{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T23:21:49Z","timestamp":1773789709132,"version":"3.50.1"},"publisher-location":"Cham","reference-count":36,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031725777","type":"print"},{"value":"9783031725784","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,10,19]],"date-time":"2024-10-19T00:00:00Z","timestamp":1729296000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,10,19]],"date-time":"2024-10-19T00:00:00Z","timestamp":1729296000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-72578-4_5","type":"book-chapter","created":{"date-parts":[[2024,10,18]],"date-time":"2024-10-18T16:02:30Z","timestamp":1729267350000},"page":"83-103","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Towards a\u00a0Taxonomy of\u00a0Infrastructure as\u00a0Code Misconfigurations: An Ansible Study"],"prefix":"10.1007","author":[{"given":"Roya","family":"Nasiri","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4355-0494","authenticated-orcid":false,"given":"Indika","family":"Kumara","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Damian Andrew","family":"Tamburri","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Willem-Jan","family":"van den Heuvel","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,10,19]]},"reference":[{"key":"5_CR1","doi-asserted-by":"publisher","unstructured":"Al-Kahla, W., Shatnawi, A.S., Taqieddin, E.: A taxonomy of web security vulnerabilities. In: 2021 12th International Conference on Information and Communication Systems (ICICS), pp. 424\u2013429 (2021). https:\/\/doi.org\/10.1109\/ICICS52457.2021.9464576","DOI":"10.1109\/ICICS52457.2021.9464576"},{"issue":"12","key":"5_CR2","doi-asserted-by":"publisher","first-page":"1170","DOI":"10.1109\/TSE.2018.2827384","volume":"45","author":"S Amann","year":"2019","unstructured":"Amann, S., Nguyen, H.A., Nadi, S., Nguyen, T.N., Mezini, M.: A systematic evaluation of static API-misuse detectors. IEEE Trans. Software Eng. 45(12), 1170\u20131188 (2019). https:\/\/doi.org\/10.1109\/TSE.2018.2827384","journal-title":"IEEE Trans. Software Eng."},{"key":"5_CR3","unstructured":"Billington, M.: The top 100 ansible modules (2019). https:\/\/mike42.me\/blog\/2019-01-the-top-100-ansible-modules. Accessed Mar 2023"},{"key":"5_CR4","doi-asserted-by":"publisher","unstructured":"Borovits, N., et al.: FindICI: using machine learning to detect linguistic inconsistencies between code and natural language descriptions in infrastructure-as-code. Empir. Softw. Eng. 27(7), 178 (2022). https:\/\/doi.org\/10.1007\/s10664-022-10215-5","DOI":"10.1007\/s10664-022-10215-5"},{"key":"5_CR5","unstructured":"Braun, V., Clarke, V.: Thematic Analysis. American Psychological Association, Worcester (2012)"},{"key":"5_CR6","doi-asserted-by":"crossref","unstructured":"Chiari, M., De\u00a0Pascalis, M., Pradella, M.: Static analysis of infrastructure as code: a survey. In: 2022 IEEE 19th International Conference on Software Architecture Companion (ICSA-C), pp. 218\u2013225. IEEE (2022)","DOI":"10.1109\/ICSA-C54293.2022.00049"},{"issue":"6","key":"5_CR7","doi-asserted-by":"publisher","first-page":"2086","DOI":"10.1109\/TSE.2021.3051492","volume":"48","author":"S Dalla Palma","year":"2021","unstructured":"Dalla Palma, S., Di Nucci, D., Palomba, F., Tamburri, D.A.: Within-project defect prediction of infrastructure-as-code using product and process metrics. IEEE Trans. Software Eng. 48(6), 2086\u20132104 (2021)","journal-title":"IEEE Trans. Software Eng."},{"key":"5_CR8","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2020.110726","volume":"170","author":"S Dalla Palma","year":"2020","unstructured":"Dalla Palma, S., Di Nucci, D., Palomba, F., Tamburri, D.A.: Toward a catalog of software quality metrics for infrastructure code. J. Syst. Softw. 170, 110726 (2020)","journal-title":"J. Syst. Softw."},{"key":"5_CR9","doi-asserted-by":"publisher","unstructured":"Di\u00a0Nitto, E., Gorro\u00f1ogoitia\u00a0Cruz, J., Kumara, I., Radolovi\u0107, D., Tokmakov, K., Vasileiou, Z. (eds.): Deployment and Operation of Complex Software in Heterogeneous Execution Environments. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-04961-3","DOI":"10.1007\/978-3-031-04961-3"},{"key":"5_CR10","unstructured":"HashiCorp: Provision an EKS cluster (AWS) (2024). https:\/\/developer.hashicorp.com\/terraform\/tutorials \/kubernetes\/eks. Accessed Mar 2024"},{"key":"5_CR11","doi-asserted-by":"publisher","unstructured":"Humbatova, N., Jahangirova, G., Bavota, G., Riccio, V., Stocco, A., Tonella, P.: Taxonomy of real faults in deep learning systems. In: Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering, pp. 1110\u20131121. Association for Computing Machinery (2020). https:\/\/doi.org\/10.1145\/3377811.3380395","DOI":"10.1145\/3377811.3380395"},{"key":"5_CR12","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2021.106593","volume":"137","author":"I Kumara","year":"2021","unstructured":"Kumara, I., et al.: The do\u2019s and don\u2019ts of infrastructure code: a systematic gray literature review. Inf. Softw. Technol. 137, 106593 (2021). https:\/\/doi.org\/10.1016\/j.infsof.2021.106593","journal-title":"Inf. Softw. Technol."},{"key":"5_CR13","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1007\/978-3-030-71906-7_16","volume-title":"Advances in Service-Oriented and Cloud Computing","author":"I Kumara","year":"2021","unstructured":"Kumara, I., Quattrocchi, G., Tamburri, D., Van Den Heuvel, W.-J.: Quality assurance of heterogeneous applications: the SODALITE approach. In: Zirpins, C., et al. (eds.) ESOCC 2020. CCIS, vol. 1360, pp. 173\u2013178. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-71906-7_16"},{"key":"5_CR14","doi-asserted-by":"publisher","unstructured":"Li, W., Li, S., Liao, X., Xu, X., Zhou, S., Jia, Z.: ConfTest: generating comprehensive misconfiguration for system reaction ability evaluation. In: Proceedings of the 21st International Conference on Evaluation and Assessment in Software Engineering, pp. 88\u201397 (2017). https:\/\/doi.org\/10.1145\/3084226.3084244","DOI":"10.1145\/3084226.3084244"},{"key":"5_CR15","volume-title":"Infrastructure as Code","author":"K Morris","year":"2020","unstructured":"Morris, K.: Infrastructure as Code, 2nd edn. O\u2019Reilly Media Inc., Sebastopol (2020)","edition":"2"},{"key":"5_CR16","unstructured":"Moustakis, I.: Ansible modules - how to use them efficiently (2022). https:\/\/spacelift.io\/blog\/ansible-modules. Accessed Mar 2023"},{"key":"5_CR17","unstructured":"National Institute of Standards and Technology (NIST): The NIST Definition of Cloud Computing. Special Publication 800-172, National Institute of Standards and Technology (2011)"},{"key":"5_CR18","doi-asserted-by":"publisher","unstructured":"Opdebeeck, R., Zerouali, A., De\u00a0Roover, C.: Smelly variables in ansible infrastructure code: detection, prevalence, and lifetime. In: Proceedings of the 19th International Conference on Mining Software Repositories, MSR 2022, pp. 61\u201372. Association for Computing Machinery, New York (2022). https:\/\/doi.org\/10.1145\/3524842.3527964","DOI":"10.1145\/3524842.3527964"},{"key":"5_CR19","doi-asserted-by":"publisher","unstructured":"Opdebeeck, R., Zerouali, A., Vel\u00e1zquez-Rodr\u00edguez, C., Roover, C.D.: Does infrastructure as code adhere to semantic versioning? An analysis of ansible role evolution. In: 2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM), pp. 238\u2013248 (2020). https:\/\/doi.org\/10.1109\/SCAM51674.2020.00032","DOI":"10.1109\/SCAM51674.2020.00032"},{"key":"5_CR20","doi-asserted-by":"crossref","unstructured":"Pandita, R., Nguyen, T.N., McMillan, C.: Inferring method specifications from natural language API descriptions. In: 2012 34th International Conference on Software Engineering (ICSE) (2012)","DOI":"10.1109\/ICSE.2012.6227137"},{"key":"5_CR21","doi-asserted-by":"crossref","unstructured":"Rabkin, A., Katz, R.: Static extraction of program configuration options. In: Proceedings of the 33rd International Conference on Software Engineering, pp. 131\u2013140 (2011)","DOI":"10.1145\/1985793.1985812"},{"key":"5_CR22","doi-asserted-by":"publisher","unstructured":"Rahman, A., Farhana, E., Parnin, C., Williams, L.: Gang of eight: a defect taxonomy for infrastructure as code scripts, pp. 752\u2013764 (2020). https:\/\/doi.org\/10.1145\/3377811.3380409","DOI":"10.1145\/3377811.3380409"},{"key":"5_CR23","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1016\/j.infsof.2018.12.004","volume":"108","author":"A Rahman","year":"2019","unstructured":"Rahman, A., Mahdavi-Hezaveh, R., Williams, L.: A systematic mapping study of infrastructure as code research. Inf. Softw. Technol. 108, 65\u201377 (2019)","journal-title":"Inf. Softw. Technol."},{"key":"5_CR24","doi-asserted-by":"publisher","unstructured":"Rahman, A., Parnin, C., Williams, L.: The seven sins: security smells in infrastructure as code scripts. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE), pp. 164\u2013175 (2019). https:\/\/doi.org\/10.1109\/ICSE.2019.00033","DOI":"10.1109\/ICSE.2019.00033"},{"key":"5_CR25","doi-asserted-by":"publisher","unstructured":"Rahman, A., Rahman, M.R., Parnin, C., Williams, L.: Security smells in ansible and chef scripts: a replication study. ACM Trans. Softw. Eng. Methodol. 30(1) (2021). https:\/\/doi.org\/10.1145\/3408897","DOI":"10.1145\/3408897"},{"key":"5_CR26","doi-asserted-by":"publisher","unstructured":"Rahman, A., Shamim, S.I., Bose, D.B., Pandita, R.: Security misconfigurations in open source kubernetes manifests: an empirical study. ACM Trans. Softw. Eng. Methodol. 32(4) (2023). https:\/\/doi.org\/10.1145\/3579639","DOI":"10.1145\/3579639"},{"key":"5_CR27","doi-asserted-by":"publisher","first-page":"148","DOI":"10.1016\/j.infsof.2019.04.013","volume":"112","author":"A Rahman","year":"2019","unstructured":"Rahman, A., Williams, L.: Source code properties of defective infrastructure as code scripts. Inf. Softw. Technol. 112, 148\u2013163 (2019). https:\/\/doi.org\/10.1016\/j.infsof.2019.04.013","journal-title":"Inf. Softw. Technol."},{"key":"5_CR28","unstructured":"Reddy, S.S.: How to install tomcat using ansible playbook? (2023). https:\/\/www.geeksforgeeks.org\/how-to-install-tomcat-using-ansible-playbook\/. Accessed Mar 2024"},{"key":"5_CR29","doi-asserted-by":"publisher","unstructured":"Saavedra, N., Ferreira, J.a.F.: GLITCH: automated polyglot security smell detection in infrastructure as code. In: Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineering, ASE 2022. Association for Computing Machinery, New York (2023). https:\/\/doi.org\/10.1145\/3551349.3556945","DOI":"10.1145\/3551349.3556945"},{"key":"5_CR30","doi-asserted-by":"crossref","unstructured":"Saied, M.A., Sahraoui, H., Dufour, B.: An observational study on API usage constraints and their documentation. In: 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER) (2015)","DOI":"10.1109\/SANER.2015.7081813"},{"key":"5_CR31","doi-asserted-by":"publisher","unstructured":"Schwarz, J., Steffens, A., Lichter, H.: Code smells in infrastructure as code. In: 2018 11th International Conference on the Quality of Information and Communications Technology (QUATIC), pp. 220\u2013228 (2018). https:\/\/doi.org\/10.1109\/QUATIC.2018.00040","DOI":"10.1109\/QUATIC.2018.00040"},{"key":"5_CR32","doi-asserted-by":"publisher","unstructured":"Sharma, T., Fragkoulis, M., Spinellis, D.: Does your configuration code smell? In: Proceedings of the 13th International Conference on Mining Software Repositories, MSR 2016, pp. 189\u2013200. Association for Computing Machinery, New York (2016). https:\/\/doi.org\/10.1145\/2901739.2901761","DOI":"10.1145\/2901739.2901761"},{"key":"5_CR33","unstructured":"Unit42: Unit 42 cloud threat report (2021). https:\/\/start.paloaltonetworks.com\/unit-42-cloud-threat-report. Accessed Mar 2024"},{"key":"5_CR34","unstructured":"Xiang, C., Liu, Z., Chen, X., Xu, T., Huang, G., Liu, Y.: PracExtractor: extracting configuration good practices from manuals to detect server misconfigurations. In: 2020 USENIX Annual Technical Conference (USENIX ATC 2020) (2020)"},{"key":"5_CR35","doi-asserted-by":"publisher","unstructured":"Xu, T., et al.: Do not blame users for misconfigurations. In: Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles, SOSP 2013, pp. 244\u2013259. Association for Computing Machinery, New York (2013). https:\/\/doi.org\/10.1145\/2517349.2522727","DOI":"10.1145\/2517349.2522727"},{"key":"5_CR36","doi-asserted-by":"publisher","unstructured":"Yin, Z., Ma, X., Zheng, J., Zhou, Y., Bairavasundaram, L., Pasupathy, S.: An empirical study on configuration errors in commercial and open source systems, pp. 159\u2013172 (2011). https:\/\/doi.org\/10.1145\/2043556.2043572","DOI":"10.1145\/2043556.2043572"}],"container-title":["Communications in Computer and Information Science","Service-Oriented Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-72578-4_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,18]],"date-time":"2024-10-18T16:03:48Z","timestamp":1729267428000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-72578-4_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,19]]},"ISBN":["9783031725777","9783031725784"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-72578-4_5","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,10,19]]},"assertion":[{"value":"19 October 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SummerSOC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Symposium and Summer School on Service-Oriented Computing","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Crete","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Greece","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 June 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 June 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"summersoc2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.summersoc.eu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}