Research Cluster at CREST

Socio-Technical Research Cluster

Focusing on Human-Centered Secure Software Design and Development.

At CREST socio-technical cluster, we believe that it is paramount to focus on the users, their needs and requirements, human factors, and usability factors in software design and development to increase the possibility for the developed software systems to be useful and usable. Therefore, our focus is on developing tools, processors, guidelines, models and effective software by considering the human perspective in all steps of the problem-solving process. We particularly specialise in security-related technology design and development and collaborate with a wide variety of academic and industry partners to conduct world-class research with an impact in this domain.

At a glance, our expertise lies in the following areas:

  • Socio-technical aspects related to software security patch management
  • Socio-technical aspects related to DevSecOps
  • Socio-technical issues related to phishing
  • Cyber security dashboard design and development
  • Security/phishing awareness program design and evaluation
  • Human-AI collaboration
  • Grounded theory/thematic analysis


Areas for our groundbreaking research.

Socio-technical aspects of security patch management

Software Security Patch Management

Human-centric aspects in phishing

Email Security

CCOP- Platform to gather and visualise cyber security data

Cybersecurity Data Visualization

DevSecOps for intra-organizational software dev. teams


Security training, education and awareness design & evaluation

Security Training


Scientific Articles and Technical Reports.

  1. Challenges and solutions when adopting DevSecOps: A systematic review. 2022. IST [Link]
  2. Why, How and Where of Delays in Software Security Patch Management: An Empirical Investigation in the Healthcare Sector. 2022. CSCW [Link]
  3. Systematic Literature Review on Cyber Situational Awareness Visualizations. 2022. IEEE Access [Link]
  4. An Empirical Analysis of Practitioners' Perspectives on Security Tool Integration into DevOps. 2021. ESEM [Link]
  5. A Grounded Theory of the Role of Coordination in Software Security Patch Management. 2021. ESEC/FSE [Link]
  6. Evaluation of Security Training and Awareness Programs: Review of Current Practices and Guideline. 2021. Pending [Link]
  7. Falling for Phishing: An Empirical Investigation into People's Email Response Behaviors. 2021. ICIS [Link]
  8. Software Security Patch Management - A Systematic Literature Review of Challenges, Approaches, Tools and Practices. 2020. IST [Link]
  9. Mining questions asked about continuous software engineering: A case study of stack overflow. 2020. MSR [Link]

Our Amazing Team

Researchers and Engineers who make it happen.

Faculty Members

Prof. M. Ali Babar

Professor & Director CREST

Sherif Haggag

Lecturer(Assistant Professor)

Post Docs & PhD Students

Asangi Jayatilaka

Post Doc

Nesara Dissanayake

PhD. Student

Roshan Rajapakse

PhD. Student

Orvila Sarker

PhD. Student