{"id":"https://openalex.org/W2097659525","doi":"https://doi.org/10.1145/2683467.2683472","title":"Vulnerabilities as Blind Spots in Developer's Heuristic-Based Decision-Making Processes","display_name":"Vulnerabilities as Blind Spots in Developer's Heuristic-Based Decision-Making Processes","publication_year":2014,"publication_date":"2014-09-15","ids":{"openalex":"https://openalex.org/W2097659525","doi":"https://doi.org/10.1145/2683467.2683472","mag":"2097659525"},"language":"en","primary_location":{"id":"doi:10.1145/2683467.2683472","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2683467.2683472","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2014 New Security Paradigms Workshop","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5030900037","display_name":"Justin Cappos","orcid":"https://orcid.org/0000-0003-1926-8544"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Justin Cappos","raw_affiliation_strings":["NYU, New York, NY, USA"],"affiliations":[{"raw_affiliation_string":"NYU, New York, NY, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072959708","display_name":"Yanyan Zhuang","orcid":"https://orcid.org/0000-0002-8407-0801"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yanyan Zhuang","raw_affiliation_strings":["NYU, New York, NY, USA"],"affiliations":[{"raw_affiliation_string":"NYU, New York, NY, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059521006","display_name":"Daniela Oliveira","orcid":"https://orcid.org/0000-0001-7159-2638"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Daniela Oliveira","raw_affiliation_strings":["University of Florida, Gainesville, FL, USA","University of Florida , Gainesville , FL USA"],"affiliations":[{"raw_affiliation_string":"University of Florida, Gainesville, FL, USA","institution_ids":["https://openalex.org/I33213144"]},{"raw_affiliation_string":"University of Florida , Gainesville , FL USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011059691","display_name":"Marissa Rosenthal","orcid":null},"institutions":[{"id":"https://openalex.org/I135474949","display_name":"Bowdoin College","ror":"https://ror.org/03gh96r95","country_code":"US","type":"education","lineage":["https://openalex.org/I135474949"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Marissa Rosenthal","raw_affiliation_strings":["Bowdoin College, Brunswick, ME, USA"],"affiliations":[{"raw_affiliation_string":"Bowdoin College, Brunswick, ME, USA","institution_ids":["https://openalex.org/I135474949"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5045227171","display_name":"Kuo-Chuan Yeh","orcid":null},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kuo-Chuan Yeh","raw_affiliation_strings":["Pennsylvania State University, State College, PA, USA","Pennsylvania State University, State College, PA., USA#TAB#"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, State College, PA, USA","institution_ids":["https://openalex.org/I130769515"]},{"raw_affiliation_string":"Pennsylvania State University, State College, PA., USA#TAB#","institution_ids":["https://openalex.org/I130769515"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5030900037"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.1557,"has_fulltext":false,"cited_by_count":13,"citation_normalized_percentile":{"value":0.93002247,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"53","last_page":"62"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.8392086029052734},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7997227907180786},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6479585766792297},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6164038181304932},{"id":"https://openalex.org/keywords/heuristic","display_name":"Heuristic","score":0.5052698254585266},{"id":"https://openalex.org/keywords/buffer-overflow","display_name":"Buffer overflow","score":0.49402886629104614},{"id":"https://openalex.org/keywords/blame","display_name":"Blame","score":0.4868573546409607},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4716036915779114},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.4661940634250641},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.45929259061813354},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.45066818594932556},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.4095367193222046},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.3961409628391266},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.28633391857147217},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2474217712879181},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.21707206964492798},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.15330550074577332},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.0931033194065094}],"concepts":[{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.8392086029052734},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7997227907180786},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6479585766792297},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6164038181304932},{"id":"https://openalex.org/C173801870","wikidata":"https://www.wikidata.org/wiki/Q201413","display_name":"Heuristic","level":2,"score":0.5052698254585266},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.49402886629104614},{"id":"https://openalex.org/C2781466463","wikidata":"https://www.wikidata.org/wiki/Q621695","display_name":"Blame","level":2,"score":0.4868573546409607},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4716036915779114},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.4661940634250641},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.45929259061813354},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.45066818594932556},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4095367193222046},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.3961409628391266},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.28633391857147217},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2474217712879181},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.21707206964492798},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.15330550074577332},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0931033194065094},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C118552586","wikidata":"https://www.wikidata.org/wiki/Q7867","display_name":"Psychiatry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2683467.2683472","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2683467.2683472","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2014 New Security Paradigms Workshop","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.75}],"awards":[{"id":"https://openalex.org/G3512709930","display_name":null,"funder_award_id":"CNS-1149730","funder_id":"https://openalex.org/F4320337388","funder_display_name":"Division of Computer and Network Systems"},{"id":"https://openalex.org/G6854273480","display_name":null,"funder_award_id":"CNS-1223588","funder_id":"https://openalex.org/F4320337388","funder_display_name":"Division of Computer and Network Systems"}],"funders":[{"id":"https://openalex.org/F4320337388","display_name":"Division of Computer and Network Systems","ror":"https://ror.org/02rdzmk74"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":68,"referenced_works":["https://openalex.org/W534311","https://openalex.org/W41320236","https://openalex.org/W110007310","https://openalex.org/W120838261","https://openalex.org/W1482945316","https://openalex.org/W1483280370","https://openalex.org/W1496846256","https://openalex.org/W1545666019","https://openalex.org/W1559645909","https://openalex.org/W1569894411","https://openalex.org/W1570448133","https://openalex.org/W1571024205","https://openalex.org/W1607666861","https://openalex.org/W1627521255","https://openalex.org/W1655226010","https://openalex.org/W1662961914","https://openalex.org/W1825341937","https://openalex.org/W1830390849","https://openalex.org/W1967973918","https://openalex.org/W1967975801","https://openalex.org/W1988510359","https://openalex.org/W1993325457","https://openalex.org/W1994288483","https://openalex.org/W1995626000","https://openalex.org/W1995843875","https://openalex.org/W1997843800","https://openalex.org/W2002169919","https://openalex.org/W2002664886","https://openalex.org/W2004685423","https://openalex.org/W2011698232","https://openalex.org/W2015595295","https://openalex.org/W2017812265","https://openalex.org/W2032493761","https://openalex.org/W2040356698","https://openalex.org/W2040810017","https://openalex.org/W2045571829","https://openalex.org/W2045591401","https://openalex.org/W2079656678","https://openalex.org/W2086553822","https://openalex.org/W2096738131","https://openalex.org/W2098681705","https://openalex.org/W2101512909","https://openalex.org/W2101916222","https://openalex.org/W2105284832","https://openalex.org/W2109540106","https://openalex.org/W2115281393","https://openalex.org/W2116818527","https://openalex.org/W2125487889","https://openalex.org/W2126513985","https://openalex.org/W2135599336","https://openalex.org/W2136173752","https://openalex.org/W2138502710","https://openalex.org/W2145161351","https://openalex.org/W2147694558","https://openalex.org/W2148694408","https://openalex.org/W2155227261","https://openalex.org/W2159856414","https://openalex.org/W2166870764","https://openalex.org/W2284691406","https://openalex.org/W2406775074","https://openalex.org/W2496323672","https://openalex.org/W2907671633","https://openalex.org/W2966207845","https://openalex.org/W3144900023","https://openalex.org/W4205844366","https://openalex.org/W6638431742","https://openalex.org/W6650719828","https://openalex.org/W6678849564"],"related_works":["https://openalex.org/W2560421591","https://openalex.org/W1978034799","https://openalex.org/W2796094063","https://openalex.org/W2293245356","https://openalex.org/W4384518368","https://openalex.org/W2537414278","https://openalex.org/W2123075981","https://openalex.org/W2062583373","https://openalex.org/W2509785410","https://openalex.org/W2383958993"],"abstract_inverted_index":{"The":[0],"security":[1,8,64,80,124],"community":[2],"spares":[3],"no":[4],"effort":[5],"in":[6,24,47,91,140,163],"emphasizing":[7],"awareness":[9],"and":[10,32,40,158,180],"the":[11,18,51,58,112,178,183],"importance":[12],"of":[13,20,63,182,186],"building":[14],"secure":[15],"software.":[16],"However,":[17],"number":[19],"new":[21,70,79],"vulnerabilities":[22,84,137],"found":[23],"today's":[25],"systems":[26],"is":[27,103,122],"still":[28,44],"increasing.":[29],"Furthermore,":[30],"old":[31],"well-studied":[33],"vulnerability":[34,48],"types":[35],"such":[36,98],"as":[37,87,136],"buffer":[38],"overflows":[39],"SQL":[41],"injections,":[42],"are":[43,85],"repeatedly":[45],"reported":[46],"databases.":[49],"Historically,":[50],"common":[52],"response":[53],"has":[54],"been":[55],"to":[56,72,127,177],"blame":[57],"developers":[59,132],"for":[60,156],"their":[61,92,134],"lack":[62],"education.":[65],"This":[66,119],"paper":[67,151],"discusses":[68,170],"a":[69,78,99,153],"hypothesis":[71],"explain":[73],"this":[74,148,150,172],"problem":[75],"by":[76,131],"introducing":[77],"paradigm":[81],"where":[82,105],"software":[83],"viewed":[86],"developers'":[88],"blind":[89,161],"spots":[90,162],"decision":[93],"making.":[94],"We":[95],"argue":[96],"that":[97,123],"flawed":[100],"mental":[101],"process":[102],"heuristic-based,":[104],"humans":[106],"solve":[107],"problems":[108],"without":[109],"considering":[110],"all":[111],"information":[113,145],"available,":[114],"just":[115],"like":[116],"taking":[117],"shortcuts.":[118],"paper's":[120],"thesis":[121],"thinking":[125],"tends":[126],"be":[128,175],"left":[129],"out":[130],"during":[133],"programming,":[135],"usually":[138],"exist":[139],"corner":[141],"cases":[142],"with":[143],"unusual":[144],"flows.":[146],"Leveraging":[147],"paradigm,":[149],"introduces":[152],"novel":[154],"methodology":[155,173],"capturing":[157],"understanding":[159],"security-related":[160],"Application":[164],"Programming":[165],"Interfaces":[166],"(APIs).":[167],"Finally,":[168],"it":[169],"how":[171],"can":[174],"applied":[176],"design":[179],"implementation":[181],"next":[184],"generation":[185],"automated":[187],"diagnosis":[188],"tools.":[189]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":2},{"year":2014,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}