{"id":"https://openalex.org/W2980596464","doi":"https://doi.org/10.1109/esem.2019.8870153","title":"The Impact of Software Security Practices on Development Effort: An Initial Survey","display_name":"The Impact of Software Security Practices on Development Effort: An Initial Survey","publication_year":2019,"publication_date":"2019-09-01","ids":{"openalex":"https://openalex.org/W2980596464","doi":"https://doi.org/10.1109/esem.2019.8870153","mag":"2980596464"},"language":"en","primary_location":{"id":"doi:10.1109/esem.2019.8870153","is_oa":false,"landing_page_url":"https://doi.org/10.1109/esem.2019.8870153","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5085080986","display_name":"Elaine Venson","orcid":"https://orcid.org/0000-0002-7607-5936"},"institutions":[{"id":"https://openalex.org/I1174212","display_name":"University of Southern California","ror":"https://ror.org/03taz7m60","country_code":"US","type":"education","lineage":["https://openalex.org/I1174212"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Elaine Venson","raw_affiliation_strings":["University of Southern California, Los Angeles, USA"],"affiliations":[{"raw_affiliation_string":"University of Southern California, Los Angeles, USA","institution_ids":["https://openalex.org/I1174212"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058540878","display_name":"Reem Alfayez","orcid":"https://orcid.org/0000-0001-6782-247X"},"institutions":[{"id":"https://openalex.org/I1174212","display_name":"University of Southern California","ror":"https://ror.org/03taz7m60","country_code":"US","type":"education","lineage":["https://openalex.org/I1174212"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Reem Alfayez","raw_affiliation_strings":["University of Southern California, Los Angeles, USA"],"affiliations":[{"raw_affiliation_string":"University of Southern California, Los Angeles, USA","institution_ids":["https://openalex.org/I1174212"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029789095","display_name":"Mar\u00edlia Miranda Forte Gomes","orcid":"https://orcid.org/0000-0001-8584-9676"},"institutions":[{"id":"https://openalex.org/I150729083","display_name":"Universidade de Bras\u00edlia","ror":"https://ror.org/02xfp8v59","country_code":"BR","type":"education","lineage":["https://openalex.org/I150729083"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Marilia M. F. Gomes","raw_affiliation_strings":["University of Brasilia, Brasilia, Brazil"],"affiliations":[{"raw_affiliation_string":"University of Brasilia, Brasilia, Brazil","institution_ids":["https://openalex.org/I150729083"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026426936","display_name":"Rejane Maria da Costa Figueiredo","orcid":"https://orcid.org/0000-0001-8243-7924"},"institutions":[{"id":"https://openalex.org/I150729083","display_name":"Universidade de Bras\u00edlia","ror":"https://ror.org/02xfp8v59","country_code":"BR","type":"education","lineage":["https://openalex.org/I150729083"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Rejane M. C. Figueiredo","raw_affiliation_strings":["University of Brasilia, Brasilia, Brazil"],"affiliations":[{"raw_affiliation_string":"University of Brasilia, Brasilia, Brazil","institution_ids":["https://openalex.org/I150729083"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5020182574","display_name":"Barry Boehm","orcid":null},"institutions":[{"id":"https://openalex.org/I1174212","display_name":"University of Southern California","ror":"https://ror.org/03taz7m60","country_code":"US","type":"education","lineage":["https://openalex.org/I1174212"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Barry Boehm","raw_affiliation_strings":["University of Southern California, Los Angeles, USA"],"affiliations":[{"raw_affiliation_string":"University of Southern California, Los Angeles, USA","institution_ids":["https://openalex.org/I1174212"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5085080986"],"corresponding_institution_ids":["https://openalex.org/I1174212"],"apc_list":null,"apc_paid":null,"fwci":2.374,"has_fulltext":false,"cited_by_count":18,"citation_normalized_percentile":{"value":0.91258473,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"12"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.7163875699043274},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.6300486922264099},{"id":"https://openalex.org/keywords/systems-development-life-cycle","display_name":"Systems development life cycle","score":0.5920091271400452},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.523237407207489},{"id":"https://openalex.org/keywords/software-peer-review","display_name":"Software peer review","score":0.5111611485481262},{"id":"https://openalex.org/keywords/software-development-process","display_name":"Software development process","score":0.5079513192176819},{"id":"https://openalex.org/keywords/personal-software-process","display_name":"Personal software process","score":0.4659496247768402},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4541066586971283},{"id":"https://openalex.org/keywords/social-software-engineering","display_name":"Social software engineering","score":0.4424268901348114},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4182726740837097},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3814852833747864},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.36170291900634766},{"id":"https://openalex.org/keywords/engineering-management","display_name":"Engineering management","score":0.34140175580978394},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.280174195766449},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.25455963611602783},{"id":"https://openalex.org/keywords/software-construction","display_name":"Software construction","score":0.23002827167510986},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.2052837610244751}],"concepts":[{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.7163875699043274},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.6300486922264099},{"id":"https://openalex.org/C120617098","wikidata":"https://www.wikidata.org/wiki/Q559486","display_name":"Systems development life cycle","level":5,"score":0.5920091271400452},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.523237407207489},{"id":"https://openalex.org/C74579156","wikidata":"https://www.wikidata.org/wiki/Q7554342","display_name":"Software peer review","level":5,"score":0.5111611485481262},{"id":"https://openalex.org/C180152950","wikidata":"https://www.wikidata.org/wiki/Q2904257","display_name":"Software development process","level":4,"score":0.5079513192176819},{"id":"https://openalex.org/C39890963","wikidata":"https://www.wikidata.org/wiki/Q1702721","display_name":"Personal software process","level":5,"score":0.4659496247768402},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4541066586971283},{"id":"https://openalex.org/C182500959","wikidata":"https://www.wikidata.org/wiki/Q7551380","display_name":"Social software engineering","level":5,"score":0.4424268901348114},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4182726740837097},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3814852833747864},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.36170291900634766},{"id":"https://openalex.org/C110354214","wikidata":"https://www.wikidata.org/wiki/Q6314146","display_name":"Engineering management","level":1,"score":0.34140175580978394},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.280174195766449},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.25455963611602783},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.23002827167510986},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2052837610244751},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/esem.2019.8870153","is_oa":false,"landing_page_url":"https://doi.org/10.1109/esem.2019.8870153","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/12","display_name":"Responsible consumption and production","score":0.4399999976158142}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":37,"referenced_works":["https://openalex.org/W17818914","https://openalex.org/W1537033052","https://openalex.org/W1604191750","https://openalex.org/W1814291772","https://openalex.org/W1818897895","https://openalex.org/W1947959002","https://openalex.org/W1978415201","https://openalex.org/W1979503333","https://openalex.org/W2006703464","https://openalex.org/W2014271043","https://openalex.org/W2022995025","https://openalex.org/W2050163926","https://openalex.org/W2058871236","https://openalex.org/W2060210006","https://openalex.org/W2073496636","https://openalex.org/W2094774010","https://openalex.org/W2098861514","https://openalex.org/W2146322906","https://openalex.org/W2191018382","https://openalex.org/W2223652430","https://openalex.org/W2361575844","https://openalex.org/W2363451736","https://openalex.org/W2417788275","https://openalex.org/W2471213063","https://openalex.org/W2533379192","https://openalex.org/W2562223200","https://openalex.org/W2562914086","https://openalex.org/W2571995300","https://openalex.org/W2593710147","https://openalex.org/W2603117807","https://openalex.org/W2617116426","https://openalex.org/W2792553346","https://openalex.org/W2793144087","https://openalex.org/W2914024328","https://openalex.org/W4205192141","https://openalex.org/W6600741390","https://openalex.org/W6731547051"],"related_works":["https://openalex.org/W2141388993","https://openalex.org/W1978034799","https://openalex.org/W2999607548","https://openalex.org/W2956597637","https://openalex.org/W2044639210","https://openalex.org/W47727947","https://openalex.org/W2101186143","https://openalex.org/W2186532739","https://openalex.org/W1985408088","https://openalex.org/W2362955522"],"abstract_inverted_index":{"Background:":[0],"Software":[1],"projects":[2,75,140],"are":[3],"facing":[4],"the":[5,12,19,52,59,64,67,118,125,139,151,160,175,199,230],"need":[6,191,216],"to":[7,23,28,47,62,101,158,192,217],"adopt":[8],"security":[9,35,56,88,132,165,203,214],"practices":[10,57,133,215,234],"during":[11],"software":[13,34,55,73,87,147,211,224],"development":[14,74,148,225],"life":[15],"cycle":[16],"(SDLC).":[17],"Nevertheless,":[18],"amount":[20],"of":[21,33,43,51,54,66,69,78,90,106,198,233],"effort":[22,149,166,209],"be":[24,193,218],"invested":[25],"in":[26,58,72,76,138,145,167,210,242],"order":[27],"achieve":[29],"a":[30,83,86,91,97,103,180,205],"certain":[31],"level":[32],"is":[36,46,156,204],"not":[37],"clear":[38],"yet.":[39],"Aims:":[40],"The":[41,109,128,196],"goal":[42],"this":[44,186],"study":[45],"get":[48],"an":[49],"overview":[50],"application":[53],"industry":[60],"and":[61,141,213,235,240],"identify":[63],"impact":[65],"introduction":[68],"such":[70],"activities":[71],"terms":[77],"effort/cost.":[79],"Method:":[80],"We":[81],"conducted":[82],"survey":[84],"on":[85],"group":[89],"professional":[92,176],"social":[93,177],"network":[94,178],"by":[95,114],"applying":[96],"random":[98],"sampling":[99,126,183],"strategy":[100],"establish":[102],"representative":[104],"set":[105],"participants.":[107],"Results:":[108],"questionnaire":[110],"was":[111],"fully":[112],"answered":[113],"110":[115],"participants,":[116],"from":[117,124],"808":[119],"profiles":[120],"that":[121,131,174,190,202,207],"were":[122],"invited":[123],"frame.":[127],"results":[129],"show":[130],"have":[134],"been":[135],"applied":[136],"thoroughly":[137],"revealed":[142],"high":[143],"variability":[144],"secure":[146],"across":[150],"participants'":[152],"projects.":[153,168],"Further":[154],"research":[155],"needed":[157],"understand":[159],"different":[161],"professionals'":[162],"perspectives":[163],"regarding":[164],"As":[169],"lessons":[170],"learned,":[171],"we":[172],"found":[173],"offered":[179],"demographically":[181],"diverse":[182],"frame,":[184],"but":[185],"comes":[187],"with":[188],"hurdles":[189],"overcome.":[194],"Conclusions:":[195],"experiences":[197],"participants":[200],"showed":[201],"factor":[206],"drives":[208],"projects,":[212],"taken":[219],"into":[220],"account":[221],"when":[222],"planning":[223],"initiatives.":[226],"Our":[227],"findings":[228],"about":[229],"current":[231],"state":[232],"adoptions":[236],"can":[237],"help":[238],"practitioners":[239],"researchers":[241],"future":[243],"endeavors.":[244]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}