{"id":"https://openalex.org/W3000587097","doi":"https://doi.org/10.1145/3341161.3343520","title":"An empirical study of security culture in open source software communities","display_name":"An empirical study of security culture in open source software communities","publication_year":2019,"publication_date":"2019-08-27","ids":{"openalex":"https://openalex.org/W3000587097","doi":"https://doi.org/10.1145/3341161.3343520","mag":"3000587097"},"language":"en","primary_location":{"id":"doi:10.1145/3341161.3343520","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3341161.3343520","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"http://hdl.handle.net/11250/2646705","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5023668857","display_name":"Shao-Fang Wen","orcid":"https://orcid.org/0000-0002-6228-8367"},"institutions":[{"id":"https://openalex.org/I204778367","display_name":"Norwegian University of Science and Technology","ror":"https://ror.org/05xg72x27","country_code":"NO","type":"education","lineage":["https://openalex.org/I204778367"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Shao-Fang Wen","raw_affiliation_strings":["Norwegian University of Science and Technology, Norway"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Norwegian University of Science and Technology, Norway","institution_ids":["https://openalex.org/I204778367"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043606107","display_name":"Mazaher Kianpour","orcid":"https://orcid.org/0000-0003-2804-4630"},"institutions":[{"id":"https://openalex.org/I204778367","display_name":"Norwegian University of Science and Technology","ror":"https://ror.org/05xg72x27","country_code":"NO","type":"education","lineage":["https://openalex.org/I204778367"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Mazaher Kianpour","raw_affiliation_strings":["Norwegian University of Science and Technology, Norway"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Norwegian University of Science and Technology, Norway","institution_ids":["https://openalex.org/I204778367"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5056125179","display_name":"Stewart Kowalski","orcid":"https://orcid.org/0000-0003-3601-8387"},"institutions":[{"id":"https://openalex.org/I204778367","display_name":"Norwegian University of Science and Technology","ror":"https://ror.org/05xg72x27","country_code":"NO","type":"education","lineage":["https://openalex.org/I204778367"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Stewart Kowalski","raw_affiliation_strings":["Norwegian University of Science and Technology, Norway"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Norwegian University of Science and Technology, Norway","institution_ids":["https://openalex.org/I204778367"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.5623,"has_fulltext":false,"cited_by_count":11,"citation_normalized_percentile":{"value":0.86674081,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"863","last_page":"870"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11675","display_name":"Open Source Software Innovations","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1706","display_name":"Computer Science Applications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11675","display_name":"Open Source Software Innovations","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1706","display_name":"Computer Science Applications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9909999966621399,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/phenomenon","display_name":"Phenomenon","score":0.6141287088394165},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.6003760099411011},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.5905504822731018},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.48929402232170105},{"id":"https://openalex.org/keywords/open-source-software-development","display_name":"Open-source software development","score":0.45992526412010193},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4421641230583191},{"id":"https://openalex.org/keywords/security-awareness","display_name":"Security awareness","score":0.42460769414901733},{"id":"https://openalex.org/keywords/security-through-obscurity","display_name":"Security through obscurity","score":0.42409563064575195},{"id":"https://openalex.org/keywords/corporate-governance","display_name":"Corporate governance","score":0.4240439534187317},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.4220193326473236},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.4211497902870178},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4099089503288269},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.37912267446517944},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.37395575642585754},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.33558791875839233},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.31834420561790466},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.3059421181678772},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.08868074417114258}],"concepts":[{"id":"https://openalex.org/C50335755","wikidata":"https://www.wikidata.org/wiki/Q483247","display_name":"Phenomenon","level":2,"score":0.6141287088394165},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.6003760099411011},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.5905504822731018},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.48929402232170105},{"id":"https://openalex.org/C2778642129","wikidata":"https://www.wikidata.org/wiki/Q7096425","display_name":"Open-source software development","level":4,"score":0.45992526412010193},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4421641230583191},{"id":"https://openalex.org/C2778652015","wikidata":"https://www.wikidata.org/wiki/Q7445019","display_name":"Security awareness","level":3,"score":0.42460769414901733},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.42409563064575195},{"id":"https://openalex.org/C39389867","wikidata":"https://www.wikidata.org/wiki/Q380767","display_name":"Corporate governance","level":2,"score":0.4240439534187317},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.4220193326473236},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.4211497902870178},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4099089503288269},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.37912267446517944},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.37395575642585754},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.33558791875839233},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.31834420561790466},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.3059421181678772},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.08868074417114258},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3341161.3343520","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3341161.3343520","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining","raw_type":"proceedings-article"},{"id":"pmh:oai:ntnuopen.ntnu.no:11250/2646705","is_oa":true,"landing_page_url":"http://hdl.handle.net/11250/2646705","pdf_url":null,"source":{"id":"https://openalex.org/S4306401716","display_name":"Duo Research Archive (University of Oslo)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I184942183","host_organization_name":"University of Oslo","host_organization_lineage":["https://openalex.org/I184942183"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"863-870","raw_type":"info:eu-repo/semantics/bookPart"}],"best_oa_location":{"id":"pmh:oai:ntnuopen.ntnu.no:11250/2646705","is_oa":true,"landing_page_url":"http://hdl.handle.net/11250/2646705","pdf_url":null,"source":{"id":"https://openalex.org/S4306401716","display_name":"Duo Research Archive (University of Oslo)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I184942183","host_organization_name":"University of Oslo","host_organization_lineage":["https://openalex.org/I184942183"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"863-870","raw_type":"info:eu-repo/semantics/bookPart"},"sustainable_development_goals":[{"score":0.7699999809265137,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":78,"referenced_works":["https://openalex.org/W4477077","https://openalex.org/W48376191","https://openalex.org/W65801920","https://openalex.org/W93759702","https://openalex.org/W132253366","https://openalex.org/W133088852","https://openalex.org/W162839092","https://openalex.org/W181331102","https://openalex.org/W578753800","https://openalex.org/W580842819","https://openalex.org/W1486815345","https://openalex.org/W1505316740","https://openalex.org/W1517753279","https://openalex.org/W1550114411","https://openalex.org/W1567353878","https://openalex.org/W1569995930","https://openalex.org/W1583442288","https://openalex.org/W1591380056","https://openalex.org/W1597209777","https://openalex.org/W1602619638","https://openalex.org/W1646161945","https://openalex.org/W1805157503","https://openalex.org/W1940064350","https://openalex.org/W1966308865","https://openalex.org/W1968335087","https://openalex.org/W1987381312","https://openalex.org/W1990562690","https://openalex.org/W2008300029","https://openalex.org/W2018335686","https://openalex.org/W2028561093","https://openalex.org/W2037202491","https://openalex.org/W2049571112","https://openalex.org/W2050908148","https://openalex.org/W2057568301","https://openalex.org/W2058715037","https://openalex.org/W2062429640","https://openalex.org/W2073860209","https://openalex.org/W2079414640","https://openalex.org/W2088489410","https://openalex.org/W2100511523","https://openalex.org/W2101233178","https://openalex.org/W2102099252","https://openalex.org/W2105020735","https://openalex.org/W2110006972","https://openalex.org/W2112601310","https://openalex.org/W2116242639","https://openalex.org/W2120244029","https://openalex.org/W2121066581","https://openalex.org/W2121163786","https://openalex.org/W2122982761","https://openalex.org/W2125703194","https://openalex.org/W2128780139","https://openalex.org/W2136421959","https://openalex.org/W2138783984","https://openalex.org/W2141846678","https://openalex.org/W2143558999","https://openalex.org/W2149812746","https://openalex.org/W2153815796","https://openalex.org/W2157887502","https://openalex.org/W2170440506","https://openalex.org/W2230871008","https://openalex.org/W2408410361","https://openalex.org/W2477001478","https://openalex.org/W2488871603","https://openalex.org/W2546664760","https://openalex.org/W2592282312","https://openalex.org/W2782969241","https://openalex.org/W2800968634","https://openalex.org/W3016485800","https://openalex.org/W3121950684","https://openalex.org/W3122035364","https://openalex.org/W4231721730","https://openalex.org/W4386933105","https://openalex.org/W6601965359","https://openalex.org/W6606602272","https://openalex.org/W6641748263","https://openalex.org/W6652332952","https://openalex.org/W6670396050"],"related_works":["https://openalex.org/W2097628364","https://openalex.org/W1811024770","https://openalex.org/W2395987867","https://openalex.org/W2120086576","https://openalex.org/W3208699506","https://openalex.org/W2032098076","https://openalex.org/W4230385779","https://openalex.org/W3189065608","https://openalex.org/W3163146719","https://openalex.org/W4287279928"],"abstract_inverted_index":{"Open":[0],"source":[1],"software":[2,11,51],"(OSS)":[3],"is":[4],"a":[5,104],"core":[6],"part":[7],"of":[8,20,50,68,77,80,135,159],"virtually":[9],"all":[10],"applications":[12],"today.":[13],"Due":[14],"to":[15,34,131,173],"the":[16,25,27,73,78,81,94,99,121,133,157,164],"rapidly":[17],"growing":[18],"impact":[19],"OSS":[21,42,69,100,126,177],"on":[22,41,47,137],"society":[23],"and":[24,75,117,141,149,166],"economy,":[26],"security":[28,43,62,96,123,136,139,160,169],"aspect":[29],"has":[30,44],"attracted":[31],"researchers'":[32],"attention":[33],"investigate":[35],"this":[36,85,89,153],"distinctive":[37],"phenomenon.":[38],"Traditionally,":[39],"research":[40,86],"often":[45],"focused":[46],"technical":[48,61],"aspects":[49,57,67],"development.":[52],"We":[53],"argue":[54],"that":[55,144,171],"these":[56],"are":[58],"important,":[59],"however,":[60],"practice":[63],"considering":[64],"different":[65],"social":[66],"development":[70,101],"will":[71],"assure":[72],"effectiveness":[74],"efficiency":[76],"implementation":[79],"tool.":[82],"To":[83],"mitigate":[84],"gap,":[87],"in":[88,98,125,163,176],"empirical":[90],"study,":[91],"we":[92,128,145,155],"explore":[93],"current":[95,122],"culture":[97,124,161],"phenomenon":[102],"using":[103],"survey":[105],"instrument":[106],"with":[107],"six":[108],"evaluation":[109],"dimensions:":[110],"attitude,":[111],"behavior,":[112],"competency,":[113],"subjective":[114],"norms,":[115],"governance,":[116],"communication.":[118],"By":[119],"exploring":[120],"communities,":[127],"can":[129,146],"start":[130],"understand":[132],"influence":[134],"participants'":[138],"behaviors":[140],"decision-making,":[142],"so":[143],"make":[147],"realistic":[148],"practical":[150],"suggestions.":[151],"In":[152],"paper,":[154],"present":[156],"measurements":[158],"adopted":[162],"study":[165],"discuss":[167],"corresponding":[168],"issues":[170],"need":[172],"be":[174],"addressed":[175],"communities.":[178]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}