{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,27]],"date-time":"2026-03-27T13:21:41Z","timestamp":1774617701915,"version":"3.50.1"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031783852","type":"print"},{"value":"9783031783869","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,11,27]],"date-time":"2024-11-27T00:00:00Z","timestamp":1732665600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,11,27]],"date-time":"2024-11-27T00:00:00Z","timestamp":1732665600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-78386-9_2","type":"book-chapter","created":{"date-parts":[[2024,12,1]],"date-time":"2024-12-01T16:44:43Z","timestamp":1733071483000},"page":"11-26","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["An Approach to Cognitive Root Cause Analysis of Software Vulnerabilities"],"prefix":"10.1007","author":[{"given":"Theo","family":"Hytopoulos","sequence":"first","affiliation":[]},{"given":"Marvin","family":"Chan","sequence":"additional","affiliation":[]},{"given":"Keegan","family":"Roth","sequence":"additional","affiliation":[]},{"given":"Rylan","family":"Wasson","sequence":"additional","affiliation":[]},{"given":"Fuqun","family":"Huang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,11,27]]},"reference":[{"key":"2_CR1","unstructured":"IEEE: IEEE Standard Glossary of Software Engineering Terminology. vol. lEEE Std 610.121990. The Institute of Electrical and Electronics Engineers, New York, USA (1990)"},{"key":"2_CR2","doi-asserted-by":"crossref","unstructured":"Kalinowski, M., Travassos, G.H., Card, D.N.: Towards a defect prevention based process improvement approach. In: 34th Euromicro Conference Software Engineering and Advanced Applications, pp. 199\u2013206 (2008)","DOI":"10.1109\/SEAA.2008.47"},{"key":"2_CR3","unstructured":"Huang, F., Liu, B., Huang, B.: A taxonomy system to identify human error causes for software defects. In: The 18th international conference on reliability and quality in design, pp. 44\u201349. International Society of Science and Applied Technologies (2012)"},{"key":"2_CR4","doi-asserted-by":"publisher","first-page":"1054","DOI":"10.1016\/j.cja.2017.03.005","volume":"30","author":"F Huang","year":"2017","unstructured":"Huang, F., Liu, B.: Software defect prevention based on human error theories. Chin. J. Aeronaut. 30, 1054\u20131070 (2017)","journal-title":"Chin. J. Aeronaut."},{"key":"2_CR5","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1016\/j.infsof.2018.06.011","volume":"103","author":"V Anu","year":"2018","unstructured":"Anu, V., Hu, W., et al.: Development of a human error taxonomy for software requirements: a systematic literature review. Inf. Softw. Technol. 103, 112\u2013124 (2018)","journal-title":"Inf. Softw. Technol."},{"key":"2_CR6","doi-asserted-by":"publisher","first-page":"3626","DOI":"10.1109\/ACCESS.2023.3234490","volume":"11","author":"F Huang","year":"2023","unstructured":"Huang, F., Strigini, L.: HEDF: a method for early forecasting software defects based on human error mechanisms. IEEE Access 11, 3626\u20133652 (2023)","journal-title":"IEEE Access"},{"key":"2_CR7","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1109\/TSE.2022.3140868","volume":"49","author":"E Iannone","year":"2022","unstructured":"Iannone, E., Guadagni, R., et al.: The secret life of software vulnerabilities: a large-scale empirical study. IEEE Trans. Software Eng. 49, 44\u201363 (2022)","journal-title":"IEEE Trans. Software Eng."},{"key":"2_CR8","doi-asserted-by":"crossref","unstructured":"Fonseca, J., Vieira, M.: Mapping software faults with web security vulnerabilities. In: IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN), pp. 257\u2013266. IEEE (2008)","DOI":"10.1109\/DSN.2008.4630094"},{"key":"2_CR9","doi-asserted-by":"crossref","unstructured":"Li, X., Chang, X., Board, J.A., Trivedi, K.S.: A novel approach for software vulnerability classification. In: Annual Reliability and Maintainability Symposium, pp. 1\u20137. IEEE (2017)","DOI":"10.1109\/RAM.2017.7889792"},{"key":"2_CR10","doi-asserted-by":"publisher","first-page":"997","DOI":"10.1016\/j.infsof.2012.03.004","volume":"54","author":"N Shahmehri","year":"2012","unstructured":"Shahmehri, N., Mammar, A., et al.: An advanced approach for modeling and detecting software vulnerabilities. Inf. Softw. Technol. 54, 997\u20131013 (2012)","journal-title":"Inf. Softw. Technol."},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Chernis, B., Verma, R.: Machine learning methods for software vulnerability detection. In: The Fourth ACM International Workshop on Security and Privacy Analytics, pp. 31\u201339 (2018)","DOI":"10.1145\/3180445.3180453"},{"key":"2_CR12","doi-asserted-by":"crossref","unstructured":"Johnson, B., Brun, Y., Meliou, A.: Causal testing: understanding defects\u2019 root causes. In: 42nd International Conference on Software Engineering, pp. 87\u201399. ACM, Seoul South Korea (2020)","DOI":"10.1145\/3377811.3380377"},{"key":"2_CR13","doi-asserted-by":"crossref","unstructured":"Ryan, I., Roedig, U., Stol, K.-J.: Measuring secure coding practice and culture: a finger pointing at the moon is not the moon. In: IEEE\/ACM 45th International Conference on Software Engineering (ICSE), pp. 1622\u20131634. IEEE, Melbourne, Australia (2023)","DOI":"10.1109\/ICSE48619.2023.00140"},{"key":"2_CR14","unstructured":"Piessens, F.: A taxonomy of causes of software vulnerabilities in internet software. In: Supplementary Proceedings of the 13th International Symposium on Software Reliability Engineering, pp. 47\u201352. IEEE (2002)"},{"key":"2_CR15","unstructured":"Assal, H., Chiasson, S.: Security in the software development lifecycle"},{"key":"2_CR16","doi-asserted-by":"publisher","DOI":"10.1016\/j.ress.2019.106565","volume":"191","author":"H Mohammadnazar","year":"2019","unstructured":"Mohammadnazar, H., Pulkkinen, M., Ghanbari, H.: A root cause analysis method for preventing erratic behavior in software development: PEBA. Reliab. Eng. Syst. Saf. 191, 106565 (2019)","journal-title":"Reliab. Eng. Syst. Saf."},{"key":"2_CR17","unstructured":"Weinberg, G.M.: The psychology of computer programming. VNR Nostrand Reinhold Company (1971)"},{"key":"2_CR18","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9781139062367","volume-title":"Human error","author":"J Reason","year":"1990","unstructured":"Reason, J.: Human error. Cambridge University Press, Cambridge, UK (1990)"},{"key":"2_CR19","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1109\/TSMC.1983.6313160","volume":"13","author":"J Rasmussen","year":"1983","unstructured":"Rasmussen, J.: Skills, rules, and knowledge; signals, signs, and symbols, and other distinctions in human performance models. IEEE Trans. Syst. Man Cybern. 13, 257\u2013266 (1983)","journal-title":"IEEE Trans. Syst. Man Cybern."},{"key":"2_CR20","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2024.112060","volume":"214","author":"F Huang","year":"2024","unstructured":"Huang, F., Madeira, H.: Advancing modern code review effectiveness through human error mechanisms. J. Syst. Softw. 214, 112060 (2024)","journal-title":"J. Syst. Softw."},{"key":"2_CR21","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1207\/s15516709cog2101_2","volume":"21","author":"MD Byrne","year":"1997","unstructured":"Byrne, M.D., Bovair, S.: A working memory model of a common procedural error. Cogn. Sci. 21, 31\u201361 (1997)","journal-title":"Cogn. Sci."},{"key":"2_CR22","doi-asserted-by":"crossref","unstructured":"Landis, J.R., Koch, G.G.: The measurement of observer agreement for categorical data. Biometrics 159\u2013174 (1977)","DOI":"10.2307\/2529310"},{"key":"2_CR23","doi-asserted-by":"publisher","first-page":"330","DOI":"10.1016\/j.sapharm.2012.04.004","volume":"9","author":"N Gisev","year":"2013","unstructured":"Gisev, N., Bell, J.S., Chen, T.F.: Interrater agreement and interrater reliability: key concepts, approaches, and applications. Res. Social Adm. Pharm. 9, 330\u2013338 (2013)","journal-title":"Res. Social Adm. Pharm."},{"key":"2_CR24","doi-asserted-by":"crossref","unstructured":"Bo Zhao, Y.S., Xu, W., Huang, F.: A cognitive framework for modeling coincident software faults: an experimental study. In: International Conference on Computer Safety, Reliability, and Security, pp. 41\u201354 (2023)","DOI":"10.1007\/978-3-031-40923-3_4"},{"key":"2_CR25","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1109\/MSP.2005.159","volume":"3","author":"K Tsipenyuk","year":"2005","unstructured":"Tsipenyuk, K., Chess, B., McGraw, G.: Seven pernicious kingdoms: a taxonomy of software security errors. IEEE Secur. Privacy Magaz. 3, 81\u201384 (2005)","journal-title":"IEEE Secur. Privacy Magaz."},{"key":"2_CR26","volume-title":"The discovery of grounded theory: Strategies for qualitative research","author":"BG Glaser","year":"1967","unstructured":"Glaser, B.G., Strauss, A.L.: The discovery of grounded theory: Strategies for qualitative research. Aldine, Chicago (1967)"},{"key":"2_CR27","unstructured":"Salda\u00f1a, J.: The coding manual for qualitative researchers. Sage (2012)"},{"key":"2_CR28","doi-asserted-by":"crossref","unstructured":"Fleiss, J.L., Levin, B., Paik, M.C.: Statistical methods for rates and proportions. Wiley (2003)","DOI":"10.1002\/0471445428"},{"key":"2_CR29","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1186\/s12874-016-0200-9","volume":"16","author":"A Zapf","year":"2016","unstructured":"Zapf, A., Castell, S., et al.: Measuring inter-rater reliability for nominal data \u2013 which coefficients and confidence intervals are appropriate? BMC Med. Res. Methodol. 16, 93 (2016)","journal-title":"BMC Med. Res. Methodol."},{"key":"2_CR30","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29044-2","volume-title":"Experimentation in software engineering","author":"C Wohlin","year":"2012","unstructured":"Wohlin, C., Runeson, P., H\u00f6st, M., Ohlsson, M.C., Regnell, B., Wessl\u00e9n, A.: Experimentation in software engineering. Springer, New York (2012)"}],"container-title":["Lecture Notes in Computer Science","Product-Focused Software Process Improvement"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-78386-9_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,1]],"date-time":"2024-12-01T17:02:29Z","timestamp":1733072549000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-78386-9_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,27]]},"ISBN":["9783031783852","9783031783869"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-78386-9_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11,27]]},"assertion":[{"value":"27 November 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PROFES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Product-Focused Software Process Improvement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Tartu","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Estonia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 December 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 December 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"profes2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/conf.researchr.org\/home\/profes-2024","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}