{"id":"https://openalex.org/W3208610766","doi":"https://doi.org/10.1109/tse.2021.3094171","title":"\u201cI just looked for the solution!\u201dOn Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices","display_name":"\u201cI just looked for the solution!\u201dOn Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices","publication_year":2021,"publication_date":"2021-07-01","ids":{"openalex":"https://openalex.org/W3208610766","doi":"https://doi.org/10.1109/tse.2021.3094171","mag":"3208610766"},"language":"en","primary_location":{"id":"doi:10.1109/tse.2021.3094171","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2021.3094171","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://pub.h-brs.de/files/5631/Gorski2021_IJustLookedForTheSolution.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5043448995","display_name":"Peter Leo Gorski","orcid":"https://orcid.org/0000-0003-0391-4054"},"institutions":[{"id":"https://openalex.org/I155417937","display_name":"Hochschule Bonn-Rhein-Sieg","ror":"https://ror.org/04m2anh63","country_code":"DE","type":"education","lineage":["https://openalex.org/I155417937"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Peter Leo Gorski","raw_affiliation_strings":["Department of Computer Science, Data and Application Security Group, H-BRS University of Applied Sciences, Sankt Augustin, Germany"],"raw_orcid":"https://orcid.org/0000-0003-0391-4054","affiliations":[{"raw_affiliation_string":"Department of Computer Science, Data and Application Security Group, H-BRS University of Applied Sciences, Sankt Augustin, Germany","institution_ids":["https://openalex.org/I155417937"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075001284","display_name":"Sebastian M\u00f6ller","orcid":"https://orcid.org/0000-0003-3057-0760"},"institutions":[{"id":"https://openalex.org/I4577782","display_name":"Technische Universit\u00e4t Berlin","ror":"https://ror.org/03v4gjf40","country_code":"DE","type":"education","lineage":["https://openalex.org/I4577782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sebastian Moller","raw_affiliation_strings":["Quality and Usability Lab, TU Berlin, Berlin, Germany"],"raw_orcid":"https://orcid.org/0000-0003-3057-0760","affiliations":[{"raw_affiliation_string":"Quality and Usability Lab, TU Berlin, Berlin, Germany","institution_ids":["https://openalex.org/I4577782"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089011300","display_name":"Stephan Wiefling","orcid":"https://orcid.org/0000-0001-7917-6065"},"institutions":[{"id":"https://openalex.org/I155417937","display_name":"Hochschule Bonn-Rhein-Sieg","ror":"https://ror.org/04m2anh63","country_code":"DE","type":"education","lineage":["https://openalex.org/I155417937"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Stephan Wiefling","raw_affiliation_strings":["Department of Computer Science, Data and Application Security Group, H-BRS University of Applied Sciences, Sankt Augustin, Germany"],"raw_orcid":"https://orcid.org/0000-0001-7917-6065","affiliations":[{"raw_affiliation_string":"Department of Computer Science, Data and Application Security Group, H-BRS University of Applied Sciences, Sankt Augustin, Germany","institution_ids":["https://openalex.org/I155417937"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5037591969","display_name":"Luigi Lo Iacono","orcid":"https://orcid.org/0000-0002-7863-0622"},"institutions":[{"id":"https://openalex.org/I155417937","display_name":"Hochschule Bonn-Rhein-Sieg","ror":"https://ror.org/04m2anh63","country_code":"DE","type":"education","lineage":["https://openalex.org/I155417937"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Luigi Lo Iacono","raw_affiliation_strings":["Department of Computer Science, Data and Application Security Group, H-BRS University of Applied Sciences, Sankt Augustin, Germany"],"raw_orcid":"https://orcid.org/0000-0002-7863-0622","affiliations":[{"raw_affiliation_string":"Department of Computer Science, Data and Application Security Group, H-BRS University of Applied Sciences, Sankt Augustin, Germany","institution_ids":["https://openalex.org/I155417937"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.9265,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.75041842,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"48","issue":"9","first_page":"3467","last_page":"3484"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/documentation","display_name":"Documentation","score":0.8357613682746887},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.825063169002533},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8045803308486938},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.6979819536209106},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.6090201139450073},{"id":"https://openalex.org/keywords/application-programming-interface","display_name":"Application programming interface","score":0.5984283685684204},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5524477362632751},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.4724707305431366},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4647343158721924},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.35022950172424316},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.29927515983581543},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2880597412586212},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.20722180604934692},{"id":"https://openalex.org/keywords/web-page","display_name":"Web page","score":0.170447438955307},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.14000532031059265},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.12428626418113708}],"concepts":[{"id":"https://openalex.org/C56666940","wikidata":"https://www.wikidata.org/wiki/Q788790","display_name":"Documentation","level":2,"score":0.8357613682746887},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.825063169002533},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8045803308486938},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.6979819536209106},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.6090201139450073},{"id":"https://openalex.org/C99613125","wikidata":"https://www.wikidata.org/wiki/Q165194","display_name":"Application programming interface","level":2,"score":0.5984283685684204},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5524477362632751},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.4724707305431366},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4647343158721924},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.35022950172424316},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.29927515983581543},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2880597412586212},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.20722180604934692},{"id":"https://openalex.org/C21959979","wikidata":"https://www.wikidata.org/wiki/Q36774","display_name":"Web page","level":2,"score":0.170447438955307},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.14000532031059265},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.12428626418113708}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tse.2021.3094171","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2021.3094171","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},{"id":"pmh:oai:pub.h-brs.de:5631","is_oa":true,"landing_page_url":"https://pub.h-brs.de/frontdoor/index/index/docId/5631","pdf_url":"https://pub.h-brs.de/files/5631/Gorski2021_IJustLookedForTheSolution.pdf","source":{"id":"https://openalex.org/S4306400385","display_name":"Publication Server of Bonn-Rhein-Sieg University of Applied Sciences (Bonn-Rhein-Sieg University of Applied Sciences)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I135140700","host_organization_name":"University of Bonn","host_organization_lineage":["https://openalex.org/I135140700"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Transactions on Software Engineering, vol. 48, no. 9, pp. 3467-3484","raw_type":"acceptedVersion"}],"best_oa_location":{"id":"pmh:oai:pub.h-brs.de:5631","is_oa":true,"landing_page_url":"https://pub.h-brs.de/frontdoor/index/index/docId/5631","pdf_url":"https://pub.h-brs.de/files/5631/Gorski2021_IJustLookedForTheSolution.pdf","source":{"id":"https://openalex.org/S4306400385","display_name":"Publication Server of Bonn-Rhein-Sieg University of Applied Sciences (Bonn-Rhein-Sieg University of Applied Sciences)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I135140700","host_organization_name":"University of Bonn","host_organization_lineage":["https://openalex.org/I135140700"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Transactions on Software Engineering, vol. 48, no. 9, pp. 3467-3484","raw_type":"acceptedVersion"},"sustainable_development_goals":[{"score":0.4099999964237213,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W3208610766.pdf"},"referenced_works_count":67,"referenced_works":["https://openalex.org/W74750449","https://openalex.org/W200873936","https://openalex.org/W750932891","https://openalex.org/W1884204318","https://openalex.org/W1966036881","https://openalex.org/W1967041918","https://openalex.org/W1974977720","https://openalex.org/W1996974848","https://openalex.org/W1999284448","https://openalex.org/W2009390220","https://openalex.org/W2013788150","https://openalex.org/W2015480071","https://openalex.org/W2023617068","https://openalex.org/W2031043538","https://openalex.org/W2034688095","https://openalex.org/W2061152427","https://openalex.org/W2061604051","https://openalex.org/W2085710993","https://openalex.org/W2095881341","https://openalex.org/W2096452841","https://openalex.org/W2115998851","https://openalex.org/W2129426180","https://openalex.org/W2142391150","https://openalex.org/W2151665713","https://openalex.org/W2153076044","https://openalex.org/W2155263925","https://openalex.org/W2159449837","https://openalex.org/W2168466961","https://openalex.org/W2294676880","https://openalex.org/W2357927175","https://openalex.org/W2362779523","https://openalex.org/W2510134782","https://openalex.org/W2511044583","https://openalex.org/W2535549398","https://openalex.org/W2541261609","https://openalex.org/W2617813225","https://openalex.org/W2618771940","https://openalex.org/W2698406033","https://openalex.org/W2739693438","https://openalex.org/W2750778058","https://openalex.org/W2766217896","https://openalex.org/W2767943400","https://openalex.org/W2785237606","https://openalex.org/W2804959968","https://openalex.org/W2808181181","https://openalex.org/W2808332736","https://openalex.org/W2899231924","https://openalex.org/W2940466285","https://openalex.org/W2970481120","https://openalex.org/W2984133836","https://openalex.org/W3005750833","https://openalex.org/W3007024382","https://openalex.org/W3034395771","https://openalex.org/W3105642167","https://openalex.org/W4233410239","https://openalex.org/W4244946961","https://openalex.org/W4299818415","https://openalex.org/W6649639798","https://openalex.org/W6697013531","https://openalex.org/W6725800993","https://openalex.org/W6742421840","https://openalex.org/W6752325211","https://openalex.org/W6754257759","https://openalex.org/W6754277020","https://openalex.org/W6754369729","https://openalex.org/W6767466676","https://openalex.org/W6780537732"],"related_works":["https://openalex.org/W2907490423","https://openalex.org/W2548409577","https://openalex.org/W2338961676","https://openalex.org/W2407701912","https://openalex.org/W3180404666","https://openalex.org/W2070218579","https://openalex.org/W2547817202","https://openalex.org/W2164582878","https://openalex.org/W331060086","https://openalex.org/W3156816392"],"abstract_inverted_index":{"Software":[0],"developers":[1,319],"build":[2],"complex":[3],"systems":[4],"using":[5],"plenty":[6],"of":[7,30,57,118,159,205,279,282,318],"third-party":[8],"libraries.":[9],"Documentation":[10],"is":[11,26,89,247,295],"key":[12],"to":[13,70,79,194,203,227,241,255,275,320],"understand":[14],"and":[15,103,137,311,316],"use":[16,61],"the":[17,21,27,48,111,116,139,157,186,223,234,239,280,314],"functionality":[18,25],"provided":[19],"via":[20],"libraries\u2019":[22],"APIs.":[23],"Therefore,":[24],"main":[28],"focus":[29],"contemporary":[31],"API":[32,49,93,124,144,219,287,301],"documentation,":[33],"while":[34,188],"cross-cutting":[35],"concerns":[36],"such":[37,107],"as":[38,91,108,132],"security":[39,54,309],"are":[40,176,215],"almost":[41],"never":[42],"considered":[43],"at":[44],"all,":[45],"especially":[46],"when":[47],"itself":[50],"does":[51],"not":[52,67],"provide":[53],"features.":[55],"Documentations":[56],"JavaScript":[58,143],"libraries":[59],"for":[60,190,306],"in":[62,122,150,162,217,245,285,328],"web":[63],"applications,":[64],"e.g.,":[65],"do":[66],"specify":[68],"how":[69],"add":[71],"or":[72],"adapt":[73],"a":[74,163,191,248,276],"Content":[75],"Security":[76],"Policy":[77],"(CSP)":[78],"mitigate":[80],"content":[81],"injection":[82],"attacks":[83],"like":[84],"Cross-Site":[85],"Scripting":[86],"(XSS).":[87],"This":[88,198,324],"unfortunate,":[90],"security-relevant":[92,120,147,230,283],"documentation":[94,145,187,220,246,288],"might":[95],"have":[96,262],"an":[97,133],"influence":[98],"on":[99,178,289],"secure":[100,257,322],"coding":[101],"practices":[102],"prevailing":[104],"major":[105],"vulnerabilities":[106],"XSS.":[109],"For":[110,126],"first":[112,277],"time,":[113],"we":[114,129,155],"study":[115,135,167,235,273],"effects":[117],"integrating":[119],"information":[121,149,264,284],"non-security":[123,218,286,330],"documentation.":[125],"this":[127,229],"purpose,":[128],"took":[130],"CSP":[131,148,258,290],"exemplary":[134],"object":[136],"extended":[138],"official":[140],"Google":[141],"Maps":[142],"with":[146,180],"three":[151],"distinct":[152],"manners.":[153],"Then,":[154],"evaluated":[156],"usage":[158],"these":[160],"variations":[161],"between-group":[164],"eye-tracking":[165],"lab":[166],"involving":[168],"N=49":[169],"participants.":[170],"Our":[171],"observations":[172],"suggest:":[173],"(1)":[174],"Developers":[175,261],"focused":[177],"elements":[179],"code":[181,213,243],"examples.":[182],"They":[183],"mostly":[184],"skim":[185],"searching":[189],"quick":[192],"solution":[193],"their":[195],"programming":[196],"task.":[197],"finding":[199],"gives":[200],"further":[201,293],"evidence":[202],"results":[204,236],"related":[206],"studies.":[207],"(2)":[208],"The":[209],"location":[210],"where":[211],"CSP-related":[212],"examples":[214,244],"placed":[216],"significantly":[221,253],"impacts":[222],"time":[224],"it":[225],"takes":[226],"find":[228],"information.":[231],"In":[232],"particular,":[233],"showed":[237],"that":[238,266,300],"proximity":[240],"functional-related":[242],"decisive":[249],"factor.":[250],"(3)":[251],"Examples":[252],"help":[254],"produce":[256],"solutions.":[259],"(4)":[260],"additional":[263],"needs":[265],"our":[267,272,297],"approach":[268],"cannot":[269],"meet.":[270],"Overall,":[271],"contributes":[274],"understanding":[278],"impact":[281],"implementation.":[291],"Although":[292],"research":[294],"required,":[296],"findings":[298],"emphasize":[299],"producers":[302],"should":[303],"take":[304],"responsibility":[305,325],"adequately":[307],"documenting":[308],"aspects":[310],"thus":[312],"supporting":[313],"sensibility":[315],"training":[317],"implement":[321],"systems.":[323],"also":[326],"holds":[327],"seemingly":[329],"relevant":[331],"contexts.":[332]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}