Supporting Software Engineers in IT Security and Privacy through Automated Knowledge Discovery

Security and privacy are increasingly essential concepts in software engineering. New threats and corresponding countermeasures are continuously discovered. Concurrently, projects are becoming more complex and are exposed to a greater number of threats. This presents a significant challenge for software engineers. As a result, security and privacy are often neglected due to a lack of knowledge, limited time, and financial constraints. While systematic literature reviews exist to address the increasing volume of publications, software engineers still require up-to-date knowledge of current threats and measures. This paper presents an automated, time-efficient, and cost-effective method for discovering knowledge from state-of-the-art literature and project artifacts, such as design documents. The presented method utilizes Large Language Models (LLMs) for data extraction and is demonstrated through a prototypical implementation and evaluation. This evaluation involves security and privacy in open-access scientific publications and project documentation from European Union research and development projects. The extracted knowledge is used to populate a quality model that is specifically designed to provide software engineers with information that helps them apply the findings. This quality model offers software engineers valuable, up-to-date insights into security and privacy, bridging the gap between scientific research and practical applications.