The year 2025 brought SECUSO many new things: In addition to four new employees and numerous new student assistants who joined our team in 2025, we also expanded our societal outreach with the citizen panel “Wir forschen Digital”. Since November 1, citizens from Karlsruhe are able to register for participation in research studies. Two major events have dominated most of the year: Until May, we prepared the evaluation of the Topic Engineering Secure Systems (ESS) as coordinator of the Human and Societal Factors research group. In October, we helped organize the International Conference on Electronic Voting (E-Vote-ID), followed by the Dagstuhl Seminar on “Trustworthy Evidence-Based Elections”. We were also active in the area of research and teaching this year: a total of 24 scientific publications, in particular on the topics of security notifications and phishing, were published this year and we supervised a total of nine theses on various topics. As always, we have summarized all the news in our Christmas post. Enjoy reading and Merry Christmas!

His presentation aimed to provide an overview of the current research in these fields, conducted by the SECUSO research group and his own work. He covered topics like phishing awareness measures, the long-term effectiveness of these measures, and the role of security interventions in everyday life. Dr. Berens also touched upon the latest research on e-voting and privacy protection. Afterward, he engaged in discussions with the researchers, exploring various subjects, including the creation of active knowledge in the phishing domain.

The paper “The whos, whats, and whys of issues related to personal data and data protection in open-source projects on GitHub” by Anne Hennig, Lukas Schulte, Steffen Herbold, Oksana Kulyk and Peter Mayer was accepted as a journal-first paper for presentation at the 48th International Conference on Software Engineering. In the paper, 652 issues from open source projects on GitHub were examined to determine how, by whom and for what reason data protection topics are reported and discussed. Although there was a significant increase in issues after the GDPR came into force, it was found that data protection is discussed beyond compliance issues among developers. ICSE 2026 will take place from April 12-18, 2026 in Rio de Janeiro, Brazil.

In May 2025, SECUSO was part of the evaluation of the Helmholtz Topic Engineering Secure System (ESS). Part of the evaluation was also the research of the research group Human and Societal Factors under the leadership of SECUSO. This also includes the development of the NoPhish concept and various measures respectively their evaluation in studies. For the Helmholtz evaluation, a short video was also created in which Dr. Benjamin Berens briefly explains the concept and the research behind it. In addition, it is discussed what influence the measures currently have on society, e.g. over 30,000 views on the videos on Youtube or over 70 organizations that use or recommend the measures.