{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T12:29:13Z","timestamp":1743078553229,"version":"3.40.3"},"publisher-location":"Cham","reference-count":48,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030129415"},{"type":"electronic","value":"9783030129422"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-12942-2_6","type":"book-chapter","created":{"date-parts":[[2019,2,5]],"date-time":"2019-02-05T13:26:50Z","timestamp":1549373210000},"page":"53-70","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Security Knowledge Management in Open Source Software Communities"],"prefix":"10.1007","author":[{"given":"Shao-Fang","family":"Wen","sequence":"first","affiliation":[]},{"given":"Mazaher","family":"Kianpour","sequence":"additional","affiliation":[]},{"given":"Basel","family":"Katt","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,2,6]]},"reference":[{"key":"6_CR1","doi-asserted-by":"crossref","unstructured":"Humes, L.L.: Communities of practice for open source software. In: Handbook of Research on Open Source Software: Technological, Economic, and Social Perspectives, pp. 610\u2013623. IGI Global (2007)","DOI":"10.4018\/978-1-59140-999-1.ch047"},{"issue":"2","key":"6_CR2","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1002\/spip.255","volume":"11","author":"W Scacchi","year":"2006","unstructured":"Scacchi, W., et al.: Understanding free\/open source software development processes. Softw. Process: Improv. Pract. 11(2), 95\u2013105 (2006)","journal-title":"Softw. Process: Improv. Pract."},{"key":"6_CR3","volume-title":"Understanding Open Source Software Development","author":"J Feller","year":"2002","unstructured":"Feller, J., Fitzgerald, B.: Understanding Open Source Software Development. Addison-Wesley, London (2002)"},{"key":"6_CR4","series-title":"IFIP International Federation for Information Processing","doi-asserted-by":"publisher","first-page":"261","DOI":"10.1007\/0-387-34588-4_18","volume-title":"Social Inclusion: Societal and Organizational Implications for Information Systems","author":"J Feller","year":"2006","unstructured":"Feller, J., Finnegan, P., Kelly, D., MacNamara, M.: Developing open source software: a community-based analysis of research. In: Trauth, E.M., Howcroft, D., Butler, T., Fitzgerald, B., DeGross, J.I. (eds.) Social Inclusion: Societal and Organizational Implications for Information Systems. IIFIP, vol. 208, pp. 261\u2013278. Springer, Boston, MA (2006). https:\/\/doi.org\/10.1007\/0-387-34588-4_18"},{"key":"6_CR5","unstructured":"NorthBridge: 2016 Future of Open Source Survey. http:\/\/www.northbridge.com\/2016-future-open-source-survey-results"},{"key":"6_CR6","unstructured":"BlackDuck Software: 2017 Open Source Security and Risk Analysis. https:\/\/www.blackducksoftware.com\/open-source-security-risk-analysis-2017"},{"key":"6_CR7","doi-asserted-by":"crossref","unstructured":"Wen, S.-F.: Software security in open source development: a systematic literature review. In: Proceedings of the 21st Conference of Open Innovations Association FRUCT, Helsinki, Finland (2017)","DOI":"10.23919\/FRUCT.2017.8250205"},{"issue":"5","key":"6_CR8","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1016\/S1353-4858(16)30048-4","volume":"2016","author":"Mike Pittenger","year":"2016","unstructured":"Pittenger, M.: Know your open source code. Netw. Secur. 2016(5), 11\u201315 (2016)","journal-title":"Network Security"},{"key":"6_CR9","unstructured":"Levy, J.: Top Open Source Security Vulnerabilities. WhiteSource Blog. https:\/\/www.whitesourcesoftware.com\/whitesource-blog\/open-source-security-vulnerability\/ . Accessed 22 June 2018"},{"key":"6_CR10","doi-asserted-by":"crossref","unstructured":"Agrawal, A., et al.: We Don\u2019t Need Another Hero? The Impact of \u201cHeroes\u201d on Software Development. arXiv preprint arXiv:1710.09055 (2017)","DOI":"10.1145\/3183519.3183549"},{"key":"6_CR11","doi-asserted-by":"crossref","unstructured":"Benbya, H., Belbaly, N.: Understanding developers\u2019 motives in open source projects: a multi-theoretical framework (2010)","DOI":"10.17705\/1CAIS.02730"},{"key":"6_CR12","unstructured":"Jaatun, M.G., et al.: A lightweight approach to secure software engineering. In: A Multidisciplinary Introduction to Information Security, p. 183 (2011)"},{"key":"6_CR13","volume-title":"Software Security: Building Security In","author":"G McGraw","year":"2006","unstructured":"McGraw, G.: Software Security: Building Security In, vol. 1. Addison-Wesley Professional, Boston (2006)"},{"issue":"4","key":"6_CR14","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1109\/MSP.2005.103","volume":"3","author":"A Apvrille","year":"2005","unstructured":"Apvrille, A., Pourzandi, M.: Secure software development by example. IEEE Secur. Priv. 3(4), 10\u201317 (2005)","journal-title":"IEEE Secur. Priv."},{"key":"6_CR15","unstructured":"Wen, S.-F.: Hyper contextual software security management for open source software. In: STPIS@ CAiSE (2016)"},{"key":"6_CR16","volume-title":"Software Security Engineering: A Guide for Project Managers","author":"NR Mead","year":"2004","unstructured":"Mead, N.R., et al.: Software Security Engineering: A Guide for Project Managers. Addison-Wesley Professional, Boston (2004)"},{"key":"6_CR17","unstructured":"Viega, J., McGraw, G.R.: Building Secure Software: How to Avoid Security Problems the Right Way (2001)"},{"key":"6_CR18","unstructured":"Xie, J., Lipford, H.R., Chu, B.: Why do programmers make security errors? In: 2011 IEEE Symposium on Visual Languages and Human-Centric Computing (VL\/HCC). IEEE (2011)"},{"key":"6_CR19","volume-title":"Secure Coding: Principles and Practices","author":"M Graff","year":"2003","unstructured":"Graff, M., Van Wyk, K.R.: Secure Coding: Principles and Practices. O\u2019Reilly Media, Inc., Sebastopol (2003)"},{"issue":"2","key":"6_CR20","first-page":"2","volume":"4","author":"M Birkenkrahe","year":"2002","unstructured":"Birkenkrahe, M.: How large multi-nationals manage their knowledge. Bus. Rev. 4(2), 2\u201312 (2002)","journal-title":"Bus. Rev."},{"key":"6_CR21","unstructured":"Vaishnavi, V., Kuechler, W.: Design research in information systems (2004)"},{"issue":"1","key":"6_CR22","doi-asserted-by":"publisher","first-page":"75","DOI":"10.2307\/25148625","volume":"28","author":"RH Alan Von","year":"2004","unstructured":"Von Alan, R.H., et al.: Design science in information systems research. MIS Q. 28(1), 75\u2013105 (2004)","journal-title":"MIS Q."},{"issue":"8","key":"6_CR23","doi-asserted-by":"publisher","first-page":"786","DOI":"10.1109\/TSE.2016.2519887","volume":"42","author":"H Sharp","year":"2016","unstructured":"Sharp, H., Dittrich, Y., de Souza, C.R.: The role of ethnographic studies in empirical software engineering. IEEE Trans. Softw. Eng. 42(8), 786\u2013804 (2016)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"1","key":"6_CR24","doi-asserted-by":"publisher","first-page":"4","DOI":"10.1016\/j.intcom.2010.07.003","volume":"23","author":"G Baxter","year":"2011","unstructured":"Baxter, G., Sommerville, I.: Socio-technical systems: from design methods to systems engineering. Interact. Comput. 23(1), 4\u201317 (2011)","journal-title":"Interact. Comput."},{"key":"6_CR25","doi-asserted-by":"crossref","unstructured":"Kuhn, D.R., Raunak, M., Kacker, R.: An analysis of vulnerability trends, 2008\u20132016. In: 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). IEEE (2017)","DOI":"10.1109\/QRS-C.2017.106"},{"key":"6_CR26","volume-title":"Social Research","author":"T May","year":"2011","unstructured":"May, T.: Social Research. McGraw-Hill Education, New York (UK) (2011)"},{"key":"6_CR27","doi-asserted-by":"crossref","unstructured":"Scacchi, W.: Understanding the requirements for developing open source software systems. In: IEE Proceedings\u2013Software. IET (2002)","DOI":"10.1049\/ip-sen:20020202"},{"key":"6_CR28","unstructured":"Kowalski, S.: IT insecurity: a multi-discipline inquiry. Ph.D. thesis, Department of Computer and System Sciences, University of Stockholm and Royal Institute of Technology, Sweden (1994). ISBN 91-7153-207-2"},{"key":"6_CR29","unstructured":"Al Sabbagh, B., Kowalski, S.: A socio-technical framework for threat modeling a software supply chain. In: The 2013 Dewald Roode Workshop on Information Systems Security Research, Niagara Falls, New York, USA, 4\u20135 October 2013. International Federation for Information Processing (2013)"},{"key":"6_CR30","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1007\/978-3-662-43745-2_8","volume-title":"Enterprise, Business-Process and Information Systems Modeling","author":"I Bider","year":"2014","unstructured":"Bider, I., Kowalski, S.: A framework for synchronizing human behavior, processes and support systems using a socio-technical approach. In: Bider, I., et al. (eds.) BPMDS\/EMMSAD -2014. LNBIP, vol. 175, pp. 109\u2013123. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-43745-2_8"},{"issue":"1","key":"6_CR31","doi-asserted-by":"publisher","first-page":"1","DOI":"10.4018\/jegr.2012010101","volume":"8","author":"G Karokola","year":"2012","unstructured":"Karokola, G., Yngstr\u00f6m, L., Kowalski, S.: Secure e-government services: a comparative analysis of e-government maturity models for the developing regions\u2013the need for security services. Int. J. Electron. Gov. Res. (IJEGR) 8(1), 1\u201325 (2012)","journal-title":"Int. J. Electron. Gov. Res. (IJEGR)"},{"key":"6_CR32","unstructured":"Wahlgren, G., Kowalski, S.: Evaluation of escalation maturity model for IT security risk management: a design science work in progress. In: The 2014 Dewald Roode Workshop on Information Systems Security Research, IFIP WG8.11\/WG11.13. IFIP (2014)"},{"key":"6_CR33","unstructured":"Anttila, J., et al.: Fulfilling the needs for information security awareness and learning in information society. In: The 6th Annual Security Conference, Las Vegas (2007)"},{"issue":"3","key":"6_CR34","doi-asserted-by":"publisher","first-page":"359","DOI":"10.1080\/095373299107401","volume":"11","author":"SL Pan","year":"1999","unstructured":"Pan, S.L., Scarbrough, H.: Knowledge management in practice: an exploratory case study. Technol. Anal. Strateg. Manag. 11(3), 359\u2013374 (1999)","journal-title":"Technol. Anal. Strateg. Manag."},{"key":"6_CR35","unstructured":"Al Sabbagh, B., Kowalski, S.: Developing social metrics for security modeling the security culture of it workers individuals (case study). In: 2012 Mosharaka International Conference on Communications, Computers and Applications (MIC-CCA). IEEE (2012)"},{"issue":"2","key":"6_CR36","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1006\/knac.1993.1008","volume":"5","author":"TR Gruber","year":"1993","unstructured":"Gruber, T.R.: A translation approach to portable ontology specifications. Knowl. Acquisition 5(2), 199\u2013220 (1993)","journal-title":"Knowl. Acquisition"},{"issue":"4","key":"6_CR37","doi-asserted-by":"publisher","first-page":"494","DOI":"10.1145\/331983.331989","volume":"24","author":"Y Wand","year":"1999","unstructured":"Wand, Y., Storey, V.C., Weber, R.: An ontological analysis of the relationship construct in conceptual modeling. ACM Trans. Database Syst. (TODS) 24(4), 494\u2013528 (1999)","journal-title":"ACM Trans. Database Syst. (TODS)"},{"issue":"5\u20136","key":"6_CR38","doi-asserted-by":"publisher","first-page":"907","DOI":"10.1006\/ijhc.1995.1081","volume":"43","author":"TR Gruber","year":"1995","unstructured":"Gruber, T.R.: Toward principles for the design of ontologies used for knowledge sharing? Int. J. Hum. Comput. Stud. 43(5\u20136), 907\u2013928 (1995)","journal-title":"Int. J. Hum. Comput. Stud."},{"issue":"2","key":"6_CR39","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1017\/S0269888900007797","volume":"11","author":"M Uschold","year":"1996","unstructured":"Uschold, M., Gruninger, M.: Ontologies: principles, methods and applications. Knowl. Eng. Rev. 11(2), 93\u2013136 (1996)","journal-title":"Knowl. Eng. Rev."},{"key":"6_CR40","unstructured":"Noy, N.F., McGuinness, D.L.: Ontology development 101: a guide to creating your first ontology. Stanford Knowledge Systems Laboratory Technical Report KSL-01-05 and Stanford Medical Informatics Technical Report SMI-2001-0880, Stanford, CA (2001)"},{"issue":"3","key":"6_CR41","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/MPRV.2004.1321026","volume":"3","author":"X Wang","year":"2004","unstructured":"Wang, X., et al.: Semantic space: an infrastructure for smart spaces. IEEE Pervasive Comput. 3(3), 32\u201339 (2004)","journal-title":"IEEE Pervasive Comput."},{"issue":"2","key":"6_CR42","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1145\/503124.503146","volume":"45","author":"M Gruninger","year":"2002","unstructured":"Gruninger, M.: Ontology: applications and design. Commun. ACM 45(2), 39\u201341 (2002)","journal-title":"Commun. ACM"},{"key":"6_CR43","doi-asserted-by":"crossref","unstructured":"Khan, M.U.A., Zulkernine, M.: Quantifying security in secure software development phases. In: 32nd Annual IEEE International Computer Software and Applications, COMPSAC 2008. IEEE (2008)","DOI":"10.1109\/COMPSAC.2008.173"},{"key":"6_CR44","unstructured":"Chandra, P.: The Software Assurance Maturity Model-A guide to building security into software development (2009)"},{"issue":"3","key":"6_CR45","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1145\/185403.185412","volume":"26","author":"CE Landwehr","year":"1994","unstructured":"Landwehr, C.E., et al.: A taxonomy of computer program security flaws. ACM Comput. Surv. (CSUR) 26(3), 211\u2013254 (1994)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"6_CR46","unstructured":"MITRE: Common Weakness Enumeration, Frequently Asked Questions. https:\/\/cwe.mitre.org\/about\/faq.html#A.1"},{"issue":"1","key":"6_CR47","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1023\/A:1013132527007","volume":"14","author":"AM O\u2019donnell","year":"2002","unstructured":"O\u2019donnell, A.M., Dansereau, D.F., Hall, R.H.: Knowledge maps as scaffolds for cognitive processing. Educ. Psychol. Rev. 14(1), 71\u201386 (2002)","journal-title":"Educ. Psychol. Rev."},{"issue":"1","key":"6_CR48","doi-asserted-by":"crossref","first-page":"89","DOI":"10.3233\/SW-2012-0057","volume":"4","author":"T Tudorache","year":"2013","unstructured":"Tudorache, T., et al.: WebProt\u00e9g\u00e9: a collaborative ontology editor and knowledge acquisition tool for the web. Semant. Web 4(1), 89\u201399 (2013)","journal-title":"Semant. Web"}],"container-title":["Lecture Notes in Computer Science","Innovative Security Solutions for Information Technology and Communications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-12942-2_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,26]],"date-time":"2020-11-26T16:07:26Z","timestamp":1606406846000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-12942-2_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030129415","9783030129422"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-12942-2_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"6 February 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SECITC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security for Information Technology and Communications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bucharest","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Romania","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 November 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 November 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"itc2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.secitc.eu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"70","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"35","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"50% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"2.0","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"5.0","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Three papers of invited keynote speakers are included.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}