{"id":"https://openalex.org/W4410811340","doi":"https://doi.org/10.1145/3715340.3715439","title":"Asking Security Practitioners: Did You Find the Vulnerable (Mis)Configuration?","display_name":"Asking Security Practitioners: Did You Find the Vulnerable (Mis)Configuration?","publication_year":2025,"publication_date":"2025-02-04","ids":{"openalex":"https://openalex.org/W4410811340","doi":"https://doi.org/10.1145/3715340.3715439"},"language":"en","primary_location":{"id":"doi:10.1145/3715340.3715439","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3715340.3715439","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3715340.3715439","source":null,"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th International Working Conference on Variability Modelling of Software-Intensive Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3715340.3715439","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5042348675","display_name":"Richard May","orcid":"https://orcid.org/0000-0001-7186-404X"},"institutions":[{"id":"https://openalex.org/I94575722","display_name":"Harz University of Applied Sciences","ror":"https://ror.org/048yn7628","country_code":"DE","type":"education","lineage":["https://openalex.org/I94575722"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Richard May","raw_affiliation_strings":["Harz University of Applied Sciences, Wernigerode, Germany"],"raw_orcid":"https://orcid.org/0000-0001-7186-404X","affiliations":[{"raw_affiliation_string":"Harz University of Applied Sciences, Wernigerode, Germany","institution_ids":["https://openalex.org/I94575722"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022024504","display_name":"Christian Biermann","orcid":"https://orcid.org/0009-0000-6001-2431"},"institutions":[{"id":"https://openalex.org/I94575722","display_name":"Harz University of Applied Sciences","ror":"https://ror.org/048yn7628","country_code":"DE","type":"education","lineage":["https://openalex.org/I94575722"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christian Biermann","raw_affiliation_strings":["msg services gmbh, Harz University of Applied Sciences, Hamburg, Germany"],"raw_orcid":"https://orcid.org/0009-0000-6001-2431","affiliations":[{"raw_affiliation_string":"msg services gmbh, Harz University of Applied Sciences, Hamburg, Germany","institution_ids":["https://openalex.org/I94575722"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042728295","display_name":"Jacob Kr\u00fcger","orcid":"https://orcid.org/0000-0002-0283-248X"},"institutions":[{"id":"https://openalex.org/I83019370","display_name":"Eindhoven University of Technology","ror":"https://ror.org/02c2kyt77","country_code":"NL","type":"education","lineage":["https://openalex.org/I83019370"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Jacob Kr\u00fcger","raw_affiliation_strings":["Eindhoven University of Technology, Eindhoven, Netherlands"],"raw_orcid":"https://orcid.org/0000-0002-0283-248X","affiliations":[{"raw_affiliation_string":"Eindhoven University of Technology, Eindhoven, Netherlands","institution_ids":["https://openalex.org/I83019370"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5086853013","display_name":"Thomas Leich","orcid":"https://orcid.org/0000-0001-9580-7728"},"institutions":[{"id":"https://openalex.org/I94575722","display_name":"Harz University of Applied Sciences","ror":"https://ror.org/048yn7628","country_code":"DE","type":"education","lineage":["https://openalex.org/I94575722"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Thomas Leich","raw_affiliation_strings":["Harz University of Applied Sciences, Wernigerode, Germany"],"raw_orcid":"https://orcid.org/0000-0001-9580-7728","affiliations":[{"raw_affiliation_string":"Harz University of Applied Sciences, Wernigerode, Germany","institution_ids":["https://openalex.org/I94575722"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5042348675"],"corresponding_institution_ids":["https://openalex.org/I94575722"],"apc_list":null,"apc_paid":null,"fwci":2.4217,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.88653845,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"30","last_page":"39"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5716084837913513},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5102705955505371},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3347816467285156}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5716084837913513},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5102705955505371},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3347816467285156}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3715340.3715439","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3715340.3715439","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3715340.3715439","source":null,"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th International Working Conference on Variability Modelling of Software-Intensive Systems","raw_type":"proceedings-article"},{"id":"pmh:oai:pure.tue.nl:openaire/f33990f2-d658-43ed-9bf7-18ddd1c8b57a","is_oa":true,"landing_page_url":"https://research.tue.nl/en/publications/f33990f2-d658-43ed-9bf7-18ddd1c8b57a","pdf_url":null,"source":{"id":"https://openalex.org/S4406922641","display_name":"TU/e Research Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"May, R, Biermann, C, Kr\u00fcger, J & Leich, T 2025, Asking Security Practitioners : Did You Find the Vulnerable (Mis)Configuration? in M Acher, J Alves Pereira & C Quinton (eds), VaMoS '25 : Proceedings of the 19th International Working Conference on Variability Modelling of Software-Intensive Systems. Association for Computing Machinery, Inc., pp. 30-39, 19th International Working Conference on Variability Modelling of Software-Intensive Systems, VaMoS 2025, Rennes, France, 4/02/25. https://doi.org/10.1145/3715340.3715439","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"doi:10.1145/3715340.3715439","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3715340.3715439","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3715340.3715439","source":null,"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 19th International Working Conference on Variability Modelling of Software-Intensive Systems","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Reduced inequalities","score":0.5099999904632568,"id":"https://metadata.un.org/sdg/10"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4410811340.pdf","grobid_xml":"https://content.openalex.org/works/W4410811340.grobid-xml"},"referenced_works_count":84,"referenced_works":["https://openalex.org/W1500374364","https://openalex.org/W1978380500","https://openalex.org/W1979605461","https://openalex.org/W2009982135","https://openalex.org/W2011949233","https://openalex.org/W2029039689","https://openalex.org/W2048064553","https://openalex.org/W2052632834","https://openalex.org/W2066894451","https://openalex.org/W2075827835","https://openalex.org/W2077937403","https://openalex.org/W2108999965","https://openalex.org/W2112474496","https://openalex.org/W2125398918","https://openalex.org/W2144896643","https://openalex.org/W2149257325","https://openalex.org/W2151725765","https://openalex.org/W2161565163","https://openalex.org/W2185037809","https://openalex.org/W2237923431","https://openalex.org/W2261611353","https://openalex.org/W2295271991","https://openalex.org/W2341822161","https://openalex.org/W2477378326","https://openalex.org/W2495617574","https://openalex.org/W2511206070","https://openalex.org/W2522942223","https://openalex.org/W2523320101","https://openalex.org/W2534544954","https://openalex.org/W2561342496","https://openalex.org/W2572323981","https://openalex.org/W2586823173","https://openalex.org/W2588276557","https://openalex.org/W2589541005","https://openalex.org/W2604358811","https://openalex.org/W2604879234","https://openalex.org/W2625138983","https://openalex.org/W2742515467","https://openalex.org/W2761268990","https://openalex.org/W2768712154","https://openalex.org/W2783199130","https://openalex.org/W2888489504","https://openalex.org/W2889155451","https://openalex.org/W2892237651","https://openalex.org/W2892578092","https://openalex.org/W2897051011","https://openalex.org/W2943154954","https://openalex.org/W2966900802","https://openalex.org/W2971121351","https://openalex.org/W2997258927","https://openalex.org/W3004779955","https://openalex.org/W3094203428","https://openalex.org/W3095249487","https://openalex.org/W3106855263","https://openalex.org/W3129161282","https://openalex.org/W3132009052","https://openalex.org/W3165750546","https://openalex.org/W3170811932","https://openalex.org/W3177906310","https://openalex.org/W3185448058","https://openalex.org/W3194930353","https://openalex.org/W3197375110","https://openalex.org/W3197715376","https://openalex.org/W3204722149","https://openalex.org/W3207613969","https://openalex.org/W3210579705","https://openalex.org/W3213198104","https://openalex.org/W3214003809","https://openalex.org/W4206048243","https://openalex.org/W4220691208","https://openalex.org/W4244757210","https://openalex.org/W4283784214","https://openalex.org/W4290702480","https://openalex.org/W4293280152","https://openalex.org/W4301595787","https://openalex.org/W4306762697","https://openalex.org/W4315480688","https://openalex.org/W4382068664","https://openalex.org/W4384078017","https://openalex.org/W4385951147","https://openalex.org/W4388817831","https://openalex.org/W4391155200","https://openalex.org/W4396962710","https://openalex.org/W4400977372"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"With":[0],"ever":[1],"evolving":[2],"software,":[3,105],"reliability":[4],"and":[5,12,16,55,84,95,106,115,128,153,169],"quality":[6],"assurance":[7],"are":[8,19,93,109,116,132],"facing":[9],"growing":[10],"complexity":[11],"security":[13,64,136,145],"issues.Particularly,":[14],"interconnected":[15],"configurable":[17],"systems":[18],"threatened":[20],"by":[21,58,112],"(mis)configurations":[22],"that":[23,90,142],"can":[24],"lead":[25],"to":[26,78,135,163,175],"exploitable":[27],"vulnerabilities.Unfortunately,":[28],"there":[29],"is":[30,147],"limited":[31],"information":[32],"on":[33],"how":[34,40],"such":[35,87],"configuration":[36,69,91,130,177],"vulnerabilities":[37,70,92,131,178],"occur":[38],"or":[39,138],"practitioners":[41,65,170],"deal":[42],"with":[43,62],"these.To":[44],"tackle":[45],"this":[46],"gap,":[47],"we":[48,161],"investigated":[49],"the":[50,80,123,165],"connections":[51],"between":[52],"(mis)configurations,":[53],"vulnerabilities,":[54],"their":[56,72],"treatment":[57],"conducting":[59],"a":[60,157],"survey":[61],"41":[63],"who":[66],"have":[67],"encountered":[68],"in":[71,97,122],"work.More":[73],"precisely,":[74],"our":[75],"objectives":[76],"were":[77],"understand":[79],"causes,":[81],"prevalence,":[82],"severity,":[83],"treatments":[85],"of":[86,156,167],"vulnerabilities.We":[88],"found":[89],"prevalent":[94],"severe":[96],"practice.They":[98],"primarily":[99],"stem":[100],"from":[101],"dependency":[102],"issues,":[103],"outdated":[104],"inconsistent":[107],"(cross-)configurations;":[108],"typically":[110],"influenced":[111],"human":[113],"errors;":[114],"either":[117],"identified":[118],"during":[119,126],"testing":[120],"or,":[121],"worst":[124],"case,":[125],"deployment":[127],"operation.Generally,":[129],"detected":[133],"due":[134],"incidents":[137],"through":[139],"word-of-mouth,":[140],"implying":[141],"more":[143],"preventive":[144],"management":[146],"required-ideally":[148],"at":[149],"an":[150],"early":[151],"stage":[152],"as":[154,179,181],"part":[155],"holistic":[158],"security-engineering":[159],"process.Overall,":[160],"aim":[162],"enhance":[164],"understanding":[166],"researchers":[168],"regarding":[171],"current":[172],"practices":[173],"related":[174],"handling":[176],"well":[180],"open":[182],"challenges.":[183]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-06-05T09:01:59.212387","created_date":"2025-10-10T00:00:00"}