital communication tools have not bee...

Eyewitnesses to crimes sometimes search for a culprit on social media before viewing a police lineup, but it is not known whether this affects subsequent lineup identification accuracy. The present online study was conducted to address this. Two hundred and eighty-five participants viewed a mock crime video, and after a 15–20 min delay either (i) v...

The COVID-19 pandemic is increasing older people's existing challenges in engaging with their physical and social worlds, and is thereby likely to worsen their loneliness. Digital technology has been offered as a potential aid for social connectedness during social distancing/isolation. However, many popular digital communication tools have not bee...

Software systems are increasingly making decisions on behalf of humans, raising concerns about the fairness of such decisions. Such concerns are usually attributed to flaws in algorithmic design or biased data, but we argue that they are often the result of a lack of explicit specification of fairness requirements. However, such requirements are ch...

BACKGROUND Novel software applications (“Apps”) that can potentially simplify the laborious work of manual contact tracing during the ongoing COVID-19 pandemic are a tempting prospect. Given this potential, many countries have designed, developed and deployed Apps before their efficacy has been established. The Irish health service launched the “CO...

Background Digital Contact Tracing is seen as a key tool in reducing the propagation of Covid-19. But it requires high uptake and continued participation across the population to be effective. To achieve sufficient uptake/participation, health authorities should address, and thus be aware of, user concerns. Aim This work manually analyzes user rev...

Perceptions of police trustworthiness are linked to citizens’ willingness to cooperate with police. Trust can be fostered by introducing accountability mechanisms, or by increasing a shared police/citizen identity, both which can be achieved digitally. Digital mechanisms can also be designed to safeguard, engage, reassure, inform, and empower diver...

BACKGROUND Digital contact tracing apps (DCTAs) have the potential to augment contact tracing systems and disrupt Coronavirus 2019 (COVID-19) transmission. Despite many countries deploying DCTAs, few have disrupted COVID-19 transmission sufficiently to avoid the most restrictive social distancing measures. OBJECTIVE Our aim was to describe and pro...

The emergence of ubiquitous computing (UbiComp) environments has increased the risk of undesired access to individuals’ physical space or their information, anytime and anywhere, raising potentially serious privacy concerns. Individuals lack awareness and control of the vulnerabilities in everyday contexts and need support and care in regulating di...

Contact Tracing (CT) is seen as a key tool in reducing the propagation of viruses, such as Covid-19. Given near ubiquitous societal usage of mobile devices, governments globally are choosing to augment manual CT with CT applications (CTAs) on smart phones. While a plethora of solutions have been spawned, their overall effectiveness is based on majo...

Digital Contact Tracing (DCT) is seen as a key tool in reducing the propagation of viruses such as Covid-19, but it requires uptake and participation in the technology across a large proportion of the population to be effective. While we observe the pervasive uptake of mobile device usage across our society, the installation and usage of contact tra...

Background: Contact tracing remains a critical part of controlling COVID-19 spread. Many countries have developed novel software applications (Apps) in an effort to augment traditional contact tracing methods. Aim: Conduct a national survey of the Irish population to examine barriers and levers to the use of a contact tracing App. Methods: Adu...

Problems come up during software development all the time. When developers hit these bumps, situations can be surprising and new, and they must figure out what — if anything — has gone wrong. Error handling often resolves small, immediate concerns, however, findings from three ethnographically-informed studies suggest that the way developers experien...

Community policing faces a combination of new challenges and opportunities due to both citizens and police adopting new digital technologies. However, there is limited scholarly work providing evidence for how technologies assist citizens' interactions with the police. This paper reports preliminary findings from interviews with 13 participants, bo...

Background: Contact tracing remains a critical part of controlling the spread of COVID-19. Many countries have developed novel software applications (Apps) in an effort to augment traditional contact tracing methods. Aim: To conduct a national survey of the Irish population to examine barriers and levers to the use of a contact tracing App. Methods...

Perceptions of police trustworthiness are linked to citizens' willingness to cooperate with police. Trust can be fostered by introducing accountability mechanisms, or by increasing a shared police/citizen identity, both which can be achieved digitally. Digital mechanisms can also be designed to safeguard, engage, reassure, inform, and empower diver...

Given concerns about mental health during periods of Covid-19 lockdown, it important to understand how engagement with online Covid-19 related material can affect mood. In the UK and Ireland, online community support initiatives (OCSIs) have emerged to help people manage their lives. Yet, little is known about how people engaged with these or wheth...

Research has established the wide variety of security failures in mobile apps, their consequences, and how app developers introduce or exacerbate them. What is not well known is why developers do so—what is the rationale underpinning the decisions they make which eventually strengthen or weaken app security? This is all the more complicated in mode...

We explore a dataset of app developer reasoning to better understand the reasons that may inadvertently promote or demote app developers' prioritization of security. We identify a number of reasons: caring vs. fear of users, the impact of norms, and notions of 'otherness' and 'self' in terms of belonging to groups. Based on our preliminary ndings,...

Cyber-physical systems (CPSs) are part of many critical infrastructures such as industrial automation and transportation systems. Thus, security incidents targeting CPSs can have disruptive consequences to assets and people. As incidents tend to re-occur, sharing knowledge about these incidents can help organizations be more prepared to prevent, mi...

The global population is ageing, leading to shifts in health- care needs. Home healthcare monitoring systems currently focus on physical health, but there is an increasing recogni- tion that psychological wellbeing also needs support. This raises the question of how to design devices that older adults can interact with to log their feelings. We des...

Many software systems have become too large and complex to be managed efficiently by human administrators, particularly when they operate in uncertain and dynamic environments and require frequent changes. Requirements-driven adaptation techniques have been proposed to endow systems with the necessary means to autonomously decide ways to satisfy th...

Pervasive digital technologies are increasingly used to record different aspects of citizens' lives, from activity and location tracking, to social interactions and video recordings of life experiences. However, effective use of these technologies to strengthen collaborations between citizens and police requires a fresh examination of the creation...