{"id":"https://openalex.org/W2985095280","doi":"https://doi.org/10.1145/3356773.3356798","title":"Security by Design in Software Engineering","display_name":"Security by Design in Software Engineering","publication_year":2019,"publication_date":"2019-11-14","ids":{"openalex":"https://openalex.org/W2985095280","doi":"https://doi.org/10.1145/3356773.3356798","mag":"2985095280"},"language":"en","primary_location":{"id":"doi:10.1145/3356773.3356798","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3356773.3356798","pdf_url":null,"source":{"id":"https://openalex.org/S186921487","display_name":"ACM SIGSOFT Software Engineering Notes","issn_l":"0163-5948","issn":["0163-5948","1943-5843"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGSOFT Software Engineering Notes","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5086869282","display_name":"Mark Kreitz","orcid":null},"institutions":[{"id":"https://openalex.org/I40527276","display_name":"Universit\u00e4t der Bundeswehr M\u00fcnchen","ror":"https://ror.org/05kkv3f82","country_code":"DE","type":"education","lineage":["https://openalex.org/I1315109972","https://openalex.org/I40527276","https://openalex.org/I4387152969"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Mark Kreitz","raw_affiliation_strings":["Bundeswehr University Munich, Munich, Germany"],"affiliations":[{"raw_affiliation_string":"Bundeswehr University Munich, Munich, Germany","institution_ids":["https://openalex.org/I40527276"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5086869282"],"corresponding_institution_ids":["https://openalex.org/I40527276"],"apc_list":null,"apc_paid":null,"fwci":2.374,"has_fulltext":false,"cited_by_count":20,"citation_normalized_percentile":{"value":0.91319265,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":"44","issue":"3","first_page":"23","last_page":"23"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.7548128366470337},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5506286025047302},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.5492909550666809},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.5034043192863464},{"id":"https://openalex.org/keywords/security-engineering","display_name":"Security engineering","score":0.4949025511741638},{"id":"https://openalex.org/keywords/software-construction","display_name":"Software construction","score":0.4759889841079712},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.46761617064476013},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.38504651188850403},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2590758204460144},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.23985028266906738},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.21821418404579163},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.17430740594863892},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.12539350986480713},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.08730420470237732}],"concepts":[{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.7548128366470337},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5506286025047302},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.5492909550666809},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.5034043192863464},{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.4949025511741638},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.4759889841079712},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.46761617064476013},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.38504651188850403},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2590758204460144},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.23985028266906738},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.21821418404579163},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.17430740594863892},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.12539350986480713},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.08730420470237732},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3356773.3356798","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3356773.3356798","pdf_url":null,"source":{"id":"https://openalex.org/S186921487","display_name":"ACM SIGSOFT Software Engineering Notes","issn_l":"0163-5948","issn":["0163-5948","1943-5843"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGSOFT Software Engineering Notes","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.5600000023841858}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":7,"referenced_works":["https://openalex.org/W49973284","https://openalex.org/W171601550","https://openalex.org/W2098337300","https://openalex.org/W2156598983","https://openalex.org/W2804267743","https://openalex.org/W2918478591","https://openalex.org/W4254666025"],"related_works":["https://openalex.org/W1811024770","https://openalex.org/W4230385779","https://openalex.org/W2509045890","https://openalex.org/W2013238834","https://openalex.org/W2017116761","https://openalex.org/W2375023814","https://openalex.org/W3003273405","https://openalex.org/W2028922190","https://openalex.org/W1963623648","https://openalex.org/W4307601327"],"abstract_inverted_index":{"Security":[0],"is":[1,20,32,56],"a":[2,83],"non-functional":[3],"requirement":[4],"difficult-to-handle":[5],"during":[6,24,34,51,61],"software":[7,16,90],"development.":[8],"However,":[9],"it":[10],"appears":[11],"to":[12,70,74,115],"be":[13,40,44,80,101],"common":[14],"in":[15,89,97],"engineering,":[17],"that":[18],"security":[19,31,87,95],"taken":[21],"care":[22],"of":[23],"the":[25,35,54,62,72,113],"design-":[26],"and":[27,118],"test-phase":[28],"only.":[29],"If":[30],"neglected":[33],"implementation":[36,63],"phase,":[37],"flaws":[38,99,117],"will":[39],"introduced.":[41,108],"Those":[42],"may":[43],"-":[45,49],"if":[46,59],"at":[47],"all":[48],"found":[50,60,102],"testing":[52,96],"where":[53],"cost-to-fix":[55],"higher":[57],"as":[58,82,103,105],"phase.":[64],"Hence,":[65],"this":[66],"research":[67],"proposal":[68],"suggests":[69],"investigate":[71],"extent":[73],"which":[75],"code":[76],"analysis":[77],"tools":[78],"can":[79,100],"used":[81],"step":[84],"towards":[85],"continuous":[86],"inspection":[88],"engineering":[91],"projects.":[92],"By":[93],"automating":[94],"development":[98],"soon":[104],"they":[106],"are":[107],"This":[109],"could":[110],"greatly":[111],"reduce":[112],"cost":[114],"fix":[116],"help":[119],"building":[120],"more":[121],"secure":[122],"software.":[123]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":5},{"year":2020,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}