{"id":"https://openalex.org/W2782969241","doi":"https://doi.org/10.23919/fruct.2017.8250205","title":"Software security in open source development: A systematic literature review","display_name":"Software security in open source development: A systematic literature review","publication_year":2017,"publication_date":"2017-11-01","ids":{"openalex":"https://openalex.org/W2782969241","doi":"https://doi.org/10.23919/fruct.2017.8250205","mag":"2782969241"},"language":"en","primary_location":{"id":"doi:10.23919/fruct.2017.8250205","is_oa":false,"landing_page_url":"https://doi.org/10.23919/fruct.2017.8250205","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 21st Conference of Open Innovations Association (FRUCT)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doaj.org/article/26da1762d2e24b9993bab4abd1049385","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5023668857","display_name":"Shao-Fang Wen","orcid":"https://orcid.org/0000-0002-6228-8367"},"institutions":[{"id":"https://openalex.org/I204778367","display_name":"Norwegian University of Science and Technology","ror":"https://ror.org/05xg72x27","country_code":"NO","type":"education","lineage":["https://openalex.org/I204778367"]}],"countries":["NO"],"is_corresponding":true,"raw_author_name":"Shao-Fang Wen","raw_affiliation_strings":["Norwegian University of Science and Technology, Gj\u00f8vik, Norway"],"affiliations":[{"raw_affiliation_string":"Norwegian University of Science and Technology, Gj\u00f8vik, Norway","institution_ids":["https://openalex.org/I204778367"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5023668857"],"corresponding_institution_ids":["https://openalex.org/I204778367"],"apc_list":null,"apc_paid":null,"fwci":3.907,"has_fulltext":false,"cited_by_count":28,"citation_normalized_percentile":{"value":0.9412695,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"364","last_page":"373"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11675","display_name":"Open Source Software Innovations","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1706","display_name":"Computer Science Applications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11675","display_name":"Open Source Software Innovations","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1706","display_name":"Computer Science Applications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9825000166893005,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/sociotechnical-system","display_name":"Sociotechnical system","score":0.7977076768875122},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6272187829017639},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.6107643246650696},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5775728225708008},{"id":"https://openalex.org/keywords/open-source-software-development","display_name":"Open-source software development","score":0.5020349025726318},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5009937286376953},{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.4786152243614197},{"id":"https://openalex.org/keywords/security-bug","display_name":"Security bug","score":0.42842909693717957},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.41707485914230347},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.415671169757843},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.40045028924942017},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.3172622323036194},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.2780528664588928},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2675034999847412},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.2539556920528412},{"id":"https://openalex.org/keywords/geography","display_name":"Geography","score":0.06493031978607178}],"concepts":[{"id":"https://openalex.org/C127627568","wikidata":"https://www.wikidata.org/wiki/Q1639361","display_name":"Sociotechnical system","level":2,"score":0.7977076768875122},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6272187829017639},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.6107643246650696},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5775728225708008},{"id":"https://openalex.org/C2778642129","wikidata":"https://www.wikidata.org/wiki/Q7096425","display_name":"Open-source software development","level":4,"score":0.5020349025726318},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5009937286376953},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.4786152243614197},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.42842909693717957},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.41707485914230347},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.415671169757843},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.40045028924942017},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.3172622323036194},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2780528664588928},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2675034999847412},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.2539556920528412},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.06493031978607178},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.23919/fruct.2017.8250205","is_oa":false,"landing_page_url":"https://doi.org/10.23919/fruct.2017.8250205","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 21st Conference of Open Innovations Association (FRUCT)","raw_type":"proceedings-article"},{"id":"pmh:oai:doaj.org/article:26da1762d2e24b9993bab4abd1049385","is_oa":true,"landing_page_url":"https://doaj.org/article/26da1762d2e24b9993bab4abd1049385","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Proceedings of the XXth Conference of Open Innovations Association FRUCT, Vol 562, Iss 21, Pp 364-373 (2017)","raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:doaj.org/article:26da1762d2e24b9993bab4abd1049385","is_oa":true,"landing_page_url":"https://doaj.org/article/26da1762d2e24b9993bab4abd1049385","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Proceedings of the XXth Conference of Open Innovations Association FRUCT, Vol 562, Iss 21, Pp 364-373 (2017)","raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":70,"referenced_works":["https://openalex.org/W79287378","https://openalex.org/W86922606","https://openalex.org/W115844736","https://openalex.org/W1674932407","https://openalex.org/W1680889589","https://openalex.org/W1966276021","https://openalex.org/W1973175197","https://openalex.org/W1986222079","https://openalex.org/W1995606787","https://openalex.org/W2000245039","https://openalex.org/W2006624349","https://openalex.org/W2028486686","https://openalex.org/W2043574861","https://openalex.org/W2045165270","https://openalex.org/W2049736950","https://openalex.org/W2055837583","https://openalex.org/W2057366964","https://openalex.org/W2060190987","https://openalex.org/W2063058836","https://openalex.org/W2080951893","https://openalex.org/W2084120184","https://openalex.org/W2088498570","https://openalex.org/W2096270357","https://openalex.org/W2098681705","https://openalex.org/W2099183630","https://openalex.org/W2102099252","https://openalex.org/W2105702229","https://openalex.org/W2107294940","https://openalex.org/W2109156518","https://openalex.org/W2122982761","https://openalex.org/W2124100711","https://openalex.org/W2131014920","https://openalex.org/W2136173752","https://openalex.org/W2136421959","https://openalex.org/W2137185783","https://openalex.org/W2138783984","https://openalex.org/W2141168725","https://openalex.org/W2150733606","https://openalex.org/W2151306939","https://openalex.org/W2156633971","https://openalex.org/W2160175301","https://openalex.org/W2168894761","https://openalex.org/W2186103202","https://openalex.org/W2194432963","https://openalex.org/W2202341549","https://openalex.org/W2219071592","https://openalex.org/W2335416532","https://openalex.org/W2344018727","https://openalex.org/W2396161363","https://openalex.org/W2402821523","https://openalex.org/W2479682920","https://openalex.org/W2529876984","https://openalex.org/W2554593582","https://openalex.org/W2557302400","https://openalex.org/W2564265768","https://openalex.org/W2571995300","https://openalex.org/W2653739882","https://openalex.org/W2810922510","https://openalex.org/W2993143933","https://openalex.org/W3211341298","https://openalex.org/W4243240013","https://openalex.org/W4285719527","https://openalex.org/W6603477600","https://openalex.org/W6680318066","https://openalex.org/W6687731503","https://openalex.org/W6712204871","https://openalex.org/W6730167834","https://openalex.org/W6731547051","https://openalex.org/W6753132335","https://openalex.org/W6803329020"],"related_works":["https://openalex.org/W1978034799","https://openalex.org/W2100022726","https://openalex.org/W3189065608","https://openalex.org/W4313307479","https://openalex.org/W2545999784","https://openalex.org/W2293678011","https://openalex.org/W2058567876","https://openalex.org/W3208699506","https://openalex.org/W896362041","https://openalex.org/W2063058836"],"abstract_inverted_index":{"Despite":[0],"the":[1,6,15,31,64,69,93,98,111,141],"security":[2,28,57,66,70,94,114,144],"community's":[3],"emphasis":[4],"on":[5,140],"importance":[7],"of":[8,17,55,100,143],"building":[9],"secure":[10],"open":[11,101],"source":[12,102],"software":[13,27,56],"(OSS),":[14],"number":[16],"new":[18],"vulnerabilities":[19],"found":[20],"in":[21,97,116,128,147],"OSS":[22,60,117,148],"is":[23,29,86,110],"increasing.":[24],"In":[25,74],"addition,":[26],"about":[30],"people":[32],"that":[33],"develop":[34],"and":[35,39,68,91,132],"use":[36],"those":[37],"applications":[38],"how":[40],"their":[41],"vulnerable":[42],"behaviors":[43],"can":[44],"lead":[45],"to":[46,50,62,88],"exploitation.":[47],"This":[48],"leads":[49],"a":[51,77,82],"need":[52],"for":[53,59],"reiteration":[54],"studies":[58,95],"developments":[61],"understand":[63],"existing":[65],"practices":[67],"weakness":[71],"among":[72],"them.":[73],"this":[75,129],"paper,":[76],"systematic":[78],"review":[79],"method":[80],"with":[81],"sociotechnical":[83],"analysis":[84],"approach":[85],"applied":[87],"identify,":[89],"extract":[90],"analyze":[92],"conducted":[96,138],"context":[99],"development.":[103,149],"The":[104,120],"findings":[105],"include:":[106],"(1)":[107],"System":[108],"verification":[109],"most":[112],"cited":[113],"area":[115],"research;":[118],"(2)":[119],"socio-technical":[121],"perspective":[122],"has":[123,136],"not":[124],"gained":[125],"much":[126],"attention":[127],"research":[130,135],"area;":[131],"(3)":[133],"No":[134],"been":[137],"focusing":[139],"aspects":[142],"knowledge":[145],"management":[146]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":4}],"updated_date":"2026-03-16T09:10:04.655348","created_date":"2025-10-10T00:00:00"}