Goran Piskachev

I am a research associate at Fraunhofer IEM in Paderborn, Germany.

Github Logo Twitter Logo Instagram Logo Facebook Logo


Static code analysis can detect many known vulnerabilities when correctly configured for each application being analyzed. However, the acceptance of static analysis tools from developers is still very low. One of the main issues is that the devlopers are not familiar with the domain and do not know how to set the parameters to get the expected results. Default configurations often result in high number of false positives. If we want to reach SecDevOps process, we need to make sure that the developers are aware of the security issues already in the design phase. In my research, I develop methods and tools that will close the gap between the development and static code analysis. One of the main problem is how to detect security-relevant entities in the code which are needed for the configuration of static analyses. The goal is to provide the developer an IDE-integrated generator of configurations for static analyses that can be used at design time.

Research Areas of Interest:


Work Experience




At Paderborn University, I offer Bachelor, Master or Seminar theses. Here is a list of finished, on going or open topics.
  • [finished] Master thesis - Evaluation of Call Graph Construction for Python, student: Sriteja Kummita (co-supervised)
  • [ongoing] Master thesis - Transformation of Taint and Typestate Specifications, student: Alexander Lorisch (co-supervised)
  • [finished] Seminar Secure Systems Engineering (WS19/20) (SS19) - Transforming Taint flow Specifications into Correct Usage of APIs, student: Ranjith Masthikatte (co-supervised)
  • [finished] Seminar Secure Systems Engineering (WS19/20) - Survey on Domain Specific Languages for Taint Analysis, student: Shreyas Kottur
  • [finished] Pro-Seminar Softwareentwicklung fuer software-intensive Systeme (SS19) - Representing Source Code in Machine Leraning for Code Analysis, student: Jens Ussatis
  • [finished] Seminar Advanced Software Engineering Contepts (SS19) - Integrating Feedback in the IDE, student: Santosh Rangaraju
  • [ongoing] Master thesis - Detection of methods of interest for security based on software documentation, student: Oshando Johnson
  • [finished] Seminar Secure Systems Engineering (WS18/19) - Survey on adaptive static analysis, student: Pavan Gurkhi Bhimesh
  • [finished] Bachelor thesis - Authentication and authorization checker for Java web systems, student: Tobias Petrasch
  • [finished] Bachelor thesis - Evaluation of machine learning algorithms for automatic detection of security-relevant methods, student: Parviz Nasiry
  • [finished] Seminar Secure Systems Engineering (WS17/18) - Inferring specifications for taint-style vulnerabilities, student: Sebastian Mansfield
  • [finished] Seminar Secure Systems Engineering (WS16/17) - Security vulnerabilities in Android's inter-app communication, student: Michael Kuenneke
If you are a student interested in similar topics, feel free to contact me and set up a meeting. Speculative requests are welcome.
Teaching assistance


Goran Piskachev
Fraunhofer IEM Institute for Mechatronic Systems Design
Department Software Engineering and IT-Security
Zukunftsmeile 1
33102 Paderborn

e-Mail: goran.piskachev(at)iem.fraunhofer.de