Publications

You can also find my articles on my Google Scholar profile.

Journal Articles

[1] Between Law and Code: Challenges and Opportunities for Automating Privacy Assessments

Published in Automated Software Engineering, 2026

Argues that automating GDPR privacy assessments requires bridging legal interpretation and program analysis, and maps out a research agenda for tools at this interface.

Recommended citation: M. Khedkar, M. Schlichtig, N. Atakishiyev, and E. Bodden. "Between Law and Code: Challenges and Opportunities for Automating Privacy Assessments." Automated Software Engineering, 33(2):56, 2026.
Download Paper | Download Bibtex

Conference Papers

[16] Source Code-Driven GDPR Documentation: Supporting RoPA with Assessor View

Published in IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) — Tool Demonstrations Track, 2026

A tool that generates the GDPR Record of Processing Activities (RoPA) directly from source code and presents it to assessors, bringing automated privacy-compliance documentation to its stakeholders.

Recommended citation: M. Khedkar, M. Schlichtig, and E. Bodden. "Source Code-Driven GDPR Documentation: Supporting RoPA with Assessor View." In Proc. SANER, Tool Demonstrations Track, 2026.
Download Bibtex

[15] FP-Predictor — False Positive Prediction for Static Analysis Reports

Published in 2nd International Workshop on Advancing Static Analysis (STATIC), co-located with ICSE 2026, 2026

Explores machine-learning approaches to predict which static analysis warnings are likely to be false positives, enabling more efficient developer triage.

Recommended citation: T. Ohlmer, M. Schlichtig, and E. Bodden. "FP-Predictor -- False Positive Prediction for Static Analysis Reports." In Proc. STATIC@ICSE, 2026.
Download Paper | Download Bibtex

[14] Challenges in Android Data Disclosure: An Empirical Study

Published in IEEE/ACM 13th International Conference on Mobile Software Engineering and Systems (MOBILESoft), 2026

Empirical study revealing widespread gaps between what Android apps actually collect and what they disclose in their privacy notices.

Recommended citation: M. Khedkar, M. Schlichtig, M. Soliman, and E. Bodden. "Challenges in Android Data Disclosure: An Empirical Study." In Proc. MOBILESoft, 2026.
Download Paper | Download Bibtex

[13] Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability

Published in IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2024

Proposes error chains as a first-class concept in static analysis to improve evaluation precision and present analysis results more usably to developers.

Recommended citation: A. K. Wickert, M. Schlichtig, M. Vogel, L. Winter, M. Mezini, and E. Bodden. "Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability." In Proc. SANER, pp. 693--704, 2024.
Download Paper | Download Bibtex

[12] Building a Framework to Improve the User Experience of Static Analysis Tools

Published in 46th IEEE/ACM International Conference on Software Engineering: Companion Proceedings (ICSE Doctoral Symposium), 2024

Doctoral symposium paper presenting a framework for systematically measuring and improving the developer experience of static analysis tools.

Recommended citation: M. Schlichtig. "Building a Framework to Improve the User Experience of Static Analysis Tools." In Proc. ICSE Doctoral Symposium, pp. 165--169, 2024.
Download Paper | Download Bibtex

[11] Advancing Android Privacy Assessments with Automation

Published in 39th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW), 2024

Proposes automation approaches for Android privacy assessments, combining static taint analysis with regulatory compliance requirements.

Recommended citation: M. Khedkar, M. Schlichtig, and E. Bodden. "Advancing Android Privacy Assessments with Automation." In Proc. ASEW, pp. 218--222, 2024.
Download Paper | Download Bibtex

[10] To Fix or Not to Fix: A Critical Study of Crypto-Misuses in the Wild

Published in IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2022

Critical study of real-world cryptographic API misuses, examining which detected misuses are actually fixable and at what cost to developers.

Recommended citation: A. K. Wickert, L. Baumgärtner, M. Schlichtig, K. Narasimhan, and M. Mezini. "To Fix or Not to Fix: A Critical Study of Crypto-Misuses in the Wild." In Proc. TrustCom, pp. 315--322, 2022.
Download Paper | Download Bibtex

[9] FUM — A Framework for API Usage Constraint and Misuse Classification

Published in IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 2022

Formal classification framework distinguishing types of API usage constraints and misuse patterns, enabling more precise detection tool specifications and actionable error messages.

Recommended citation: M. Schlichtig, S. Sassalla, K. Narasimhan, and E. Bodden. "FUM -- A Framework for API Usage Constraint and Misuse Classification." In Proc. SANER, pp. 673--684, IEEE, 2022.
Download Paper | Download Bibtex

[8] A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools

Published in 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2022

First comprehensive usability taxonomy for SAST tools, covering 36 criteria evaluated across 46 tools — revealing that most tools satisfy fewer than half the criteria.

Recommended citation: M. Nachtigall, M. Schlichtig, and E. Bodden. "A Large-Scale Study of Usability Criteria Addressed by Static Analysis Tools." In Proc. ISSTA, pp. 532--543, ACM, 2022.
Download Paper | Download Bibtex

[7] CamBench — Cryptographic API Misuse Detection Tool Benchmark Suite

Published in IEEE/ACM International Conference on Mining Software Repositories (MSR) — Registered Report, 2022

Registered report accepted with In-Principle Acceptance at MSR 2022, proposing a benchmark suite for evaluating cryptographic API misuse detection tools on a curated set of real-world misuse instances, enabling rigorous tool-to-tool comparisons.

Recommended citation: M. Schlichtig, A. K. Wickert, S. Krüger, E. Bodden, and M. Mezini. "CamBench -- Cryptographic API Misuse Detection Tool Benchmark Suite." Registered Report (In-Principle Acceptance), MSR 2022.
Download Paper | Download Bibtex

[6] Data Science und Big Data in der beruflichen Bildung — Konzeption und Erprobung eines Projektkurses für die Sekundarstufe II

Published in Sammelband der 27. Fachtagung der BAG Berufliche Bildung, 2020

Design and evaluation of a project course on Data Science and Big Data for upper secondary vocational education.

Recommended citation: S. Opel and M. Schlichtig. "Data Science und Big Data in der beruflichen Bildung." In Sammelband der 27. Fachtagung der BAG Berufliche Bildung, pp. 176--194. wbv Media, 2020.
Download Bibtex

[5] Developing Teaching Materials on Artificial Intelligence by Using a Simulation Game (Work in Progress)

Published in 14th Workshop in Primary and Secondary Computing Education (WiPSCE'19), 2019

Work-in-progress paper on developing AI teaching materials for secondary schools using a simulation game approach.

Recommended citation: S. Opel, M. Schlichtig, and C. Schulte. "Developing Teaching Materials on Artificial Intelligence by Using a Simulation Game (Work in Progress)." In Proc. WiPSCE'19, pp. 1--2. ACM, 2019.
Download Paper | Download Bibtex

[4] Understanding Artificial Intelligence — A Project for the Development of Comprehensive Teaching Material

Published in ISSEP 2019 — 12th International Conference on Informatics in Schools, 2019

Presents a project for developing comprehensive teaching materials on artificial intelligence for secondary school students.

Recommended citation: M. Schlichtig, S. Opel, L. Budde, and C. Schulte. "Understanding Artificial Intelligence -- A Project for the Development of Comprehensive Teaching Material." In ISSEP 2019, vol. 12, pp. 65--73, 2019.
Download Bibtex

[3] Entwicklung und Reflexion einer Unterrichtssequenz zum Maschinellen Lernen als Aspekt von Data Science in der Sekundarstufe II

Published in INFOS 2019 — Lecture Notes in Informatics (LNI), 2019

Development and reflection of a teaching unit on machine learning as an aspect of data science for upper secondary education.

Recommended citation: S. Opel, M. Schlichtig, C. Schulte et al. "Entwicklung und Reflexion einer Unterrichtssequenz zum Maschinellen Lernen." In INFOS 2019 -- LNI, pp. 285--294. GI, 2019.
Download Bibtex

[2] Maschinelles Lernen im Unterricht mit Jupyter Notebook

Published in INFOS 2019 — Lecture Notes in Informatics (LNI), 2019

Short paper on teaching machine learning in secondary school using Jupyter Notebooks.

Recommended citation: M. Schlichtig, S. Opel, C. Schulte et al. "Maschinelles Lernen im Unterricht mit Jupyter Notebook." In INFOS 2019 -- LNI, p. 385. GI, 2019.
Download Bibtex

[1] Fully-Featured Anonymous Credentials with Reputation System

Published in 13th International Conference on Availability, Reliability and Security (ARES), 2018

Design and implementation of an anonymous credential system with an integrated reputation mechanism.

Recommended citation: K. Bemmann et al. "Fully-Featured Anonymous Credentials with Reputation System." In Proc. ARES '18, Article 42, ACM, 2018.
Download Paper | Download Bibtex

Michael Schlichtig

Publications

Journal Articles

Conference Papers