{"id":"https://openalex.org/W2948045409","doi":"https://doi.org/10.1145/3344948.3344995","title":"Inspection guidelines to identify security design flaws","display_name":"Inspection guidelines to identify security design flaws","publication_year":2019,"publication_date":"2019-09-05","ids":{"openalex":"https://openalex.org/W2948045409","doi":"https://doi.org/10.1145/3344948.3344995","mag":"2948045409"},"language":"en","primary_location":{"id":"doi:10.1145/3344948.3344995","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3344948.3344995","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 13th European Conference on Software Architecture - Volume 2","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1906.01961","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5007822940","display_name":"Katja Tuma","orcid":"https://orcid.org/0000-0001-7189-2817"},"institutions":[{"id":"https://openalex.org/I881427289","display_name":"University of Gothenburg","ror":"https://ror.org/01tm6cn81","country_code":"SE","type":"education","lineage":["https://openalex.org/I881427289"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Katja Tuma","raw_affiliation_strings":["University of Gothenburg, Gothenburg, Sweden","University of Gothenburg , Gothenburg , Sweden"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Gothenburg, Gothenburg, Sweden","institution_ids":["https://openalex.org/I881427289"]},{"raw_affiliation_string":"University of Gothenburg , Gothenburg , Sweden","institution_ids":["https://openalex.org/I881427289"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062076016","display_name":"Danial Hosseini","orcid":null},"institutions":[{"id":"https://openalex.org/I1321014770","display_name":"Association for Computing Machinery","ror":"https://ror.org/03wsadn68","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1321014770"]},{"id":"https://openalex.org/I881427289","display_name":"University of Gothenburg","ror":"https://ror.org/01tm6cn81","country_code":"SE","type":"education","lineage":["https://openalex.org/I881427289"]}],"countries":["SE","US"],"is_corresponding":false,"raw_author_name":"Danial Hosseini","raw_affiliation_strings":["University of Gothenburg, Gothenburg, Sweden","Association for Computing Machinery"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Gothenburg, Gothenburg, Sweden","institution_ids":["https://openalex.org/I881427289"]},{"raw_affiliation_string":"Association for Computing Machinery","institution_ids":["https://openalex.org/I1321014770"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082466757","display_name":"Kyriakos Malamas","orcid":null},"institutions":[{"id":"https://openalex.org/I881427289","display_name":"University of Gothenburg","ror":"https://ror.org/01tm6cn81","country_code":"SE","type":"education","lineage":["https://openalex.org/I881427289"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Kyriakos Malamas","raw_affiliation_strings":["University of Gothenburg, Gothenburg, Sweden","University of Gothenburg , Gothenburg , Sweden"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Gothenburg, Gothenburg, Sweden","institution_ids":["https://openalex.org/I881427289"]},{"raw_affiliation_string":"University of Gothenburg , Gothenburg , Sweden","institution_ids":["https://openalex.org/I881427289"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012313708","display_name":"Riccardo Scandariato","orcid":"https://orcid.org/0000-0003-3591-7671"},"institutions":[{"id":"https://openalex.org/I881427289","display_name":"University of Gothenburg","ror":"https://ror.org/01tm6cn81","country_code":"SE","type":"education","lineage":["https://openalex.org/I881427289"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Riccardo Scandariato","raw_affiliation_strings":["University of Gothenburg, Gothenburg, Sweden","University of Gothenburg , Gothenburg , Sweden"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Gothenburg, Gothenburg, Sweden","institution_ids":["https://openalex.org/I881427289"]},{"raw_affiliation_string":"University of Gothenburg , Gothenburg , Sweden","institution_ids":["https://openalex.org/I881427289"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.06762971,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"116","last_page":"122"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.637366533279419},{"id":"https://openalex.org/keywords/agile-software-development","display_name":"Agile software development","score":0.594305694103241},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5903899669647217},{"id":"https://openalex.org/keywords/documentation","display_name":"Documentation","score":0.5739762187004089},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5262576341629028},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5050533413887024},{"id":"https://openalex.org/keywords/devops","display_name":"DevOps","score":0.47534939646720886},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.43269699811935425},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4283132553100586},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.39388012886047363},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3374941349029541},{"id":"https://openalex.org/keywords/engineering-management","display_name":"Engineering management","score":0.3244755268096924},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.2451326847076416},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.22449547052383423},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.21147707104682922},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.12054905295372009}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.637366533279419},{"id":"https://openalex.org/C14185376","wikidata":"https://www.wikidata.org/wiki/Q30232","display_name":"Agile software development","level":2,"score":0.594305694103241},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5903899669647217},{"id":"https://openalex.org/C56666940","wikidata":"https://www.wikidata.org/wiki/Q788790","display_name":"Documentation","level":2,"score":0.5739762187004089},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5262576341629028},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5050533413887024},{"id":"https://openalex.org/C9903902","wikidata":"https://www.wikidata.org/wiki/Q3025536","display_name":"DevOps","level":3,"score":0.47534939646720886},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.43269699811935425},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4283132553100586},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.39388012886047363},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3374941349029541},{"id":"https://openalex.org/C110354214","wikidata":"https://www.wikidata.org/wiki/Q6314146","display_name":"Engineering management","level":1,"score":0.3244755268096924},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2451326847076416},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.22449547052383423},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.21147707104682922},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.12054905295372009},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":7,"locations":[{"id":"doi:10.1145/3344948.3344995","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3344948.3344995","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 13th European Conference on Software Architecture - Volume 2","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1906.01961","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1906.01961","pdf_url":"https://arxiv.org/pdf/1906.01961","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"mag:2948045409","is_oa":true,"landing_page_url":"https://arxiv.org/pdf/1906.01961v1","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},{"id":"pmh:oai:research.chalmers.se:516185","is_oa":false,"landing_page_url":"https://research.chalmers.se/en/publication/516185","pdf_url":null,"source":{"id":"https://openalex.org/S4306402469","display_name":"Chalmers Research (Chalmers University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I66862912","host_organization_name":"Chalmers University of Technology","host_organization_lineage":["https://openalex.org/I66862912"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":null},{"id":"pmh:oai:tore.tuhh.de:11420/10255","is_oa":false,"landing_page_url":"http://hdl.handle.net/11420/10255","pdf_url":null,"source":{"id":"https://openalex.org/S4306401751","display_name":"tub.dok (Hamburg University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I884043246","host_organization_name":"Hamburg University of Technology","host_organization_lineage":["https://openalex.org/I884043246"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference Paper"},{"id":"pmh:vu:oai:research.vu.nl:publications/55ce39c9-afb3-403f-b749-0d7e9bf125cc","is_oa":false,"landing_page_url":"https://research.vu.nl/en/publications/55ce39c9-afb3-403f-b749-0d7e9bf125cc","pdf_url":null,"source":{"id":"https://openalex.org/S4306401843","display_name":"Data Archiving and Networked Services (DANS)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1322597698","host_organization_name":"Royal Netherlands Academy of Arts and Sciences","host_organization_lineage":["https://openalex.org/I1322597698"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"13th European Conference on Software Architecture, ECSA 2019 - Companion Proceedings, 116 - 122","raw_type":"info:eu-repo/semantics/conferencepaper"},{"id":"doi:10.48550/arxiv.1906.01961","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.1906.01961","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1906.01961","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1906.01961","pdf_url":"https://arxiv.org/pdf/1906.01961","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/12","score":0.4300000071525574,"display_name":"Responsible consumption and production"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2948045409.pdf","grobid_xml":"https://content.openalex.org/works/W2948045409.grobid-xml"},"referenced_works_count":22,"referenced_works":["https://openalex.org/W572872720","https://openalex.org/W1737185541","https://openalex.org/W1977603982","https://openalex.org/W2023070166","https://openalex.org/W2028834599","https://openalex.org/W2060746033","https://openalex.org/W2062658323","https://openalex.org/W2089216878","https://openalex.org/W2116560806","https://openalex.org/W2132695268","https://openalex.org/W2159834252","https://openalex.org/W2405334550","https://openalex.org/W2472351859","https://openalex.org/W2600772814","https://openalex.org/W2613058612","https://openalex.org/W2731964824","https://openalex.org/W2801519434","https://openalex.org/W2809689731","https://openalex.org/W2890916148","https://openalex.org/W2908644926","https://openalex.org/W2941318293","https://openalex.org/W4250780101"],"related_works":["https://openalex.org/W34326359","https://openalex.org/W1179379724","https://openalex.org/W1992081504","https://openalex.org/W2745774750","https://openalex.org/W172980757","https://openalex.org/W2492591715","https://openalex.org/W2107086891","https://openalex.org/W1876404477","https://openalex.org/W2809689731","https://openalex.org/W2965480889","https://openalex.org/W1562665779","https://openalex.org/W2959088703","https://openalex.org/W3194871050","https://openalex.org/W2947662160","https://openalex.org/W2168543747","https://openalex.org/W173500028","https://openalex.org/W2972204661","https://openalex.org/W2562363570","https://openalex.org/W2565032187","https://openalex.org/W379858812"],"abstract_inverted_index":{"Recent":[0],"trends":[1],"in":[2,163],"the":[3,12,16,124,131,134,146],"software":[4,25],"development":[5,13],"practices":[6],"(Agile,":[7],"De-vOps,":[8],"CI)":[9],"have":[10],"shortened":[11],"life-cycle":[14],"causing":[15],"need":[17],"for":[18,29,88,112,130,140],"efficient":[19],"security-by-design":[20],"approaches.":[21],"In":[22],"this":[23,71,92],"context,":[24],"architectures":[26],"are":[27,38],"analyzed":[28],"potential":[30],"vulnerabilities":[31],"and":[32,44,76,100,117,137,152,161],"design":[33,36,66,82,115],"flaws.":[34,67],"Yet,":[35],"flaws":[37,83,116],"often":[39],"documented":[40],"with":[41,98,119,143],"natural":[42],"language":[43],"require":[45],"a":[46,78,106],"manual":[47],"analysis,":[48],"which":[49],"is":[50,60,73],"inefficient.":[51],"Besides":[52],"low-level":[53],"vulnerability":[54],"databases":[55],"(e.g.,":[56],"CWE,":[57],"CAPEC)":[58],"there":[59],"little":[61],"systematized":[62],"knowledge":[63],"on":[64],"security":[65,81,114],"The":[68],"purpose":[69],"of":[70,80,108,123,133,148,154],"work":[72],"to":[74,145],"present":[75],"evaluate":[77],"catalog":[79,107,150],"accompanied":[84],"by":[85],"inspection":[86,110,125,135],"guidelines":[87,111,136],"their":[89,141],"detection.":[90],"To":[91],"aim,":[93],"we":[94],"conduct":[95],"empirical":[96,121,165],"studies":[97],"master":[99],"doctoral":[101],"students.":[102],"This":[103],"paper":[104],"presents":[105],"19":[109],"detecting":[113],"contributes":[118],"an":[120],"evaluation":[122],"guidelines.":[126],"We":[127,156],"also":[128],"account":[129],"shortcomings":[132],"make":[138],"suggestions":[139],"improvement":[142],"respect":[144],"generalization":[147],"guidelines,":[149],"re-organization,":[151],"format":[153],"documentation.":[155],"record":[157],"similar":[158],"precision,":[159],"recall,":[160],"productivity":[162],"both":[164],"studies.":[166]},"counts_by_year":[{"year":2023,"cited_by_count":1}],"updated_date":"2026-07-02T09:51:11.867554","created_date":"2025-10-10T00:00:00"}
