{"id":"https://openalex.org/W4400242598","doi":"https://doi.org/10.1145/3643991.3644909","title":"What Can Self-Admitted Technical Debt Tell Us About Security? A Mixed-Methods Study","display_name":"What Can Self-Admitted Technical Debt Tell Us About Security? A Mixed-Methods Study","publication_year":2024,"publication_date":"2024-04-15","ids":{"openalex":"https://openalex.org/W4400242598","doi":"https://doi.org/10.1145/3643991.3644909"},"language":"en","primary_location":{"id":"doi:10.1145/3643991.3644909","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3643991.3644909","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 21st International Conference on Mining Software Repositories","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5020137630","display_name":"Nicol\u00e1s E. D\u00edaz Ferreyra","orcid":"https://orcid.org/0000-0001-6304-771X"},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]},{"id":"https://openalex.org/I165779595","display_name":"The University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]},{"id":"https://openalex.org/I82951845","display_name":"RMIT University","ror":"https://ror.org/04ttjf776","country_code":"AU","type":"education","lineage":["https://openalex.org/I82951845"]},{"id":"https://openalex.org/I884043246","display_name":"Hamburg University of Technology","ror":"https://ror.org/04bs1pb34","country_code":"DE","type":"education","lineage":["https://openalex.org/I884043246"]}],"countries":["AU","DE"],"is_corresponding":true,"raw_author_name":"Nicol\u00e1s E. D\u00edaz Ferreyra","raw_affiliation_strings":["Institute of Software Security, Hamburg University of Technology, Hamburg, Hamburg, Germany","RMIT University Melbourne, Australia","The University of Melbourne Melbourne, Australia"],"raw_orcid":"https://orcid.org/0000-0001-6304-771X","affiliations":[{"raw_affiliation_string":"Institute of Software Security, Hamburg University of Technology, Hamburg, Hamburg, Germany","institution_ids":["https://openalex.org/I159176309","https://openalex.org/I884043246"]},{"raw_affiliation_string":"RMIT University Melbourne, Australia","institution_ids":["https://openalex.org/I82951845"]},{"raw_affiliation_string":"The University of Melbourne Melbourne, Australia","institution_ids":["https://openalex.org/I165779595"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052783352","display_name":"Mojtaba Shahin","orcid":"https://orcid.org/0000-0002-9081-1354"},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]},{"id":"https://openalex.org/I165779595","display_name":"The University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]},{"id":"https://openalex.org/I82951845","display_name":"RMIT University","ror":"https://ror.org/04ttjf776","country_code":"AU","type":"education","lineage":["https://openalex.org/I82951845"]},{"id":"https://openalex.org/I884043246","display_name":"Hamburg University of Technology","ror":"https://ror.org/04bs1pb34","country_code":"DE","type":"education","lineage":["https://openalex.org/I884043246"]}],"countries":["AU","DE"],"is_corresponding":false,"raw_author_name":"Mojtaba Shahin","raw_affiliation_strings":["RMIT University, Melbourne, Australia","The University of Melbourne Melbourne, Australia","Hamburg University of Technology Hamburg, Germany"],"raw_orcid":"https://orcid.org/0000-0002-9081-1354","affiliations":[{"raw_affiliation_string":"RMIT University, Melbourne, Australia","institution_ids":["https://openalex.org/I82951845"]},{"raw_affiliation_string":"The University of Melbourne Melbourne, Australia","institution_ids":["https://openalex.org/I165779595"]},{"raw_affiliation_string":"Hamburg University of Technology Hamburg, Germany","institution_ids":["https://openalex.org/I159176309","https://openalex.org/I884043246"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049386320","display_name":"Mansooreh Zahedi","orcid":"https://orcid.org/0000-0001-6276-9956"},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]},{"id":"https://openalex.org/I165779595","display_name":"The University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]},{"id":"https://openalex.org/I82951845","display_name":"RMIT University","ror":"https://ror.org/04ttjf776","country_code":"AU","type":"education","lineage":["https://openalex.org/I82951845"]},{"id":"https://openalex.org/I884043246","display_name":"Hamburg University of Technology","ror":"https://ror.org/04bs1pb34","country_code":"DE","type":"education","lineage":["https://openalex.org/I884043246"]}],"countries":["AU","DE"],"is_corresponding":false,"raw_author_name":"Mansooreh Zahedi","raw_affiliation_strings":["University of Melbourne, Melbourne, Australia","RMIT University Melbourne, Australia","Hamburg University of Technology Hamburg, Germany","The University of Melbourne Melbourne, Australia"],"raw_orcid":"https://orcid.org/0000-0001-6276-9956","affiliations":[{"raw_affiliation_string":"University of Melbourne, Melbourne, Australia","institution_ids":["https://openalex.org/I165779595"]},{"raw_affiliation_string":"RMIT University Melbourne, Australia","institution_ids":["https://openalex.org/I82951845"]},{"raw_affiliation_string":"Hamburg University of Technology Hamburg, Germany","institution_ids":["https://openalex.org/I159176309","https://openalex.org/I884043246"]},{"raw_affiliation_string":"The University of Melbourne Melbourne, Australia","institution_ids":["https://openalex.org/I165779595"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5093784851","display_name":"Sodiq Quadri","orcid":"https://orcid.org/0009-0009-7418-0394"},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]},{"id":"https://openalex.org/I165779595","display_name":"The University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]},{"id":"https://openalex.org/I82951845","display_name":"RMIT University","ror":"https://ror.org/04ttjf776","country_code":"AU","type":"education","lineage":["https://openalex.org/I82951845"]},{"id":"https://openalex.org/I884043246","display_name":"Hamburg University of Technology","ror":"https://ror.org/04bs1pb34","country_code":"DE","type":"education","lineage":["https://openalex.org/I884043246"]}],"countries":["AU","DE"],"is_corresponding":false,"raw_author_name":"Sodiq Quadri","raw_affiliation_strings":["Hamburg University of Technology, Hamburg, Germany","RMIT University Melbourne, Australia","The University of Melbourne Melbourne, Australia"],"raw_orcid":"https://orcid.org/0009-0009-7418-0394","affiliations":[{"raw_affiliation_string":"Hamburg University of Technology, Hamburg, Germany","institution_ids":["https://openalex.org/I159176309","https://openalex.org/I884043246"]},{"raw_affiliation_string":"RMIT University Melbourne, Australia","institution_ids":["https://openalex.org/I82951845"]},{"raw_affiliation_string":"The University of Melbourne Melbourne, Australia","institution_ids":["https://openalex.org/I165779595"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012313708","display_name":"Riccardo Scandariato","orcid":"https://orcid.org/0000-0003-3591-7671"},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]},{"id":"https://openalex.org/I165779595","display_name":"The University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]},{"id":"https://openalex.org/I82951845","display_name":"RMIT University","ror":"https://ror.org/04ttjf776","country_code":"AU","type":"education","lineage":["https://openalex.org/I82951845"]},{"id":"https://openalex.org/I884043246","display_name":"Hamburg University of Technology","ror":"https://ror.org/04bs1pb34","country_code":"DE","type":"education","lineage":["https://openalex.org/I884043246"]}],"countries":["AU","DE"],"is_corresponding":false,"raw_author_name":"Riccardo Scandariato","raw_affiliation_strings":["Institute of Software Security, Hamburg University of Technology, Hamburg, Germany","RMIT University Melbourne, Australia","The University of Melbourne Melbourne, Australia"],"raw_orcid":"https://orcid.org/0000-0003-3591-7671","affiliations":[{"raw_affiliation_string":"Institute of Software Security, Hamburg University of Technology, Hamburg, Germany","institution_ids":["https://openalex.org/I159176309","https://openalex.org/I884043246"]},{"raw_affiliation_string":"RMIT University Melbourne, Australia","institution_ids":["https://openalex.org/I82951845"]},{"raw_affiliation_string":"The University of Melbourne Melbourne, Australia","institution_ids":["https://openalex.org/I165779595"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5020137630"],"corresponding_institution_ids":["https://openalex.org/I159176309","https://openalex.org/I165779595","https://openalex.org/I82951845","https://openalex.org/I884043246"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.13337714,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"704","last_page":"715"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9944999814033508,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9937999844551086,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/commit","display_name":"Commit","score":0.8627607226371765},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7065328359603882},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5904840230941772},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5374387502670288},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.512785017490387},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.4758013188838959},{"id":"https://openalex.org/keywords/identifier","display_name":"Identifier","score":0.46123266220092773},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.4447267949581146},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.43518877029418945},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.4263229966163635},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.42456483840942383},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.41970324516296387},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.4106111228466034},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.26410365104675293},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.20835617184638977},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.14285382628440857},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.13698852062225342},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.08270716667175293}],"concepts":[{"id":"https://openalex.org/C153180980","wikidata":"https://www.wikidata.org/wiki/Q19776675","display_name":"Commit","level":2,"score":0.8627607226371765},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7065328359603882},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5904840230941772},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5374387502670288},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.512785017490387},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.4758013188838959},{"id":"https://openalex.org/C154504017","wikidata":"https://www.wikidata.org/wiki/Q853614","display_name":"Identifier","level":2,"score":0.46123266220092773},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.4447267949581146},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.43518877029418945},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.4263229966163635},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.42456483840942383},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.41970324516296387},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.4106111228466034},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.26410365104675293},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.20835617184638977},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.14285382628440857},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.13698852062225342},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.08270716667175293},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3643991.3644909","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3643991.3644909","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 21st International Conference on Mining Software Repositories","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6100000143051147,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G4801968744","display_name":null,"funder_award_id":"823971","funder_id":"https://openalex.org/F4320320217","funder_display_name":"Marie Curie"}],"funders":[{"id":"https://openalex.org/F4320320217","display_name":"Marie Curie","ror":"https://ror.org/02aqv1x10"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W995390496","https://openalex.org/W1964401032","https://openalex.org/W1981425990","https://openalex.org/W2130602377","https://openalex.org/W2395122565","https://openalex.org/W2579161546","https://openalex.org/W2612705982","https://openalex.org/W2884881698","https://openalex.org/W2914747561","https://openalex.org/W2919248872","https://openalex.org/W2941123418","https://openalex.org/W2966181603","https://openalex.org/W2968738488","https://openalex.org/W2982412981","https://openalex.org/W3001085422","https://openalex.org/W3023452601","https://openalex.org/W3088005007","https://openalex.org/W3174773370","https://openalex.org/W3185244049","https://openalex.org/W3217134235","https://openalex.org/W4210729440","https://openalex.org/W4226185774","https://openalex.org/W4226203778","https://openalex.org/W4229003063","https://openalex.org/W4238011405","https://openalex.org/W4285814327","https://openalex.org/W4293080012","https://openalex.org/W4296492914","https://openalex.org/W4308648311","https://openalex.org/W4365813074","https://openalex.org/W4382930517","https://openalex.org/W4385208592","https://openalex.org/W4388483337"],"related_works":["https://openalex.org/W1978034799","https://openalex.org/W2003584227","https://openalex.org/W2100022726","https://openalex.org/W3120493416","https://openalex.org/W4385532476","https://openalex.org/W2167539342","https://openalex.org/W2098192829","https://openalex.org/W2352736757","https://openalex.org/W2964681997","https://openalex.org/W4384518368"],"abstract_inverted_index":{"Self-Admitted":[0],"Technical":[1],"Debt":[2],"(SATD)":[3],"encompasses":[4],"a":[5,72,128,137,216,237],"wide":[6],"array":[7],"of":[8,35,53,69,132,136,177,255],"sub-optimal":[9],"design":[10],"and":[11,21,38,59,74,101,120,144,163,188,222,268],"implementation":[12],"choices":[13],"reported":[14],"in":[15,96],"software":[16,36,205],"artefacts":[17,213,261],"(e.g.,":[18],"code":[19,186,227],"comments":[20],"commit":[22,182],"messages)":[23],"by":[24],"developers":[25],"themselves.":[26],"Such":[27],"reports":[28],"have":[29],"been":[30],"central":[31],"to":[32,93,166,214,264],"the":[33,41,66,78,104,113,134,160,252],"study":[34],"maintenance":[37],"evolution":[39],"over":[40],"last":[42],"decades.":[43],"However,":[44,232],"they":[45,233],"can":[46,90],"also":[47,234],"be":[48,91],"deemed":[49],"as":[50,240],"dreadful":[51],"sources":[52,89],"information":[54],"on":[55],"potentially":[56],"exploitable":[57],"vulnerabilities":[58,95],"security":[60,67,84,209,217,256],"flaws.":[61],"Objective:":[62],"This":[63],"work":[64],"investigates":[65],"implications":[68],"SATD":[70,88,142,157,212,260],"from":[71,191],"technical":[73],"developer-centred":[75],"perspective.":[76],"On":[77,103],"one":[79],"hand,":[80,106],"it":[81,107,241],"analyses":[82],"whether":[83],"pointers":[85,210,257],"disclosed":[86],"inside":[87],"used":[92],"characterise":[94],"Open-Source":[97],"Software":[98],"(OSS)":[99],"projects":[100],"repositories.":[102],"other":[105,230],"delves":[108],"into":[109],"developers'":[110],"perspectives":[111],"regarding":[112],"motivations":[114],"behind":[115],"this":[116],"practice,":[117],"its":[118,121],"prevalence,":[119],"potential":[122],"negative":[123],"consequences.":[124],"Method:":[125],"We":[126,154],"followed":[127],"mixed-methods":[129],"approach":[130],"consisting":[131],"(i)":[133],"analysis":[135,162],"preexisting":[138],"dataset":[139,161],"containing":[140],"8,812":[141],"instances":[143,158],"(ii)":[145],"an":[146],"online":[147],"survey":[148,202],"with":[149],"222":[150],"OSS":[151,269],"practitioners.":[152],"Results:":[153],"gathered":[155],"201":[156],"through":[159],"mapped":[164],"them":[165,224],"different":[167,175],"Common":[168],"Weakness":[169],"Enumeration":[170],"(CWE)":[171],"identifiers.":[172],"Overall,":[173],"25":[174],"types":[176],"CWEs":[178],"were":[179],"spotted":[180],"across":[181,211,259],"messages,":[183],"pull":[184],"requests,":[185],"comments,":[187],"issue":[189],"sections,":[190,228],"which":[192],"8":[193],"appear":[194],"among":[195,219,229],"MITRE's":[196],"Top-25":[197],"most":[198],"dangerous":[199],"ones.":[200],"The":[201],"shows":[203],"that":[204,250],"practitioners":[206],"often":[207],"place":[208],"promote":[215],"culture":[218],"their":[220],"peers":[221],"help":[223],"spot":[225],"flaky":[226],"motives.":[231],"consider":[235],"such":[236],"practice":[238],"risky":[239],"may":[242],"facilitate":[243],"vulnerability":[244],"exploits.":[245],"Implications:":[246],"Our":[247],"findings":[248],"suggest":[249],"preserving":[251],"contextual":[253],"integrity":[254],"disseminated":[258],"is":[262],"critical":[263],"safeguard":[265],"both":[266],"commercial":[267],"solutions":[270],"against":[271],"zero-day":[272],"attacks.":[273]},"counts_by_year":[],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}