Ongoing studies
Interview Study on the Integration of Large Language Models (LLMs)
In this study we are investigates how practitioners decide to adopt (or avoid) LLMs in their projects and what factors, challenges, and safeguards shape these decisions. Our goal is to better understand the role of LLMs in software development workflows and their implications for software supply chain security.
Interview Study on the Trust in the Software Supply Chain Security
We are looking for professional software practitioners with experience in using/making decisions on their software supply chain, both in open-source and industry projects. We are interested in your practices for managing the SSC, how they have changed over the years, and your opinions on the state of SSC security.
Software Supply Chain Security Threat Perceptions
This study investigates developers’ attitudes & perceptions of software supply chain threats and how they anticipate, prepare for, and mitigate these threats. Our goal is to better understand the spectrum of experiences, practices, and challenges that developers have faced.
Completed studies
Interview Study on Impactful Dependency Abandonment
This study is concluded. The study has been published at ICSE 2026 (publication, website). We perform a need-finding interview study with 22 open source maintainers to explore what makes the abandonment of certain dependencies impactful to their project, as well as their information needs and design requirements for such an automated notification tool.
Interview Study on the use of SCA tools
This study is concluded. The study has been published at USENIX Security (publication, website). We also presented this at VulnCon 2025 (talk). We conducted 20 interviews with developers to investigate their processes and challenges around using SCA in their software projects. Interviews covered how SCA tools are integrated into workflows, how reports are interpreted and acted upon, and what challenges were encountered.