{"id":"https://openalex.org/W2603117807","doi":"https://doi.org/10.1145/3055305.3055312","title":"Surveying Security Practice Adherence in Software Development","display_name":"Surveying Security Practice Adherence in Software Development","publication_year":2017,"publication_date":"2017-03-28","ids":{"openalex":"https://openalex.org/W2603117807","doi":"https://doi.org/10.1145/3055305.3055312","mag":"2603117807"},"language":"en","primary_location":{"id":"doi:10.1145/3055305.3055312","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3055305.3055312","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101506825","display_name":"Patrick Morrison","orcid":"https://orcid.org/0000-0003-0773-7817"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Patrick Morrison","raw_affiliation_strings":["Department of Computer Science, North Carolina State University, Raleigh, North Carolina"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, North Carolina State University, Raleigh, North Carolina","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Benjamin H. Smith","orcid":null},"institutions":[{"id":"https://openalex.org/I4210090916","display_name":"Triangle","ror":"https://ror.org/00fhbr831","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I4210090916"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Benjamin H. Smith","raw_affiliation_strings":["Emerging Technology Institute IBM, Inc., Research Triangle Park, NC"],"affiliations":[{"raw_affiliation_string":"Emerging Technology Institute IBM, Inc., Research Triangle Park, NC","institution_ids":["https://openalex.org/I4210090916"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5028171895","display_name":"Laurie Williams","orcid":"https://orcid.org/0000-0003-3300-6540"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Laurie Williams","raw_affiliation_strings":["Department of Computer Science, North Carolina State University, Raleigh, North Carolina"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, North Carolina State University, Raleigh, North Carolina","institution_ids":["https://openalex.org/I137902535"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5101506825"],"corresponding_institution_ids":["https://openalex.org/I137902535"],"apc_list":null,"apc_paid":null,"fwci":4.0472,"has_fulltext":false,"cited_by_count":20,"citation_normalized_percentile":{"value":0.94486631,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"85","last_page":"94"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11675","display_name":"Open Source Software Innovations","score":0.9941999912261963,"subfield":{"id":"https://openalex.org/subfields/1706","display_name":"Computer Science Applications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.7395306825637817},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.622793436050415},{"id":"https://openalex.org/keywords/best-practice","display_name":"Best practice","score":0.6051506996154785},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5875756740570068},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.5393677949905396},{"id":"https://openalex.org/keywords/standard-of-good-practice","display_name":"Standard of Good Practice","score":0.4644581973552704},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.4377814829349518},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4304659962654114},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.41125473380088806},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.37328040599823},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.3292160630226135},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.28607845306396484},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.2504994869232178},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.20153671503067017}],"concepts":[{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.7395306825637817},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.622793436050415},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.6051506996154785},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5875756740570068},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.5393677949905396},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.4644581973552704},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.4377814829349518},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4304659962654114},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.41125473380088806},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.37328040599823},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3292160630226135},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.28607845306396484},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2504994869232178},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.20153671503067017},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.0},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3055305.3055312","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3055305.3055312","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5,"id":"https://metadata.un.org/sdg/17","display_name":"Partnerships for the goals"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320310013","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W608574129","https://openalex.org/W1515587369","https://openalex.org/W1557992034","https://openalex.org/W1570358538","https://openalex.org/W1665332082","https://openalex.org/W1791587663","https://openalex.org/W1978993894","https://openalex.org/W1993575476","https://openalex.org/W2008681738","https://openalex.org/W2008712567","https://openalex.org/W2015004885","https://openalex.org/W2032347336","https://openalex.org/W2062723458","https://openalex.org/W2100379340","https://openalex.org/W2112657059","https://openalex.org/W2118338381","https://openalex.org/W2122220008","https://openalex.org/W2126762719","https://openalex.org/W2132193820","https://openalex.org/W2135617001","https://openalex.org/W2191018382","https://openalex.org/W2563098966","https://openalex.org/W2624972722","https://openalex.org/W6679025045"],"related_works":["https://openalex.org/W2141388993","https://openalex.org/W1978034799","https://openalex.org/W2999607548","https://openalex.org/W2956597637","https://openalex.org/W2293245356","https://openalex.org/W23486959","https://openalex.org/W1588942021","https://openalex.org/W2155353733","https://openalex.org/W4384518368","https://openalex.org/W4225160120"],"abstract_inverted_index":{"Software":[0],"development":[1,12,78,105],"teams":[2],"are":[3,189],"increasingly":[4],"incorporating":[5],"security":[6,29,45,55,61,79,89,106,169],"practices":[7,46,90,107,135,170,191],"in":[8,38,56,237],"to":[9,72,147],"their":[10,238],"software":[11,58,77,104],"processes.":[13],"However,":[14],"little":[15],"empirical":[16,149],"evidence":[17],"exists":[18],"on":[19,122,243],"the":[20,26,32,36,48,112,131,167,190,213],"costs":[21,37],"and":[22,41,47,64,84,91,97,114,136,184,203,232],"benefits":[23,63],"associated":[24],"with":[25,217,227,240],"application":[27],"of":[28,43,50,54,68,76,88,111,118,154,166,200,234],"practices.":[30],"Balancing":[31],"trade":[33],"off":[34],"between":[35],"time,":[39],"effort,":[40],"complexity":[42],"applying":[44,185],"benefit":[49],"an":[51],"appropriate":[52],"level":[53],"delivered":[57],"requires":[59],"measuring":[60],"practice":[62,80,158,218,228,241,245,247],"costs.":[65],"The":[66],"goal":[67],"this":[69],"research":[70],"is":[71,224],"support":[73],"researcher":[74],"investigations":[75],"adherence":[81,92,119,138],"by":[82,176,246],"building":[83],"validating":[85],"a":[86,109,116,128,152,244],"set":[87,117],"measures":[93,120],"through":[94],"literature":[95],"review":[96,110],"survey":[98,129,163,180],"data":[99,150],"analysis.":[100],"We":[101,126,140],"extracted":[102],"16":[103],"from":[108],"literature,":[113],"established":[115],"based":[121],"technology":[123],"acceptance":[124],"theory.":[125],"built":[127],"around":[130],"13":[132,168],"most":[133,192],"common":[134],"our":[137,155,161,197,221],"measures.":[139],"surveyed":[141],"11":[142],"security-focused":[143],"open":[144],"source":[145],"projects":[146],"collect":[148],"as":[151],"test":[153],"theorizing":[156],"about":[157],"adherence.":[159],"In":[160,196,220],"collected":[162],"data,":[164,198,222],"each":[165],"we":[171],"identified":[172],"was":[173],"used":[174],"daily":[175],"at":[177],"least":[178],"one":[179],"participant.":[181],"Tracking":[182],"vulnerabilities":[183],"secure":[186],"coding":[187],"standards":[188],"often":[193],"applied":[194],"daily.":[195],"Ease":[199,233],"use,":[201,229],"Effectiveness,":[202],"Training,":[204],"measured":[205],"via":[206],"Likert":[207],"items,":[208],"did":[209],"not":[210],"always":[211],"show":[212],"expected":[214],"theoretical":[215],"relationship":[216],"use.":[219],"Training":[223],"positively":[225],"correlated":[226],"while":[230],"Effectiveness":[231],"use":[235,242],"vary":[236],"correlations":[239],"basis.":[248]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":2}],"updated_date":"2026-04-23T09:07:50.710637","created_date":"2025-10-10T00:00:00"}