{"id":"https://openalex.org/W4402896813","doi":"https://doi.org/10.1109/sera61261.2024.10685585","title":"Drop it All or Pick it Up? How Developers Responded to the Log4JShell Vulnerability","display_name":"Drop it All or Pick it Up? How Developers Responded to the Log4JShell Vulnerability","publication_year":2024,"publication_date":"2024-05-30","ids":{"openalex":"https://openalex.org/W4402896813","doi":"https://doi.org/10.1109/sera61261.2024.10685585"},"language":"en","primary_location":{"id":"doi:10.1109/sera61261.2024.10685585","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/sera61261.2024.10685585","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE/ACIS 22nd International Conference on Software Engineering Research, Management and Applications (SERA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082460687","display_name":"Vittunyuta Maeprasart","orcid":"https://orcid.org/0000-0002-6247-280X"},"institutions":[{"id":"https://openalex.org/I75917431","display_name":"Nara Institute of Science and Technology","ror":"https://ror.org/05bhada84","country_code":"JP","type":"education","lineage":["https://openalex.org/I75917431"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Vittunyuta Maeprasart","raw_affiliation_strings":["Nara Institute of Science and Technology (NAIST),Ecole de technologie supérieure,Montreal"],"affiliations":[{"raw_affiliation_string":"Nara Institute of Science and Technology (NAIST),Ecole de technologie supérieure,Montreal","institution_ids":["https://openalex.org/I75917431"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090942200","display_name":"Ali Ouni","orcid":"https://orcid.org/0000-0003-4708-0362"},"institutions":[{"id":"https://openalex.org/I75917431","display_name":"Nara Institute of Science and Technology","ror":"https://ror.org/05bhada84","country_code":"JP","type":"education","lineage":["https://openalex.org/I75917431"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Ali Ouni","raw_affiliation_strings":["Nara Institute of Science and Technology (NAIST),Ecole de technologie supérieure,Montreal"],"affiliations":[{"raw_affiliation_string":"Nara Institute of Science and Technology (NAIST),Ecole de technologie supérieure,Montreal","institution_ids":["https://openalex.org/I75917431"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5091820517","display_name":"Raula Gaikovina Kula","orcid":"https://orcid.org/0000-0003-2324-0608"},"institutions":[{"id":"https://openalex.org/I75917431","display_name":"Nara Institute of Science and Technology","ror":"https://ror.org/05bhada84","country_code":"JP","type":"education","lineage":["https://openalex.org/I75917431"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Raula Gaikovina Kula","raw_affiliation_strings":["Nara Institute of Science and Technology (NAIST),Ecole de technologie supérieure,Montreal"],"affiliations":[{"raw_affiliation_string":"Nara Institute of Science and Technology (NAIST),Ecole de technologie supérieure,Montreal","institution_ids":["https://openalex.org/I75917431"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5082460687"],"corresponding_institution_ids":["https://openalex.org/I75917431"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.25697544,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"249","last_page":"254"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.6158000230789185,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.6158000230789185,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.54339998960495,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6168452501296997},{"id":"https://openalex.org/keywords/drop-out","display_name":"Drop out","score":0.5407845973968506},{"id":"https://openalex.org/keywords/drop","display_name":"Drop (telecommunication)","score":0.48454299569129944},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4610525667667389},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1984771490097046},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.10739099979400635},{"id":"https://openalex.org/keywords/economics","display_name":"Economics","score":0.08055302500724792}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6168452501296997},{"id":"https://openalex.org/C2984949393","wikidata":"https://www.wikidata.org/wiki/Q1260241","display_name":"Drop out","level":2,"score":0.5407845973968506},{"id":"https://openalex.org/C2781345722","wikidata":"https://www.wikidata.org/wiki/Q5308388","display_name":"Drop (telecommunication)","level":2,"score":0.48454299569129944},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4610525667667389},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1984771490097046},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.10739099979400635},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.08055302500724792},{"id":"https://openalex.org/C4249254","wikidata":"https://www.wikidata.org/wiki/Q3044431","display_name":"Demographic economics","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/sera61261.2024.10685585","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/sera61261.2024.10685585","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE/ACIS 22nd International Conference on Software Engineering Research, Management and Applications (SERA)","raw_type":"proceedings-article"},{"id":"pmh:oai:espace2.etsmtl.ca:29765","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306402392","display_name":"Espace \u00c9TS (ETS)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1341030882","host_organization_name":"Educational Testing Service","host_organization_lineage":["https://openalex.org/I1341030882"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Compte rendu de conf\u00e9rence"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W1792587773","https://openalex.org/W1978813754","https://openalex.org/W1989385531","https://openalex.org/W2144827892","https://openalex.org/W2548749170","https://openalex.org/W2605404816","https://openalex.org/W2766411424","https://openalex.org/W2896373185","https://openalex.org/W2949900321","https://openalex.org/W2951913189","https://openalex.org/W2963256598","https://openalex.org/W2963304573","https://openalex.org/W2963321189","https://openalex.org/W3036270494","https://openalex.org/W3040158574","https://openalex.org/W3121596715","https://openalex.org/W3162867182","https://openalex.org/W3172189288","https://openalex.org/W4256420017","https://openalex.org/W6748952102"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W2015403104","https://openalex.org/W1760458529","https://openalex.org/W2549725516"],"abstract_inverted_index":{"Although":[0],"using":[1],"third-party":[2],"libraries":[3],"has":[4,83],"become":[5],"prevalent":[6],"in":[7,33,64,164,193],"contemporary":[8],"software":[9],"development,":[10],"developers":[11,42,122,191],"often":[12],"struggle":[13],"to":[14,23,56,109,130,142,185,195],"update":[15],"their":[16,65],"dependencies.":[17],"Prior":[18],"works":[19],"acknowledge":[20],"that":[21,41,82,121],"due":[22],"the":[24,34,51,69,75,78,84,115],"migration":[25,35],"effort,":[26],"priority":[27],"and":[28,48,71,105,148,157,189],"other":[29,46],"issues":[30,107,147],"cause":[31],"lags":[32],"process.":[36],"The":[37],"common":[38],"assumption":[39],"is":[40,55,162],"should":[43],"drop":[44],"all":[45,145],"activities":[47,140],"prioritize":[49],"fixing":[50],"vulnerability.":[52,117],"Our":[53,118],"objective":[54],"understand":[57],"developer":[58,139],"behavior":[59],"when":[60],"facing":[61],"high-risk":[62],"vulnerabilities":[63],"code.":[66],"We":[67],"explore":[68],"prolific,":[70],"possibly":[72],"one":[73],"of":[74,77,135,171,181],"cases":[76],"Log4JShell,":[79],"a":[80,95,124,172,178],"vulnerability":[81],"highest":[85],"severity":[86],"rating":[87],"ever,":[88],"which":[89,161],"received":[90],"widespread":[91],"media":[92],"attention.":[93],"Using":[94],"mixed-method":[96],"approach,":[97],"we":[98],"analyze":[99],"219":[100],"GitHub":[101],"Pull":[102],"Requests":[103],"(PR)":[104],"354":[106],"belonging":[108],"53":[110],"Maven":[111],"projects":[112],"affected":[113],"by":[114],"Log4JShell":[116],"study":[119],"confirms":[120],"show":[123],"quick":[125],"response":[126],"taking":[127],"from":[128],"5":[129],"6":[131],"days.":[132],"However,":[133],"instead":[134],"dropping":[136],"everything,":[137],"surprisingly":[138],"tend":[141],"increase":[143],"for":[144],"pending":[146],"PRs.":[149],"Developer":[150],"discussions":[151],"in-volved":[152],"either":[153],"giving":[154],"information":[155,159],"(29.3%)":[156],"seeking":[158],"(20.6%),":[160],"missing":[163],"existing":[165],"support":[166],"tools.":[167],"Leveraging":[168],"this":[169],"possibly-one":[170],"kind":[173],"event,":[174],"insights":[175],"opens":[176],"up":[177],"new":[179],"line":[180],"research,":[182],"causing":[183],"us":[184],"rethink":[186],"best":[187],"practices":[188],"what":[190],"need":[192],"order":[194],"efficiently":[196],"fix":[197],"vulnerabilities.":[198]},"counts_by_year":[],"updated_date":"2025-12-27T23:08:20.325037","created_date":"2025-10-10T00:00:00"}