About the ASCD Project

Context of the ASCD Project

To stay competitive in the global market, software companies have adopted software engineering practices such as DevOps and Microservices, which enable them to deliver and maintain an ever-growing set of functionalities in their products.

A side-effect of this phenomenon is an increased complexity of software architecture and team coordination, which heavily impacts on cybersecurity, i.e., the guarantees that a company can provide about the security and privacy of their applications - e.g., that the software is not vulnerable to a certain spectrum of cyberattacks and/or it properly addresses the privacy concerns of the end-users (e.g., GDPR).

Aim of the Project

There is no report on the current status of awareness and the use of secure and privacy-preserving methods among Danish companies and present the data in a statistically significant manner.

The ASCD project aims to study and report on the existing cybersecurity and privacy protection practices used in large Danish companies and SMEs.

The results obtained by the investigations and reports of the ASCD will be useful to support informed decisions on what, where, and how to invest to improve and secure the critical and not critical applications in the Danish context, including how to address privacy issues that are becoming especially relevant in light of the introduction of the GDPR.

Project Activities

Activities planned within the project include:

  • a systematic survey aimed at finding out the extent of employment of cybersecurity practices by software development companies, as well as awareness about security and privacy risks, user concerns, and measures to protect against them among the developers. This systematic survey should involve both university, industry, and relevant public partners of different sizes;
  • a follow-up qualitative study, involving interviews at selected companies. The study will focus on investigating the mental models of security and privacy among the developers, as well as identifying challenges they face in adhering to best practices of security and privacy protection and in ensuring trust among their customers;

  • the redaction of a report collecting all the findings from the previous activities, with the aims of:
    • providing an overview of cybersecurity and data protection practices employed within Danish companies;
    • describe the extent of security and privacy awareness among developers in the companies;
    • describe the challenges companies face in implementing proper measures for security and privacy protection and possible remedies
    • outline directions for future research and funding opportunities at the national and international level (e.g., Horizon Europe program) to boost up the security of Danish companies.


The IT University of Copenhagen and the University of Southern Denmark are the host institution of the ASCD project. The universities are front-runners in developing and promoting best security practices for digital services. The scientific responsible scientists for the ASCD project are:

Name Affiliation Role Expertise
Oksana Kulyk IT University of Copenhagen, Assistant Professor Co-Principal Investigator Human Factors in Security and Privacy
Jacopo Mauro University of Southern Denmark, Associate Professor Co-Principal Investigator Software Engineering and DevSecOps

The other team members are:

Name Affiliation Role Expertise
Asmita Dalela IT University of Copenhagen, Research Assistant Researcher Techno-Anthropologist
Saverio Giallorenzo Università di Bologna, Assistant Professor
Formerly, University of Southern Denmark, Postdoctoral Researcher
Co-principal Investigator Microservice Security
Bjørn Høj Jakobsen University of Southern Denmark, Compliance Consultant Security Consultant Security Standards
Elda Paja IT University of Copenhagen, Assistant Professor Researcher Software Engineering