{"id":"https://openalex.org/W7127336416","doi":"https://doi.org/10.1145/3786151.3788599","title":"From Detection to Prevention: Explaining Security-Critical Code to Avoid Vulnerabilities","display_name":"From Detection to Prevention: Explaining Security-Critical Code to Avoid Vulnerabilities","publication_year":2026,"publication_date":"2026-04-12","ids":{"openalex":"https://openalex.org/W7127336416","doi":"https://doi.org/10.1145/3786151.3788599"},"language":null,"primary_location":{"id":"doi:10.1145/3786151.3788599","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3786151.3788599","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 3rd ACM/IEEE International Workshop on Integrated Development Environments","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3786151.3788599","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5035389880","display_name":"Ranjith Krishnamurthy","orcid":"https://orcid.org/0000-0002-0906-5463"},"institutions":[{"id":"https://openalex.org/I206945453","display_name":"Paderborn University","ror":"https://ror.org/058kzsd48","country_code":"DE","type":"education","lineage":["https://openalex.org/I206945453"]},{"id":"https://openalex.org/I4210093498","display_name":"Fraunhofer Institute for Mechatronic Systems Design","ror":"https://ror.org/004nttc42","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210093498","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ranjith Krishnamurthy","raw_affiliation_strings":["Paderborn University, Paderborn, North Rhine-Westphalia, Germany and Fraunhofer IEM, Paderborn, North Rhine-Westphalia, Germany"],"raw_orcid":"https://orcid.org/0000-0002-0906-5463","affiliations":[{"raw_affiliation_string":"Paderborn University, Paderborn, North Rhine-Westphalia, Germany and Fraunhofer IEM, Paderborn, North Rhine-Westphalia, Germany","institution_ids":["https://openalex.org/I4210093498","https://openalex.org/I206945453"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054253440","display_name":"Oshando Johnson","orcid":null},"institutions":[{"id":"https://openalex.org/I4210093498","display_name":"Fraunhofer Institute for Mechatronic Systems Design","ror":"https://ror.org/004nttc42","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210093498","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Oshando Johnson","raw_affiliation_strings":["Fraunhofer IEM, Paderborn, North Rhine-Westphalia, Germany"],"raw_orcid":"https://orcid.org/0009-0001-1884-7969","affiliations":[{"raw_affiliation_string":"Fraunhofer IEM, Paderborn, North Rhine-Westphalia, Germany","institution_ids":["https://openalex.org/I4210093498"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077569016","display_name":"Goran Piskachev","orcid":"https://orcid.org/0000-0003-4424-5838"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Goran Piskachev","raw_affiliation_strings":["Amazon Web Services, New York, USA"],"raw_orcid":"https://orcid.org/0000-0003-4424-5838","affiliations":[{"raw_affiliation_string":"Amazon Web Services, New York, USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059468624","display_name":"Eric Bodden","orcid":null},"institutions":[{"id":"https://openalex.org/I206945453","display_name":"Paderborn University","ror":"https://ror.org/058kzsd48","country_code":"DE","type":"education","lineage":["https://openalex.org/I206945453"]},{"id":"https://openalex.org/I4210093498","display_name":"Fraunhofer Institute for Mechatronic Systems Design","ror":"https://ror.org/004nttc42","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210093498","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Eric Bodden","raw_affiliation_strings":["Paderborn University, Paderborn, North Rhine-Westphalia, Germany and Fraunhofer IEM, Paderborn, North Rhine-Westphalia, Germany"],"raw_orcid":"https://orcid.org/0000-0003-3470-3647","affiliations":[{"raw_affiliation_string":"Paderborn University, Paderborn, North Rhine-Westphalia, Germany and Fraunhofer IEM, Paderborn, North Rhine-Westphalia, Germany","institution_ids":["https://openalex.org/I4210093498","https://openalex.org/I206945453"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.10977355,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"46","last_page":"49"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.4300000071525574,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.4300000071525574,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.2540999948978424,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.07530000060796738,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.6442999839782715},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5407000184059143},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.5203999876976013},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4580000042915344},{"id":"https://openalex.org/keywords/plug-in","display_name":"Plug-in","score":0.4381999969482422},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.3953000009059906},{"id":"https://openalex.org/keywords/application-security","display_name":"Application security","score":0.362199991941452},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.35350000858306885}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7613000273704529},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.6442999839782715},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5407000184059143},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.5203999876976013},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4839000105857849},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4580000042915344},{"id":"https://openalex.org/C4924752","wikidata":"https://www.wikidata.org/wiki/Q184148","display_name":"Plug-in","level":2,"score":0.4381999969482422},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.3953000009059906},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.38190001249313354},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.362199991941452},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.35350000858306885},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.3425999879837036},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.33709999918937683},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.32199999690055847},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.3206000030040741},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.31220000982284546},{"id":"https://openalex.org/C150292731","wikidata":"https://www.wikidata.org/wiki/Q1342704","display_name":"Code review","level":5,"score":0.3100999891757965},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.29510000348091125},{"id":"https://openalex.org/C2780966255","wikidata":"https://www.wikidata.org/wiki/Q5474306","display_name":"Foundation (evidence)","level":2,"score":0.2904999852180481},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.2809999883174896},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.28029999136924744},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.27230000495910645},{"id":"https://openalex.org/C101317890","wikidata":"https://www.wikidata.org/wiki/Q940053","display_name":"Software maintenance","level":4,"score":0.2563999891281128}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3786151.3788599","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3786151.3788599","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 3rd ACM/IEEE International Workshop on Integrated Development Environments","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2602.00711","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2602.00711","pdf_url":"https://arxiv.org/pdf/2602.00711","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:doi:10.48550/arxiv.2602.00711","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"}],"best_oa_location":{"id":"doi:10.1145/3786151.3788599","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3786151.3788599","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 3rd ACM/IEEE International Workshop on Integrated Development Environments","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7188154458999634,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Security":[0],"vulnerabilities":[1,26,46],"often":[2],"arise":[3],"unintentionally":[4],"during":[5],"development":[6],"due":[7],"to":[8,35,44,84,94],"a":[9,41],"lack":[10],"of":[11,132],"security":[12],"expertise":[13],"and":[14,22,61,65,89,143],"code":[15,49],"complexity.":[16],"Traditional":[17],"tools,":[18],"such":[19,56],"as":[20,57],"static":[21],"dynamic":[23],"analysis,":[24],"detect":[25],"only":[27],"after":[28],"they":[29],"are":[30],"introduced":[31],"in":[32],"code,":[33],"leading":[34],"costly":[36],"remediation.":[37],"This":[38],"work":[39,135],"explores":[40],"proactive":[42],"strategy":[43],"prevent":[45],"by":[47],"highlighting":[48],"regions":[50],"that":[51,79,106],"implement":[52],"security-critical":[53,87,113],"functionality":[54],"--":[55,64],"data":[58],"access,":[59],"authentication,":[60],"input":[62],"handling":[63],"providing":[66],"guidance":[67],"for":[68,139],"their":[69],"secure":[70],"implementation.":[71],"We":[72],"present":[73],"an":[74,116],"IntelliJ":[75],"IDEA":[76],"plugin":[77],"prototype":[78],"uses":[80],"code-level":[81,140],"software":[82],"metrics":[83,109,124,142],"identify":[85,110],"potentially":[86],"methods":[88],"large":[90],"language":[91],"models":[92],"(LLMs)":[93],"generate":[95],"prevention-oriented":[96],"explanations.":[97,145],"Our":[98],"initial":[99],"evaluation":[100],"on":[101],"the":[102,107,137],"Spring-PetClinic":[103],"application":[104],"shows":[105],"selected":[108],"most":[111],"known":[112],"methods,":[114],"while":[115],"LLM":[117],"provides":[118],"actionable,":[119],"prevention-focused":[120],"insights.":[121],"Although":[122],"these":[123],"capture":[125],"structural":[126],"properties":[127],"rather":[128],"than":[129],"semantic":[130],"aspects":[131],"security,":[133],"this":[134],"lays":[136],"foundation":[138],"security-aware":[141],"enhanced":[144]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-02-04T00:00:00"}