{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T21:23:08Z","timestamp":1768339388586,"version":"3.49.0"},"publisher-location":"Cham","reference-count":16,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031702440","type":"print"},{"value":"9783031702457","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-70245-7_28","type":"book-chapter","created":{"date-parts":[[2024,9,10]],"date-time":"2024-09-10T20:18:02Z","timestamp":1725999482000},"page":"399-407","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Do Static Analysis Tools Improve Awareness and\u00a0Attitude Toward Secure Software Development?"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0589-2349","authenticated-orcid":false,"given":"Sabato","family":"Nocera","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4880-3622","authenticated-orcid":false,"given":"Simone","family":"Romano","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3861-1902","authenticated-orcid":false,"given":"Dario","family":"Di Nucci","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6929-0056","authenticated-orcid":false,"given":"Rita","family":"Francese","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9337-5116","authenticated-orcid":false,"given":"Fabio","family":"Palomba","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0024-7508","authenticated-orcid":false,"given":"Giuseppe","family":"Scanniello","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,9,11]]},"reference":[{"key":"28_CR1","doi-asserted-by":"crossref","unstructured":"Almansoori, M., Lam, J., Fang, E., Mulligan, K., Soosai\u00a0Raj, A.G., Chatterjee, R.: How secure are our computer systems courses? In: Proceedings of the Conference on International Computing Education Research, pp. 271\u2013281. ACM (2020)","DOI":"10.1145\/3372782.3406266"},{"key":"28_CR2","doi-asserted-by":"crossref","unstructured":"Elder, S., et al.: Do i really need all this work to find vulnerabilities? Empir. Softw. Eng. 27(6), 154:1\u2013154:78 (2022)","DOI":"10.1007\/s10664-022-10179-6"},{"key":"28_CR3","doi-asserted-by":"crossref","unstructured":"Johnson, B., Song, Y., Murphy-Hill, E., Bowdidge, R.: Why don\u2019t software developers use static analysis tools to find bugs? In: Proceedings of the International Conference on Software Engineering, pp. 672\u2013681. IEEE (2013)","DOI":"10.1109\/ICSE.2013.6606613"},{"key":"28_CR4","doi-asserted-by":"crossref","unstructured":"Kontio, J., Lehtola, L., Bragge, J.: Using the focus group method in software engineering: obtaining practitioner and user experiences. In: Proceedings of the International Symposium on Empirical Software Engineering, pp. 271\u2013280. IEEE (2004)","DOI":"10.1109\/ISESE.2004.1334914"},{"key":"28_CR5","doi-asserted-by":"crossref","unstructured":"Lam, J., Fang, E., Almansoori, M., Chatterjee, R., Soosai\u00a0Raj, A.G.: Identifying gaps in the secure programming knowledge and skills of students. In: Proceedings of the Technical Symposium on Computer Science Education, pp. 703\u2013709. ACM (2022)","DOI":"10.1145\/3478431.3499391"},{"issue":"2","key":"28_CR6","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MSECP.2004.1281254","volume":"2","author":"G McGraw","year":"2004","unstructured":"McGraw, G.: Software security. IEEE Secur. Priv. 2(2), 80\u201383 (2004)","journal-title":"IEEE Secur. Priv."},{"key":"28_CR7","unstructured":"Muncaster, P.: Global security skills shortage falls to 2.7 million workers (2021)"},{"key":"28_CR8","doi-asserted-by":"publisher","unstructured":"Nocera, S., Romano, S., Francese, R., Burlon, R., Scanniello, G.: Managing vulnerabilities in software projects: the case of NTT data. In: 2023 49th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), pp. 247\u2013253 (2023). https:\/\/doi.org\/10.1109\/SEAA60479.2023.00046","DOI":"10.1109\/SEAA60479.2023.00046"},{"key":"28_CR9","doi-asserted-by":"publisher","unstructured":"Nocera, S., Romano, S., Francese, R., Scanniello, G.: Training for security: planning the use of a sat in the development pipeline of web apps. In: 2023 IEEE\/ACM 45th International Conference on Software Engineering: Software Engineering Education and Training (ICSE-SEET), pp. 40\u201345 (2023). https:\/\/doi.org\/10.1109\/ICSE-SEET58685.2023.00010","DOI":"10.1109\/ICSE-SEET58685.2023.00010"},{"key":"28_CR10","doi-asserted-by":"publisher","unstructured":"Nocera, S., Romano, S., Francese, R., Scanniello, G.: Training for security: results from using a static analysis tool in the development pipeline of web apps. In: Proceedings of the 46th International Conference on Software Engineering: Software Engineering Education and Training, pp. 253\u2013263. ICSE-SEET \u201924, Association for Computing Machinery, New York, NY, USA (2024). https:\/\/doi.org\/10.1145\/3639474.3640073","DOI":"10.1145\/3639474.3640073"},{"key":"28_CR11","unstructured":"OWASP: Owasp top ten (2022)"},{"key":"28_CR12","doi-asserted-by":"crossref","unstructured":"Tabassum, M., Watson, S., Chu, B., Lipford, H.R.: Evaluating two methods for integrating secure programming education. In: Proceedings of the Technical Symposium on Computer Science Education, pp. 390\u2013395. ACM (2018)","DOI":"10.1145\/3159450.3159511"},{"key":"28_CR13","doi-asserted-by":"crossref","unstructured":"Taeb, M., Chi, H.: A personalized learning framework for software vulnerability detection and education. In: Proceedings of the International Symposium on Computer Science and Intelligent Controls, pp. 119\u2013126. IEEE (2021)","DOI":"10.1109\/ISCSIC54682.2021.00032"},{"key":"28_CR14","unstructured":"White, G., Nordstrom, G.: Security across the curriculum: using computer security to teach computer science principles. In: Proceedings of the National Information Systems Security Conference, pp. 483\u2013488 (1996)"},{"key":"28_CR15","volume":"185","author":"T Yilmaz","year":"2022","unstructured":"Yilmaz, T., Ulusoy, \u00d6.: Understanding security vulnerabilities in student code: a case study in a non-security course. JJSS 185, 111150 (2022)","journal-title":"JJSS"},{"key":"28_CR16","doi-asserted-by":"crossref","unstructured":"Zhu, J., Lipford, H.R., Chu, B.: Interactive support for secure programming education. In: Proceedings of the Technical Symposium on Computer Science Education, pp. 687\u2013692. ACM (2013)","DOI":"10.1145\/2445196.2445396"}],"container-title":["Communications in Computer and Information Science","Quality of Information and Communications Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-70245-7_28","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,10]],"date-time":"2024-09-10T20:21:31Z","timestamp":1725999691000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-70245-7_28"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031702440","9783031702457"],"references-count":16,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-70245-7_28","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"11 September 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"QUATIC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Quality of Information and Communications Technology","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Pisa","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"quatic2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2024.quatic.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}