{"id":"https://openalex.org/W2588952840","doi":"https://doi.org/10.1145/2998181.2998191","title":"Can Security Become a Routine?","display_name":"Can Security Become a Routine?","publication_year":2017,"publication_date":"2017-02-14","ids":{"openalex":"https://openalex.org/W2588952840","doi":"https://doi.org/10.1145/2998181.2998191","mag":"2588952840"},"language":"en","primary_location":{"id":"doi:10.1145/2998181.2998191","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2998181.2998191","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080720838","display_name":"Andreas Poller","orcid":null},"institutions":[{"id":"https://openalex.org/I4210133470","display_name":"Fraunhofer Institute for Secure Information Technology","ror":"https://ror.org/03qt2gs44","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210133470","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Andreas Poller","raw_affiliation_strings":["Fraunhofer Institute for Secure Information Technology SIT, Darmstadt, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Secure Information Technology SIT, Darmstadt, Germany","institution_ids":["https://openalex.org/I4210133470"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044942571","display_name":"Laura Kocksch","orcid":"https://orcid.org/0000-0003-4661-2638"},"institutions":[{"id":"https://openalex.org/I4210133470","display_name":"Fraunhofer Institute for Secure Information Technology","ror":"https://ror.org/03qt2gs44","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210133470","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Laura Kocksch","raw_affiliation_strings":["Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany","institution_ids":["https://openalex.org/I4210133470"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048369184","display_name":"Sven T\u00fcrpe","orcid":"https://orcid.org/0000-0001-8752-5691"},"institutions":[{"id":"https://openalex.org/I4210133470","display_name":"Fraunhofer Institute for Secure Information Technology","ror":"https://ror.org/03qt2gs44","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210133470","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sven T\u00fcrpe","raw_affiliation_strings":["Fraunhofer Institute for Secure Information Technology SIT, Darmstadt, Hesse, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Secure Information Technology SIT, Darmstadt, Hesse, Germany","institution_ids":["https://openalex.org/I4210133470"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041127285","display_name":"Felix Anand Epp","orcid":"https://orcid.org/0000-0001-6252-7244"},"institutions":[{"id":"https://openalex.org/I4210133470","display_name":"Fraunhofer Institute for Secure Information Technology","ror":"https://ror.org/03qt2gs44","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210133470","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Felix Anand Epp","raw_affiliation_strings":["Fraunhofer Institute for Secure Information Technology, Darmstadt, Hesse, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Secure Information Technology, Darmstadt, Hesse, Germany","institution_ids":["https://openalex.org/I4210133470"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5065222438","display_name":"Katharina Kinder\u2010Kurlanda","orcid":"https://orcid.org/0000-0002-7749-645X"},"institutions":[{"id":"https://openalex.org/I4210101898","display_name":"GESIS - Leibniz-Institute for the Social Sciences","ror":"https://ror.org/018afyw53","country_code":"DE","type":"facility","lineage":["https://openalex.org/I315704651","https://openalex.org/I4210101898"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Katharina Kinder-Kurlanda","raw_affiliation_strings":["GESIS - Leibniz-Institute for the Social Sciences, K\u00f6ln, Germany"],"affiliations":[{"raw_affiliation_string":"GESIS - Leibniz-Institute for the Social Sciences, K\u00f6ln, Germany","institution_ids":["https://openalex.org/I4210101898"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5080720838"],"corresponding_institution_ids":["https://openalex.org/I4210133470"],"apc_list":null,"apc_paid":null,"fwci":11.1132,"has_fulltext":false,"cited_by_count":67,"citation_normalized_percentile":{"value":0.98273866,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"2489","last_page":"2503"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.5611351728439331},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.5396857261657715},{"id":"https://openalex.org/keywords/organizational-structure","display_name":"Organizational structure","score":0.5352625846862793},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5327669978141785},{"id":"https://openalex.org/keywords/information-security-audit","display_name":"Information security audit","score":0.508838951587677},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.48999205231666565},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.4219904839992523},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.41983097791671753},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.378473699092865},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.371444970369339},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.36843276023864746},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.3556070625782013},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.3361744284629822},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.33421796560287476},{"id":"https://openalex.org/keywords/management","display_name":"Management","score":0.18081256747245789},{"id":"https://openalex.org/keywords/accounting","display_name":"Accounting","score":0.11552810668945312},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.1118420958518982}],"concepts":[{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.5611351728439331},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.5396857261657715},{"id":"https://openalex.org/C182566","wikidata":"https://www.wikidata.org/wiki/Q759524","display_name":"Organizational structure","level":2,"score":0.5352625846862793},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5327669978141785},{"id":"https://openalex.org/C39358052","wikidata":"https://www.wikidata.org/wiki/Q2578632","display_name":"Information security audit","level":5,"score":0.508838951587677},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.48999205231666565},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.4219904839992523},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.41983097791671753},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.378473699092865},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.371444970369339},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.36843276023864746},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3556070625782013},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.3361744284629822},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.33421796560287476},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.18081256747245789},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.11552810668945312},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.1118420958518982},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/2998181.2998191","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2998181.2998191","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing","raw_type":"proceedings-article"},{"id":"pmh:oai:publica.fraunhofer.de:publica/395308","is_oa":false,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/395308","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"conference paper"},{"id":"pmh:oai:pure.atira.dk:publications/6b531f09-a4cd-4ae6-aa85-e4d1e38bee83","is_oa":false,"landing_page_url":"https://vbn.aau.dk/da/publications/6b531f09-a4cd-4ae6-aa85-e4d1e38bee83","pdf_url":null,"source":{"id":"https://openalex.org/S4306401731","display_name":"VBN Forskningsportal (Aalborg Universitet)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I891191580","host_organization_name":"Aalborg University","host_organization_lineage":["https://openalex.org/I891191580"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Kocksch, L A 2017, 'Can Security Become a Routine? A Study of Organizational Change in an Agile Software Development Group', Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing. https://doi.org/10.1145/2998181.2998191","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4000000059604645,"id":"https://metadata.un.org/sdg/17","display_name":"Partnerships for the goals"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W160180318","https://openalex.org/W234803472","https://openalex.org/W1486737468","https://openalex.org/W1515810707","https://openalex.org/W1529465401","https://openalex.org/W1592034869","https://openalex.org/W1602304209","https://openalex.org/W1850923452","https://openalex.org/W1968165445","https://openalex.org/W1975782063","https://openalex.org/W1979983754","https://openalex.org/W1991650436","https://openalex.org/W1993621687","https://openalex.org/W2008671681","https://openalex.org/W2011098038","https://openalex.org/W2015004885","https://openalex.org/W2020831675","https://openalex.org/W2026645894","https://openalex.org/W2027762082","https://openalex.org/W2057366964","https://openalex.org/W2057796693","https://openalex.org/W2072653937","https://openalex.org/W2074875351","https://openalex.org/W2082187915","https://openalex.org/W2101419153","https://openalex.org/W2102664883","https://openalex.org/W2113147897","https://openalex.org/W2118298147","https://openalex.org/W2126762719","https://openalex.org/W2137297549","https://openalex.org/W2143322095","https://openalex.org/W2153981305","https://openalex.org/W2162976245","https://openalex.org/W2294992695","https://openalex.org/W2487033419","https://openalex.org/W2752455916","https://openalex.org/W2797400701","https://openalex.org/W2911772801","https://openalex.org/W2946759222"],"related_works":["https://openalex.org/W2086178534","https://openalex.org/W1561562093","https://openalex.org/W2120086576","https://openalex.org/W2784006287","https://openalex.org/W2907868081","https://openalex.org/W2222589037","https://openalex.org/W4206910357","https://openalex.org/W2062411488","https://openalex.org/W2056275442","https://openalex.org/W2097628364"],"abstract_inverted_index":{"Organizational":[0],"factors":[1],"influence":[2],"the":[3,61,72,91,122],"success":[4],"of":[5,71,79,88,133],"security":[6,22,37,57,80,108],"initiatives":[7,127],"in":[8,42,98,104,141],"software":[9,44],"development.":[10],"Security":[11,47,126],"audits":[12],"and":[13,30,54,64,135,138,146],"developer":[14],"training":[15],"can":[16],"motivate":[17],"development":[18,45],"teams":[19],"to":[20,129,143],"adopt":[21],"practices,":[23],"but":[24,82,120],"their":[25,50,77],"interplay":[26,132],"with":[27],"organizational":[28,40,93],"structures":[29],"routines":[31,41,89],"remains":[32],"unclear.":[33],"We":[34,59],"studied":[35],"how":[36],"consultancy":[38,66],"affected":[39],"a":[43,56,69,86,99],"group.":[46],"consultants":[48],"tested":[49],"product,":[51],"reported":[52],"vulnerabilities,":[53],"delivered":[55],"training.":[58],"followed":[60],"group":[62,74,112],"during":[63],"after":[65],"events.":[67],"As":[68],"result":[70],"consultancy,":[73],"members":[75,113],"improved":[76],"understanding":[78],"issues,":[81],"could":[83],"not":[84],"effect":[85],"change":[87,119,140],"within":[90],"given":[92],"structure.":[94],"They":[95],"handled":[96],"vulnerabilities":[97],"stabilization":[100],"routine":[101],"without":[102],"changes":[103],"feature":[105],"development,":[106],"where":[107],"remained":[109],"intangible.":[110],"Interestingly,":[111],"acknowledged":[114],"an":[115],"unfulfilled":[116],"need":[117,128],"for":[118],"defended":[121],"structure":[123,134],"inhibiting":[124],"change.":[125],"consider":[130],"this":[131],"situated":[136],"practice,":[137],"manage":[139],"addition":[142],"providing":[144],"expertise":[145],"tools.":[147]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":11},{"year":2021,"cited_by_count":14},{"year":2020,"cited_by_count":7},{"year":2019,"cited_by_count":6},{"year":2018,"cited_by_count":6},{"year":2017,"cited_by_count":3}],"updated_date":"2026-03-31T07:56:22.981413","created_date":"2017-02-24T00:00:00"}