{"id":"https://openalex.org/W2345937746","doi":"https://doi.org/10.1145/2851581.2892392","title":"First-time Security Audits as a Turning Point?","display_name":"First-time Security Audits as a Turning Point?","publication_year":2016,"publication_date":"2016-05-06","ids":{"openalex":"https://openalex.org/W2345937746","doi":"https://doi.org/10.1145/2851581.2892392","mag":"2345937746"},"language":"en","primary_location":{"id":"doi:10.1145/2851581.2892392","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2851581.2892392","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080720838","display_name":"Andreas Poller","orcid":null},"institutions":[{"id":"https://openalex.org/I4210133470","display_name":"Fraunhofer Institute for Secure Information Technology","ror":"https://ror.org/03qt2gs44","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210133470","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Andreas Poller","raw_affiliation_strings":["Fraunhofer Institute for Secure Information Technology SIT, Darmstadt, Hesse, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Secure Information Technology SIT, Darmstadt, Hesse, Germany","institution_ids":["https://openalex.org/I4210133470"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044942571","display_name":"Laura Kocksch","orcid":"https://orcid.org/0000-0003-4661-2638"},"institutions":[{"id":"https://openalex.org/I4210133470","display_name":"Fraunhofer Institute for Secure Information Technology","ror":"https://ror.org/03qt2gs44","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210133470","https://openalex.org/I4923324"]},{"id":"https://openalex.org/I114090438","display_name":"Goethe University Frankfurt","ror":"https://ror.org/04cvxnb49","country_code":"DE","type":"education","lineage":["https://openalex.org/I114090438"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Laura Kocksch","raw_affiliation_strings":["Fraunhofer Institute for Secure Information Technology &amp; Goethe University, Darmstadt, Hesse, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Secure Information Technology &amp; Goethe University, Darmstadt, Hesse, Germany","institution_ids":["https://openalex.org/I4210133470","https://openalex.org/I114090438"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065222438","display_name":"Katharina Kinder\u2010Kurlanda","orcid":"https://orcid.org/0000-0002-7749-645X"},"institutions":[{"id":"https://openalex.org/I4210101898","display_name":"GESIS - Leibniz-Institute for the Social Sciences","ror":"https://ror.org/018afyw53","country_code":"DE","type":"facility","lineage":["https://openalex.org/I315704651","https://openalex.org/I4210101898"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Katharina Kinder-Kurlanda","raw_affiliation_strings":["GESIS - Leibniz-Institute for the Social Sciences, K\u00f6ln, Germany"],"affiliations":[{"raw_affiliation_string":"GESIS - Leibniz-Institute for the Social Sciences, K\u00f6ln, Germany","institution_ids":["https://openalex.org/I4210101898"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5041127285","display_name":"Felix Anand Epp","orcid":"https://orcid.org/0000-0001-6252-7244"},"institutions":[{"id":"https://openalex.org/I4210133470","display_name":"Fraunhofer Institute for Secure Information Technology","ror":"https://ror.org/03qt2gs44","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210133470","https://openalex.org/I4923324"]},{"id":"https://openalex.org/I107257983","display_name":"Darmstadt University of Applied Sciences","ror":"https://ror.org/047wbd030","country_code":"DE","type":"education","lineage":["https://openalex.org/I107257983"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Felix Anand Epp","raw_affiliation_strings":["Fraunhofer Institute for Secure Information Technology &amp; Darmstadt University of Applied Sciences, Darmstadt, Hesse, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Secure Information Technology &amp; Darmstadt University of Applied Sciences, Darmstadt, Hesse, Germany","institution_ids":["https://openalex.org/I4210133470","https://openalex.org/I107257983"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5080720838"],"corresponding_institution_ids":["https://openalex.org/I4210133470"],"apc_list":null,"apc_paid":null,"fwci":0.6635,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.77751521,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1288","last_page":"1294"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9915000200271606,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.6644352674484253},{"id":"https://openalex.org/keywords/information-security-audit","display_name":"Information security audit","score":0.6483491659164429},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.6331529021263123},{"id":"https://openalex.org/keywords/vendor","display_name":"Vendor","score":0.629932701587677},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5946112871170044},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5783019065856934},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.4862464666366577},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4700889587402344},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.44247087836265564},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.3403865098953247},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.33951446413993835},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.28644049167633057},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.2806793451309204},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.26998037099838257},{"id":"https://openalex.org/keywords/accounting","display_name":"Accounting","score":0.21805265545845032},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10119238495826721},{"id":"https://openalex.org/keywords/marketing","display_name":"Marketing","score":0.08030050992965698},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.07091081142425537}],"concepts":[{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.6644352674484253},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.6483491659164429},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.6331529021263123},{"id":"https://openalex.org/C2777338717","wikidata":"https://www.wikidata.org/wiki/Q1762621","display_name":"Vendor","level":2,"score":0.629932701587677},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5946112871170044},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5783019065856934},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.4862464666366577},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4700889587402344},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.44247087836265564},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.3403865098953247},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.33951446413993835},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.28644049167633057},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2806793451309204},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.26998037099838257},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.21805265545845032},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10119238495826721},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.08030050992965698},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.07091081142425537},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/2851581.2892392","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2851581.2892392","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems","raw_type":"proceedings-article"},{"id":"pmh:oai:publica.fraunhofer.de:publica/393138","is_oa":false,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/393138","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"conference paper"},{"id":"pmh:oai:pure.atira.dk:publications/d79f264a-7805-433e-b0e8-51e76f4b5d26","is_oa":false,"landing_page_url":"https://vbn.aau.dk/da/publications/d79f264a-7805-433e-b0e8-51e76f4b5d26","pdf_url":null,"source":{"id":"https://openalex.org/S4306401731","display_name":"VBN Forskningsportal (Aalborg Universitet)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I891191580","host_organization_name":"Aalborg University","host_organization_lineage":["https://openalex.org/I891191580"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Kocksch, L A 2016, 'First-time Security Audits as a Turning Point? Challenges for Security Practices in an Industry Software Development Team', Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems. https://doi.org/10.1145/2851581.2892392","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Partnerships for the goals","score":0.4300000071525574,"id":"https://metadata.un.org/sdg/17"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W1523522201","https://openalex.org/W1850923452","https://openalex.org/W1993621687","https://openalex.org/W2057366964","https://openalex.org/W2057796693","https://openalex.org/W2113147897"],"related_works":["https://openalex.org/W2120086576","https://openalex.org/W2164920192","https://openalex.org/W3189065608","https://openalex.org/W2031957425","https://openalex.org/W896362041","https://openalex.org/W2545999784","https://openalex.org/W1811024770","https://openalex.org/W4230385779","https://openalex.org/W2032098076","https://openalex.org/W2293554594"],"abstract_inverted_index":{"Software":[0],"development":[1,35,62,112,134],"is":[2,47,74,148],"often":[3,56],"accompanied":[4],"by":[5,138],"security":[6,23,52,67,127,143,147],"audits":[7,39,55],"such":[8,38],"as":[9,58],"penetration":[10,21,89,99,123],"tests,":[11],"usually":[12],"performed":[13],"on":[14],"behalf":[15],"of":[16,77,97,133,141,158],"the":[17,41,117,153,159],"software":[18,32,105,111],"vendor.":[19],"In":[20],"tests":[22,124],"experts":[24],"identify":[25],"entry":[26],"points":[27],"for":[28,40,61],"attacks":[29],"in":[30,152],"a":[31,75,94,98,103,110,139],"product.":[33],"Many":[34],"teams":[36],"undergo":[37],"first":[42],"time":[43],"if":[44,146],"their":[45],"product":[46],"attacked":[48],"or":[49],"faces":[50],"new":[51],"concerns.":[53],"The":[54],"serve":[57],"an":[59],"eye-opener":[60],"teams:":[63],"they":[64],"realize":[65],"that":[66,122,130],"requires":[68],"much":[69],"more":[70],"attention.":[71],"However,":[72],"there":[73],"lack":[76,140],"clarity":[78],"with":[79],"regard":[80],"to":[81,115],"what":[82],"lasting":[83],"benefits":[84],"developers":[85],"can":[86],"reap":[87],"from":[88,93],"tests.":[90],"We":[91],"report":[92],"one-year":[95],"study":[96],"test":[100,118],"run":[101],"at":[102],"major":[104],"vendor,":[106],"and":[107,145,155],"describe":[108],"how":[109],"team":[113],"managed":[114],"incorporate":[116],"findings.":[119],"Results":[120],"suggest":[121],"improve":[125],"developers'":[126],"awareness,":[128],"but":[129],"long-lasting":[131],"enhancements":[132],"practices":[135],"are":[136],"hampered":[137],"dedicated":[142],"stakeholders":[144],"not":[149],"properly":[150],"reflected":[151],"communicative":[154],"collaborative":[156],"structures":[157],"organization.":[160]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2018,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}