{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T00:35:51Z","timestamp":1768350951850,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":20,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642365621","type":"print"},{"value":"9783642365638","type":"electronic"}],"license":[{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-36563-8_14","type":"book-chapter","created":{"date-parts":[[2013,2,22]],"date-time":"2013-02-22T06:32:47Z","timestamp":1361514767000},"page":"197-212","source":"Crossref","is-referenced-by-count":55,"title":["An Empirical Study on the Effectiveness of Security Code Review"],"prefix":"10.1007","author":[{"given":"Anne","family":"Edmundson","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Brian","family":"Holtkamp","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Emanuel","family":"Rivera","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Matthew","family":"Finifter","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Adrian","family":"Mettler","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Wagner","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"14_CR1","unstructured":"TopSite: 10 Best Outsourcing Websites, http:\/\/www.topsite.com\/best\/outsourcing"},{"key":"14_CR2","unstructured":"OWASP Foundation: Code Review Metrics (2010), https:\/\/www.owasp.org\/index.php\/Code_Review_Metrics"},{"key":"14_CR3","doi-asserted-by":"crossref","unstructured":"Baca, D., Petersen, K., Carlsson, B., Lundberg, L.: Static code analysis to detect software security vulnerabilities\u2014does experience matter? In: International Conference on Availability, Reliability and Security, ARES 2009, pp. 804\u2013810. IEEE (2009)","DOI":"10.1109\/ARES.2009.163"},{"issue":"3","key":"14_CR4","doi-asserted-by":"publisher","first-page":"182","DOI":"10.1147\/sj.153.0182","volume":"15","author":"M.E. Fagan","year":"1976","unstructured":"Fagan, M.E.: Design and Code Inspections to Reduce Errors in Program Development. IBM Systems Journal\u00a015(3), 182\u2013211 (1976)","journal-title":"IBM Systems Journal"},{"key":"14_CR5","doi-asserted-by":"crossref","unstructured":"McCarthy, P., Porter, A., Siy, H., Votta Jr., L.G.: An Experiment to Assess Cost-Benefits of Inspection Meetings and Their Alternatives: A Pilot Study. In: Proceedings of the 3rd International Software Metrics Symposium, pp. 100\u2013111 (March 1996)","DOI":"10.1109\/METRIC.1996.492447"},{"key":"14_CR6","doi-asserted-by":"crossref","unstructured":"Biffl, S.: Analysis of the Impact of Reading Technique and Inspector Capability on Individual Inspection Performance. In: Proceedings of the Seventh Asia-Pacific Software Engineering Conference (APSEC), pp. 136\u2013145 (2000)","DOI":"10.1109\/APSEC.2000.896692"},{"key":"14_CR7","unstructured":"Hatton, L.: Predicting the Total Number of Faults Using Parallel Code Inspections (May 2005), http:\/\/www.leshatton.org\/2005\/05\/total-number-of-faults-using-parallel-code-inspections\/"},{"issue":"4","key":"14_CR8","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1109\/MS.2008.100","volume":"25","author":"L. Hatton","year":"2008","unstructured":"Hatton, L.: Testing the Value of Checklists in Code Inspections. IEEE Software\u00a025(4), 82\u201388 (2008)","journal-title":"IEEE Software"},{"key":"14_CR9","doi-asserted-by":"crossref","unstructured":"Albayrak, O., Davenport, D.: Impact of Maintainability Defects on Code Inspections. In: Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, pp. 50:1\u201350:4 (2010)","DOI":"10.1145\/1852786.1852850"},{"key":"14_CR10","doi-asserted-by":"crossref","unstructured":"Ferreira, A., Machado, R., Costa, L., Silva, J., Batista, R., Paulk, M.: An Approach to Improving Software Inspections Performance. In: 2010 IEEE International Conference on Software Maintenance (ICSM), pp. 1\u20138 (September 2010)","DOI":"10.1109\/ICSM.2010.5609700"},{"key":"14_CR11","doi-asserted-by":"crossref","unstructured":"Bau, J., Bursztein, E., Gupta, D., Mitchell, J.: State of the Art: Automated Black-Box Web Application Vulnerability Testing. In: 2010 IEEE Symposium on Security and Privacy, pp. 332\u2013345 (May 2010)","DOI":"10.1109\/SP.2010.27"},{"key":"14_CR12","doi-asserted-by":"crossref","unstructured":"Huang, Y.W., Yu, F., Hang, C., Tsai, C.H., Lee, D.T., Kuo, S.Y.: Securing Web Application Code by Static Analysis and Runtime Protection. In: Proceedings of the 13th International Conference on the World Wide Web, pp. 40\u201352 (2004)","DOI":"10.1145\/988672.988679"},{"key":"14_CR13","doi-asserted-by":"crossref","unstructured":"Kals, S., Kirda, E., Kruegel, C., Jovanovic, N.: SecuBat: A Web Vulnerability Scanner. In: Proceedings of the 15th International Conference on the World Wide Web, pp. 247\u2013256 (2006)","DOI":"10.1145\/1135777.1135817"},{"key":"14_CR14","doi-asserted-by":"crossref","unstructured":"Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities. In: IEEE Symposium on Security and Privacy, pp. 263\u2013268 (May 2006)","DOI":"10.1109\/SP.2006.29"},{"key":"14_CR15","doi-asserted-by":"crossref","unstructured":"Wassermann, G., Su, Z.: Sound and Precise Analysis of Web Applications for Injection Vulnerabilities. In: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 32\u201341 (June 2007)","DOI":"10.1145\/1250734.1250739"},{"key":"14_CR16","doi-asserted-by":"crossref","unstructured":"Lam, M.S., Martin, M., Livshits, B., Whaley, J.: Securing Web Applications With Static and Dynamic Information Flow Tracking. In: Proceedings of the 2008 ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation, pp. 3\u201312 (2008)","DOI":"10.1145\/1328408.1328410"},{"key":"14_CR17","doi-asserted-by":"crossref","unstructured":"Kieyzun, A., Guo, P., Jayaraman, K., Ernst, M.: Automatic Creation of SQL Injection and Cross-Site Scripting Attacks. In: 31st IEEE International Conference on Software Engineering, pp. 199\u2013209 (May 2009)","DOI":"10.1109\/ICSE.2009.5070521"},{"issue":"12","key":"14_CR18","doi-asserted-by":"publisher","first-page":"1278","DOI":"10.1109\/TSE.1987.232881","volume":"SE-13","author":"V. Basili","year":"1987","unstructured":"Basili, V., Selby, R.: Comparing the Effectiveness of Software Testing Strategies. IEEE Transactions on Software Engineering\u00a0SE-13(12), 1278\u20131296 (1987)","journal-title":"IEEE Transactions on Software Engineering"},{"issue":"4","key":"14_CR19","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1109\/2.488361","volume":"29","author":"C. Jones","year":"1996","unstructured":"Jones, C.: Software Defect-Removal Efficiency. IEEE Computer\u00a029(4), 94\u201395 (1996)","journal-title":"IEEE Computer"},{"key":"14_CR20","unstructured":"Finifter, M., Wagner, D.: Exploring the Relationship Between Web Application Development Tools and Security. In: Proceedings of the 2nd USENIX Conference on Web Application Development. USENIX (June 2011)"}],"container-title":["Lecture Notes in Computer Science","Engineering Secure Software and Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-36563-8_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,29]],"date-time":"2025-04-29T21:58:00Z","timestamp":1745963880000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-36563-8_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642365621","9783642365638"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-36563-8_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013]]}}}