{"id":"https://openalex.org/W4391155200","doi":"https://doi.org/10.1145/3634713.3634729","title":"Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q&amp;As on Stack Overflow","display_name":"Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q&amp;As on Stack Overflow","publication_year":2024,"publication_date":"2024-01-23","ids":{"openalex":"https://openalex.org/W4391155200","doi":"https://doi.org/10.1145/3634713.3634729"},"language":"en","primary_location":{"id":"doi:10.1145/3634713.3634729","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3634713.3634729","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th International Working Conference on Variability Modelling of Software-Intensive Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://pure.tue.nl/ws/files/317243261/May2024Misconfigured.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5042348675","display_name":"Richard May","orcid":"https://orcid.org/0000-0001-7186-404X"},"institutions":[{"id":"https://openalex.org/I94575722","display_name":"Harz University of Applied Sciences","ror":"https://ror.org/048yn7628","country_code":"DE","type":"education","lineage":["https://openalex.org/I94575722"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Richard May","raw_affiliation_strings":["Harz University of Applied Sciences, Germany"],"raw_orcid":"https://orcid.org/0000-0001-7186-404X","affiliations":[{"raw_affiliation_string":"Harz University of Applied Sciences, Germany","institution_ids":["https://openalex.org/I94575722"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022024504","display_name":"Christian Biermann","orcid":"https://orcid.org/0009-0000-6001-2431"},"institutions":[{"id":"https://openalex.org/I94575722","display_name":"Harz University of Applied Sciences","ror":"https://ror.org/048yn7628","country_code":"DE","type":"education","lineage":["https://openalex.org/I94575722"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christian Biermann","raw_affiliation_strings":["msg services gmbh, Germany and Harz University of Applied Sciences, Germany"],"raw_orcid":"https://orcid.org/0009-0000-6001-2431","affiliations":[{"raw_affiliation_string":"msg services gmbh, Germany and Harz University of Applied Sciences, Germany","institution_ids":["https://openalex.org/I94575722"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5093774449","display_name":"Xenia Marlene Zerweck","orcid":"https://orcid.org/0009-0001-1057-5989"},"institutions":[{"id":"https://openalex.org/I94575722","display_name":"Harz University of Applied Sciences","ror":"https://ror.org/048yn7628","country_code":"DE","type":"education","lineage":["https://openalex.org/I94575722"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Xenia Marlene Zerweck","raw_affiliation_strings":["Harz University of Applied Sciences, Germany"],"raw_orcid":"https://orcid.org/0009-0001-1057-5989","affiliations":[{"raw_affiliation_string":"Harz University of Applied Sciences, Germany","institution_ids":["https://openalex.org/I94575722"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050937333","display_name":"Kai Ludwig","orcid":"https://orcid.org/0000-0003-4679-9754"},"institutions":[{"id":"https://openalex.org/I4210105450","display_name":"Nieders\u00e4chsisches Landesamt f\u00fcr Denkmalpflege","ror":"https://ror.org/00yv11a49","country_code":"DE","type":"government","lineage":["https://openalex.org/I4210105450"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Kai Ludwig","raw_affiliation_strings":["Landesamt f\u00fcr Geoinformation und Landesvermessung Niedersachsen, Germany"],"raw_orcid":"https://orcid.org/0000-0003-4679-9754","affiliations":[{"raw_affiliation_string":"Landesamt f\u00fcr Geoinformation und Landesvermessung Niedersachsen, Germany","institution_ids":["https://openalex.org/I4210105450"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042728295","display_name":"Jacob Kr\u00fcger","orcid":"https://orcid.org/0000-0002-0283-248X"},"institutions":[{"id":"https://openalex.org/I83019370","display_name":"Eindhoven University of Technology","ror":"https://ror.org/02c2kyt77","country_code":"NL","type":"education","lineage":["https://openalex.org/I83019370"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Jacob Kr\u00fcger","raw_affiliation_strings":["Eindhoven University of Technology, Netherlands"],"raw_orcid":"https://orcid.org/0000-0002-0283-248X","affiliations":[{"raw_affiliation_string":"Eindhoven University of Technology, Netherlands","institution_ids":["https://openalex.org/I83019370"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5086853013","display_name":"Thomas Leich","orcid":"https://orcid.org/0000-0001-9580-7728"},"institutions":[{"id":"https://openalex.org/I94575722","display_name":"Harz University of Applied Sciences","ror":"https://ror.org/048yn7628","country_code":"DE","type":"education","lineage":["https://openalex.org/I94575722"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Thomas Leich","raw_affiliation_strings":["Harz University of Applied Sciences, Germany"],"raw_orcid":"https://orcid.org/0000-0001-9580-7728","affiliations":[{"raw_affiliation_string":"Harz University of Applied Sciences, Germany","institution_ids":["https://openalex.org/I94575722"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5042348675"],"corresponding_institution_ids":["https://openalex.org/I94575722"],"apc_list":null,"apc_paid":null,"fwci":2.984,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.91653738,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"112","last_page":"122"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9781000018119812,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7604985237121582},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.6641334891319275},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6597126722335815},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.553595781326294},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5310260057449341},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.4808581471443176},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.4461730122566223},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3924582600593567},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.37419891357421875},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.20243769884109497},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.09471669793128967},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.08733260631561279}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7604985237121582},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.6641334891319275},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6597126722335815},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.553595781326294},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5310260057449341},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.4808581471443176},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.4461730122566223},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3924582600593567},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.37419891357421875},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.20243769884109497},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.09471669793128967},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.08733260631561279},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3634713.3634729","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3634713.3634729","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th International Working Conference on Variability Modelling of Software-Intensive Systems","raw_type":"proceedings-article"},{"id":"pmh:oai:pure.tue.nl:openaire/efa96fa7-5e4a-4276-a774-92e66f437d4a","is_oa":true,"landing_page_url":"https://research.tue.nl/en/publications/efa96fa7-5e4a-4276-a774-92e66f437d4a","pdf_url":"https://pure.tue.nl/ws/files/317243261/May2024Misconfigured.pdf","source":{"id":"https://openalex.org/S4406922641","display_name":"TU/e Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"May, R, Biermann, C, Zerweck, X M, Ludwig, K, Kr\u00fcger, J & Leich, T 2024, Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q &As on Stack Overflow. in T Kehrer, M Huchard, L Teixeira & C Birchler (eds), VaMoS '24 : Proceedings of the 18th International Working Conference on Variability Modelling of Software-Intensive Systems. Association for Computing Machinery, Inc., pp. 112-122, 18th International Working Conference on Variability Modelling of Software-Intensive Systems, VaMoS 2024, Bern, Switzerland, 7/02/24. https://doi.org/10.1145/3634713.3634729","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"pmh:oai:pure.tue.nl:openaire/efa96fa7-5e4a-4276-a774-92e66f437d4a","is_oa":true,"landing_page_url":"https://research.tue.nl/en/publications/efa96fa7-5e4a-4276-a774-92e66f437d4a","pdf_url":"https://pure.tue.nl/ws/files/317243261/May2024Misconfigured.pdf","source":{"id":"https://openalex.org/S4406922641","display_name":"TU/e Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"May, R, Biermann, C, Zerweck, X M, Ludwig, K, Kr\u00fcger, J & Leich, T 2024, Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q &As on Stack Overflow. in T Kehrer, M Huchard, L Teixeira & C Birchler (eds), VaMoS '24 : Proceedings of the 18th International Working Conference on Variability Modelling of Software-Intensive Systems. Association for Computing Machinery, Inc., pp. 112-122, 18th International Working Conference on Variability Modelling of Software-Intensive Systems, VaMoS 2024, Bern, Switzerland, 7/02/24. https://doi.org/10.1145/3634713.3634729","raw_type":"info:eu-repo/semantics/publishedVersion"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.47999998927116394,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4391155200.pdf"},"referenced_works_count":53,"referenced_works":["https://openalex.org/W1494019345","https://openalex.org/W1880262756","https://openalex.org/W2000037545","https://openalex.org/W2031906567","https://openalex.org/W2032990617","https://openalex.org/W2048064553","https://openalex.org/W2052632834","https://openalex.org/W2056894403","https://openalex.org/W2077937403","https://openalex.org/W2108999965","https://openalex.org/W2125398918","https://openalex.org/W2144896643","https://openalex.org/W2149257325","https://openalex.org/W2295271991","https://openalex.org/W2341822161","https://openalex.org/W2425754176","https://openalex.org/W2495617574","https://openalex.org/W2511548333","https://openalex.org/W2514077680","https://openalex.org/W2587676558","https://openalex.org/W2612764117","https://openalex.org/W2621507218","https://openalex.org/W2756040459","https://openalex.org/W2759023773","https://openalex.org/W2761268990","https://openalex.org/W2783199130","https://openalex.org/W2785789187","https://openalex.org/W2790616804","https://openalex.org/W2809924191","https://openalex.org/W2963797960","https://openalex.org/W2970588580","https://openalex.org/W2997258927","https://openalex.org/W3006171966","https://openalex.org/W3006556904","https://openalex.org/W3129161282","https://openalex.org/W3185448058","https://openalex.org/W3197715376","https://openalex.org/W3197944870","https://openalex.org/W3203766161","https://openalex.org/W3214003809","https://openalex.org/W3217134235","https://openalex.org/W4206615225","https://openalex.org/W4220957579","https://openalex.org/W4239338347","https://openalex.org/W4288079617","https://openalex.org/W4289255588","https://openalex.org/W4290702480","https://openalex.org/W4298070602","https://openalex.org/W4310013333","https://openalex.org/W4312248946","https://openalex.org/W4313403877","https://openalex.org/W4323256981","https://openalex.org/W4385951147"],"related_works":["https://openalex.org/W2141388993","https://openalex.org/W1978034799","https://openalex.org/W2999607548","https://openalex.org/W2956597637","https://openalex.org/W2044639210","https://openalex.org/W2293245356","https://openalex.org/W4225160120","https://openalex.org/W23486959","https://openalex.org/W1588942021","https://openalex.org/W4384518368"],"abstract_inverted_index":{"The":[0],"increasing":[1],"number":[2],"of":[3,15,66,101],"attacks":[4],"exploiting":[5],"system":[6],"vulnerabilities":[7,62,97,121],"in":[8,63,98,142],"recent":[9],"years":[10],"underpins":[11],"the":[12,64,99,143],"growing":[13],"importance":[14],"security;":[16],"especially":[17],"for":[18,37],"software":[19,34,68],"comprising":[20],"configuration":[21,135],"options":[22],"that":[23,96,122,139],"may":[24],"cause":[25],"unintended":[26],"vulnerabilities.":[27],"So,":[28],"not":[29],"surprisingly,":[30],"developers":[31,69,140],"discuss":[32],"secure":[33],"configurations":[35,117],"extensively,":[36],"instance,":[38],"via":[39],"community-question-answering":[40],"systems":[41],"like":[42],"Stack":[43,52],"Overflow.":[44],"In":[45],"this":[46],"exploratory":[47],"study,":[48],"we":[49,131],"analyzed":[50],"651":[51],"Overflow":[53],"posts":[54,110],"from":[55],"2013":[56],"until":[57],"2022":[58],"to":[59,85,114],"investigate":[60],"what":[61],"context":[65,100],"configuring":[67,102],"discuss.":[70],"We":[71],"employed":[72],"a":[73],"manual":[74],"data":[75],"analysis":[76],"and":[77,87,91,105,118,136,150,153],"automated":[78],"topic":[79],"modeling":[80],"using":[81],"Latent":[82],"Dirichlet":[83],"Allocation":[84],"identify":[86],"classify":[88],"relevant":[89],"topics":[90],"contexts.":[92],"Our":[93],"results":[94],"show":[95],"receive":[103],"more":[104,106],"interest,":[107],"with":[108],"most":[109],"discussing":[111],"issues":[112,138],"related":[113],"faulty":[115],"security":[116,137],"dependencies":[119],"causing":[120],"could":[123],"be":[124],"or":[125],"have":[126],"actually":[127],"been":[128],"exploited.":[129],"Overall,":[130],"contribute":[132],"insights":[133,147],"into":[134],"experience":[141],"real":[144],"world.":[145],"Such":[146],"help":[148],"researchers":[149],"practitioners":[151],"understand":[152],"resolve":[154],"these":[155],"issues,":[156],"thereby":[157],"guiding":[158],"future":[159],"improvements.":[160]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}