Our latest research and development work on software supply chain security, vulnerability management, and cloud-native security. Browse whitepapers and academic publications produced alongside the DevGuard project.
Project report exploring a hybrid recommender system that fuses trust-based and knowledge-based collaborative filtering to share VEX assessments and vulnerability-management decisions across DevGuard users.
Dennis Tuan Anh Quach
Untersuchung der zentralen Herausforderungen und konkreter Lösungsansätze, die der Cyber Resilience Act für die Softwareentwicklung in deutschen Unternehmen mit sich bringt.
Frederic Noppe
Callgraph-Analyse für die Reduzierung von False-Positives bei der Schwachstellenidentifikation in JavaScript-Paketen — angewandt auf das npm-Ökosystem im Kontext von DevGuard.
Tim
Untersuchung der Erkennungsraten und Einflussfaktoren verschiedener Open Source Software Composition Analysis (SCA) Scanner.
Refaei ShikhoWe work with academic partners to make DevGuard better — through usability studies, test events, ecosystem analysis, and adversarial research on the modern software supply chain.
Usability studies
Empirical studies on how developers interact with security tooling — what works, what gets in the way, and where DevGuard can do better.
Usability test events
Hands-on test events with developers and security practitioners to surface friction in real workflows and validate design decisions.
Scanners & ecosystems
Comparative research on open-source SCA, SAST, and container scanners across npm, Go, Python, and the broader package ecosystem.
Supply chain attacks
Analysis of real-world supply-chain attacks, malicious packages, and threat models — feeding directly into DevGuard detections.
