Those who develop software typically prioritize ensuring IT functions effectively over prioritizing security. Professor Dr. Alena Naiakshina at the Faculty of Computer Science is researching the reasons behind this and exploring how software can be made more secure. She holds the newly appointed position of Professor for Developer-Centred Security.
"There are many people working in the industry who have taught themselves software development," says Alena Naiakshina. They often build security components into their software via application programming interfaces (APIs) or cryptography libraries, which are intended to ensure the encryption of confidential data, for example. However, certain parameters must also be selected here - and the resulting security level depends on the correct choice. "People often simply google the parameters - but that's not always the best way to find the most secure result," says the researcher.
More Support for Software Developers
Alena Naiakshina and her team are researching, for example, whether the selection of such parameters can be automated to support software developers. "Developers are rarely security experts," she says, "but when errors occur, they are held responsible for them." The developers, in turn, would then point out that the security requirements were not clearly defined. "The people who set the requirements are usually not familiar with security either," says Naiakshina, describing another problem. Thus, it is essential to provide secure-by-default solutions.
How Will AI Change the Industry?
Naiakshina's group is also focussing on artificial intelligence (AI). Are developers now asking AI assistants instead of Google how to choose security parameters? How are the requests formulated? How does AI influence the code ultimately used? Researchers are currently tackling these and other topics. As is the question of how to motivate software developers to participate in studies in the first place.
The fact that people are at the centre of her IT security research fascinates Alena Naiakshina. "I was interested in science from an early age," she says, "and when I realized during my Master's degree that I could conduct human-centered research in such a technical-focused field, I thought: Wow! That's when I found my calling."
Visits to Girls' Day and open days at universities also played a big part in her decision to pursue a career in IT security. "I can only recommend everyone to take up such offers," advises Alena Naiakshina. "You still don't meet many women studying computer science. But there's no reason to be afraid of it! We need to take away women's fear of technical professions. Nothing you need is magic - and it's not about programming code all day either." In any case, the researcher would be delighted to meet more women in her discipline in the future who are helping to make software more secure.
About the Person
- 2010 to 2016: Studied computer science at the Rheinische Friedrich-Wilhelms-Universität Bonn
- 2017 to 2021: Research assistant, Rheinische Friedrich-Wilhelms-Universität Bonn
- 2020: Doctorate, Rheinische Friedrich-Wilhelms-University Bonn
- 2021: John Karat Usable Privacy and Security Student Research Award
- 2021 to 2023: Junior Professorship Developer-Centred Security, Ruhr University Bochum
- Since 2023: Associate Professorship for Developer-Centred Security, Ruhr University Bochum
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.