Ehl, MarcoMarcoEhlAhmadian, Amir ShayanAmir ShayanAhmadianGroßer, KatharinaKatharinaGroßerElsofi, Duaa Adel AliDuaa Adel AliElsofiHerrmann, MarcMarcHerrmannSpecht, AlexanderAlexanderSpechtSchneider, KurtKurtSchneiderJürjens, JanJanJürjens2025-07-082025-07-082025https://publica.fraunhofer.de/handle/publica/48927310.1145/3672608.37077982-s2.0-105006451939Security and privacy are increasingly essential concepts in software engineering. New threats and corresponding countermeasures are continuously discovered. Concurrently, projects are becoming more complex and are exposed to a greater number of threats. This presents a significant challenge for software engineers. As a result, security and privacy are often neglected due to a lack of knowledge, limited time, and financial constraints. While systematic literature reviews exist to address the increasing volume of publications, software engineers still require up-to-date knowledge of current threats and measures. This paper presents an automated, time-efficient, and cost-effective method for discovering knowledge from state-of-the-art literature and project artifacts, such as design documents. The presented method utilizes Large Language Models (LLMs) for data extraction and is demonstrated through a prototypical implementation and evaluation. This evaluation involves security and privacy in open-access scientific publications and project documentation from European Union research and development projects. The extracted knowledge is used to populate a quality model that is specifically designed to provide software engineers with information that helps them apply the findings. This quality model offers software engineers valuable, up-to-date insights into security and privacy, bridging the gap between scientific research and practical applications.enfalseknowledge discoverylarge language modelprivacyquality modelsecurityconference paper