{"id":"https://openalex.org/W2948045409","doi":"https://doi.org/10.1145/3344948.3344995","title":"Inspection guidelines to identify security design flaws","display_name":"Inspection guidelines to identify security design flaws","publication_year":2019,"publication_date":"2019-09-05","ids":{"openalex":"https://openalex.org/W2948045409","doi":"https://doi.org/10.1145/3344948.3344995","mag":"2948045409"},"language":"en","primary_location":{"id":"doi:10.1145/3344948.3344995","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3344948.3344995","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 13th European Conference on Software Architecture - Volume 2","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1906.01961","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5007822940","display_name":"Katja Tuma","orcid":"https://orcid.org/0000-0001-7189-2817"},"institutions":[{"id":"https://openalex.org/I881427289","display_name":"University of Gothenburg","ror":"https://ror.org/01tm6cn81","country_code":"SE","type":"education","lineage":["https://openalex.org/I881427289"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Katja Tuma","raw_affiliation_strings":["University of Gothenburg, Gothenburg, Sweden","University of Gothenburg , Gothenburg , Sweden"],"affiliations":[{"raw_affiliation_string":"University of Gothenburg, Gothenburg, Sweden","institution_ids":["https://openalex.org/I881427289"]},{"raw_affiliation_string":"University of Gothenburg , Gothenburg , Sweden","institution_ids":["https://openalex.org/I881427289"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062076016","display_name":"Danial Hosseini","orcid":null},"institutions":[{"id":"https://openalex.org/I1321014770","display_name":"Association for Computing Machinery","ror":"https://ror.org/03wsadn68","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1321014770"]},{"id":"https://openalex.org/I881427289","display_name":"University of Gothenburg","ror":"https://ror.org/01tm6cn81","country_code":"SE","type":"education","lineage":["https://openalex.org/I881427289"]}],"countries":["SE","US"],"is_corresponding":false,"raw_author_name":"Danial Hosseini","raw_affiliation_strings":["University of Gothenburg, Gothenburg, Sweden","Association for Computing Machinery"],"affiliations":[{"raw_affiliation_string":"University of Gothenburg, Gothenburg, Sweden","institution_ids":["https://openalex.org/I881427289"]},{"raw_affiliation_string":"Association for Computing Machinery","institution_ids":["https://openalex.org/I1321014770"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082466757","display_name":"Kyriakos Malamas","orcid":null},"institutions":[{"id":"https://openalex.org/I881427289","display_name":"University of Gothenburg","ror":"https://ror.org/01tm6cn81","country_code":"SE","type":"education","lineage":["https://openalex.org/I881427289"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Kyriakos Malamas","raw_affiliation_strings":["University of Gothenburg, Gothenburg, Sweden","University of Gothenburg , Gothenburg , Sweden"],"affiliations":[{"raw_affiliation_string":"University of Gothenburg, Gothenburg, Sweden","institution_ids":["https://openalex.org/I881427289"]},{"raw_affiliation_string":"University of Gothenburg , Gothenburg , Sweden","institution_ids":["https://openalex.org/I881427289"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012313708","display_name":"Riccardo Scandariato","orcid":"https://orcid.org/0000-0003-3591-7671"},"institutions":[{"id":"https://openalex.org/I881427289","display_name":"University of Gothenburg","ror":"https://ror.org/01tm6cn81","country_code":"SE","type":"education","lineage":["https://openalex.org/I881427289"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Riccardo Scandariato","raw_affiliation_strings":["University of Gothenburg, Gothenburg, Sweden","University of Gothenburg , Gothenburg , Sweden"],"affiliations":[{"raw_affiliation_string":"University of Gothenburg, Gothenburg, Sweden","institution_ids":["https://openalex.org/I881427289"]},{"raw_affiliation_string":"University of Gothenburg , Gothenburg , Sweden","institution_ids":["https://openalex.org/I881427289"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5007822940"],"corresponding_institution_ids":["https://openalex.org/I881427289"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.06654208,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"116","last_page":"122"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.637366533279419},{"id":"https://openalex.org/keywords/agile-software-development","display_name":"Agile software development","score":0.594305694103241},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5903899669647217},{"id":"https://openalex.org/keywords/documentation","display_name":"Documentation","score":0.5739762187004089},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5262576341629028},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5050533413887024},{"id":"https://openalex.org/keywords/devops","display_name":"DevOps","score":0.47534939646720886},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.43269699811935425},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4283132553100586},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.39388012886047363},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3374941349029541},{"id":"https://openalex.org/keywords/engineering-management","display_name":"Engineering management","score":0.3244755268096924},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.2451326847076416},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.22449547052383423},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.21147707104682922},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.12054905295372009}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.637366533279419},{"id":"https://openalex.org/C14185376","wikidata":"https://www.wikidata.org/wiki/Q30232","display_name":"Agile software development","level":2,"score":0.594305694103241},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5903899669647217},{"id":"https://openalex.org/C56666940","wikidata":"https://www.wikidata.org/wiki/Q788790","display_name":"Documentation","level":2,"score":0.5739762187004089},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5262576341629028},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5050533413887024},{"id":"https://openalex.org/C9903902","wikidata":"https://www.wikidata.org/wiki/Q3025536","display_name":"DevOps","level":3,"score":0.47534939646720886},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.43269699811935425},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4283132553100586},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.39388012886047363},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3374941349029541},{"id":"https://openalex.org/C110354214","wikidata":"https://www.wikidata.org/wiki/Q6314146","display_name":"Engineering management","level":1,"score":0.3244755268096924},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2451326847076416},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.22449547052383423},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.21147707104682922},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.12054905295372009},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":7,"locations":[{"id":"doi:10.1145/3344948.3344995","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3344948.3344995","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 13th European Conference on Software Architecture - Volume 2","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1906.01961","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1906.01961","pdf_url":"https://arxiv.org/pdf/1906.01961","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"mag:2948045409","is_oa":true,"landing_page_url":"https://arxiv.org/pdf/1906.01961v1","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},{"id":"pmh:oai:research.chalmers.se:516185","is_oa":false,"landing_page_url":"https://research.chalmers.se/en/publication/516185","pdf_url":null,"source":{"id":"https://openalex.org/S4306402469","display_name":"Chalmers Research (Chalmers University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I66862912","host_organization_name":"Chalmers University of Technology","host_organization_lineage":["https://openalex.org/I66862912"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""},{"id":"pmh:oai:tore.tuhh.de:11420/10255","is_oa":false,"landing_page_url":"http://hdl.handle.net/11420/10255","pdf_url":null,"source":{"id":"https://openalex.org/S4306401751","display_name":"tub.dok (Hamburg University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I884043246","host_organization_name":"Hamburg University of Technology","host_organization_lineage":["https://openalex.org/I884043246"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference Paper"},{"id":"pmh:vu:oai:research.vu.nl:publications/55ce39c9-afb3-403f-b749-0d7e9bf125cc","is_oa":false,"landing_page_url":"https://research.vu.nl/en/publications/55ce39c9-afb3-403f-b749-0d7e9bf125cc","pdf_url":null,"source":{"id":"https://openalex.org/S4306401843","display_name":"Data Archiving and Networked Services (DANS)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1322597698","host_organization_name":"Royal Netherlands Academy of Arts and Sciences","host_organization_lineage":["https://openalex.org/I1322597698"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"13th European Conference on Software Architecture, ECSA 2019 - Companion Proceedings, 116 - 122","raw_type":"info:eu-repo/semantics/conferencepaper"},{"id":"doi:10.48550/arxiv.1906.01961","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.1906.01961","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1906.01961","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1906.01961","pdf_url":"https://arxiv.org/pdf/1906.01961","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"sustainable_development_goals":[{"score":0.4300000071525574,"display_name":"Responsible consumption and production","id":"https://metadata.un.org/sdg/12"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2948045409.pdf","grobid_xml":"https://content.openalex.org/works/W2948045409.grobid-xml"},"referenced_works_count":22,"referenced_works":["https://openalex.org/W572872720","https://openalex.org/W1737185541","https://openalex.org/W1977603982","https://openalex.org/W2023070166","https://openalex.org/W2028834599","https://openalex.org/W2060746033","https://openalex.org/W2062658323","https://openalex.org/W2089216878","https://openalex.org/W2116560806","https://openalex.org/W2132695268","https://openalex.org/W2159834252","https://openalex.org/W2405334550","https://openalex.org/W2472351859","https://openalex.org/W2600772814","https://openalex.org/W2613058612","https://openalex.org/W2731964824","https://openalex.org/W2801519434","https://openalex.org/W2809689731","https://openalex.org/W2890916148","https://openalex.org/W2908644926","https://openalex.org/W2941318293","https://openalex.org/W4250780101"],"related_works":["https://openalex.org/W34326359","https://openalex.org/W1179379724","https://openalex.org/W1992081504","https://openalex.org/W2745774750","https://openalex.org/W172980757","https://openalex.org/W2492591715","https://openalex.org/W2107086891","https://openalex.org/W1876404477","https://openalex.org/W2809689731","https://openalex.org/W2965480889","https://openalex.org/W1562665779","https://openalex.org/W2959088703","https://openalex.org/W3194871050","https://openalex.org/W2947662160","https://openalex.org/W2168543747","https://openalex.org/W173500028","https://openalex.org/W2972204661","https://openalex.org/W2562363570","https://openalex.org/W2565032187","https://openalex.org/W379858812"],"abstract_inverted_index":{"Recent":[0],"trends":[1],"in":[2,181],"the":[3,12,16,86,131,149,152,164,187,191],"software":[4,25],"development":[5,13],"practices":[6],"(Agile,":[7],"DevOps,":[8],"CI)":[9],"have":[10],"shortened":[11],"life-cycle":[14],"causing":[15],"need":[17],"for":[18,29,89,148,158,189],"efficient":[19],"security-by-design":[20],"approaches.":[21],"In":[22],"this":[23,71,95],"context,":[24],"architectures":[26],"are":[27,38],"analyzed":[28],"potential":[30,188],"vulnerabilities":[31],"and":[32,44,82,106,112,137,155,170,179,185],"design":[33,36,66,80,92,104,124,193],"flaws.":[34,67,93],"Yet,":[35],"flaws":[37,81,105],"often":[39],"documented":[40],"with":[41,110,134,142,161],"natural":[42],"language":[43],"require":[45],"a":[46,76,99,120,139],"manual":[47],"analysis,":[48],"which":[49],"is":[50,60,73],"inefficient.":[51],"Besides":[52],"low-level":[53],"vulnerability":[54],"databases":[55],"(e.g.,":[56],"CWE,":[57],"CAPEC)":[58],"there":[59],"little":[61],"systematized":[62],"knowledge":[63],"on":[64],"security":[65,79,91,103,123,192],"The":[68],"purpose":[69],"of":[70,78,101,122,130,151,166,172],"work":[72],"to":[74,83,163],"provide":[75],"catalog":[77,100,121,168],"empirically":[84],"evaluate":[85],"inspection":[87,132,153],"guidelines":[88,133,154],"detecting":[90],"To":[94],"aim,":[96],"we":[97],"present":[98],"19":[102],"conduct":[107],"empirical":[108,128,183],"studies":[109,184],"master":[111,135],"doctoral":[113,143],"students.":[114,144],"This":[115],"paper":[116],"contributes":[117],"with:":[118],"(i)":[119],"flaws,":[125],"(ii)":[126],"an":[127],"evaluation":[129,141],"students,":[136],"(iii)":[138],"replicated":[140],"We":[145,174],"also":[146],"account":[147],"shortcomings":[150],"make":[156],"suggestions":[157],"their":[159],"improvement":[160],"respect":[162],"generalization":[165],"guidelines,":[167],"re-organization,":[169],"format":[171],"documentation.":[173],"record":[175],"similar":[176],"precision,":[177],"recall,":[178],"productivity":[180],"both":[182],"discuss":[186],"automating":[190],"flaw":[194],"detection.":[195]},"counts_by_year":[{"year":2023,"cited_by_count":1}],"updated_date":"2026-02-09T09:26:11.010843","created_date":"2025-10-10T00:00:00"}