{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T21:02:42Z","timestamp":1776286962902,"version":"3.50.1"},"reference-count":60,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2024,10,5]],"date-time":"2024-10-05T00:00:00Z","timestamp":1728086400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,10,5]],"date-time":"2024-10-05T00:00:00Z","timestamp":1728086400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100008793","name":"Universidad del Rosario","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100008793","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2024,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Recently, the DevSecOps practice has improved companies\u2019 agile production of secure software, reducing problems and improving return on investment. However, overreliance on security tools and traditional security techniques can facilitate the implementation of vulnerabilities in different stages of the software lifecycle.. Thus, this paper proposes the integration of a Large Language Model to help automate threat discovery at the design stage and Security Chaos Engineering to support the identification of security flaws that may be undetected by security tools. A \u00a0specific use case is described to demonstrate how our proposal can be applied to a retail company that has the business need to produce rapidly secure software.<\/jats:p>","DOI":"10.1007\/s10207-024-00909-w","type":"journal-article","created":{"date-parts":[[2024,10,5]],"date-time":"2024-10-05T09:01:43Z","timestamp":1728118903000},"page":"3765-3788","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":19,"title":["Enhancing DevSecOps practice with Large Language Models and Security Chaos Engineering"],"prefix":"10.1007","volume":"23","author":[{"given":"Martin","family":"Bedoya","sequence":"first","affiliation":[]},{"given":"Sara","family":"Palacios","sequence":"additional","affiliation":[]},{"given":"Daniel","family":"D\u00edaz-L\u00f3pez","sequence":"additional","affiliation":[]},{"given":"Estefania","family":"Laverde","sequence":"additional","affiliation":[]},{"given":"Pantaleone","family":"Nespoli","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,10,5]]},"reference":[{"key":"909_CR1","doi-asserted-by":"crossref","unstructured":"Paquet-Clouston, M., Garc\u00eda, S.: \u201cOn the motivations and challenges of affiliates involved in cybercrime.\u201d Trends in Organized Crime, Dec (2022)","DOI":"10.1007\/s12117-022-09474-x"},{"issue":"1","key":"909_CR2","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1016\/j.ejor.2019.09.017","volume":"282","author":"J Simon","year":"2020","unstructured":"Simon, J., Omar, A.: Cybersecurity investments in the supply chain: coordination and a strategic attacker. Eur. J. Oper. Res. 282(1), 161\u2013171 (2020)","journal-title":"Eur. J. Oper. Res."},{"key":"909_CR3","doi-asserted-by":"crossref","unstructured":"Alkhadra, R., Abuzaid, J., AlShammari, M., Mohammad, N.: \u201cSolar winds hack: In-depth analysis and countermeasures.\u201d In: 2021 12th international conference on computing communication and networking technologies (ICCCNT), (2021), pp. 1\u20137","DOI":"10.1109\/ICCCNT51525.2021.9579611"},{"key":"909_CR4","doi-asserted-by":"crossref","unstructured":"Almogahed, A., Omar, M., Zakaria, N.H., Alawadhi, A.: \u201cSoftware security measurements: A survey.\u201d In: 2022 international conference on intelligent technology, system and service for internet of everything (ITSS-IoE), (2022), pp. 1\u20136","DOI":"10.1109\/ITSS-IoE56359.2022.9990968"},{"issue":"1","key":"909_CR5","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1080\/23738871.2020.1728355","volume":"5","author":"D Geer","year":"2020","unstructured":"Geer, D., Jardine, E., Leverett, E.: On market concentration and cybersecurity risk. J. Cyber Policy 5(1), 9\u201329 (2020)","journal-title":"J. Cyber Policy"},{"key":"909_CR6","doi-asserted-by":"publisher","first-page":"8858010","DOI":"10.1155\/2020\/8858010","volume":"2020","author":"Z Shen","year":"2020","unstructured":"Shen, Z., Chen, S.: A survey of automatic software vulnerability detection, program repair, and defect prediction techniques. Secur. Commun. Netw. 2020, 8858010 (2020)","journal-title":"Secur. Commun. Netw."},{"key":"909_CR7","unstructured":"EC-Council, \u201cWhat is Cyber Threat Modeling?, Importance of Threat Modeling\u201d (2024), last time accessed: 2024-07-05. [Online]. Available: https:\/\/www.eccouncil.org\/threat-modeling\/"},{"key":"909_CR8","unstructured":"Kamal, A.H.A., Yen, C.C.Y., Hui, G.J., Ling, P.S., tuz Zahra, F.: \u201cRisk assessment, threat modeling and security testing in sdlc,\u201d 2020. [Online]. Available: arXiv:2012.07226v1"},{"issue":"3","key":"909_CR9","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1109\/MS.2016.60","volume":"33","author":"A Basiri","year":"2016","unstructured":"Basiri, A., Behnam, N., de Rooij, R., Hochstein, L., Kosewski, L., Reynolds, J., Rosenthal, C.: Chaos engineering. IEEE Softw. 33(3), 35\u201341 (2016)","journal-title":"IEEE Softw."},{"key":"909_CR10","doi-asserted-by":"crossref","unstructured":"Ramaj, X., Colomo-Palacios, R., S\u00e1nchez-Gord\u00f3n, M., Gkioulos, V.: Towards a DevSecOps-Enabled Framework for Risk Management of Critical Infrastructures. In: Yilmaz, M., Clarke, P., Riel, A., Messnarz, R. (eds.) Systems, Software and Services Process Improvement, pp. 47\u201358. Springer Nature Switzerland, Cham (2023)","DOI":"10.1007\/978-3-031-42307-9_4"},{"key":"909_CR11","volume-title":"Security chaos engineering: sustaining resilience in software and systems","author":"K Shortridge","year":"2023","unstructured":"Shortridge, K., Rinehart, A.: Security chaos engineering: sustaining resilience in software and systems. O\u2019Reilly Media, Sebastopol (2023)"},{"key":"909_CR12","doi-asserted-by":"crossref","unstructured":"Bedoya, M., Palacios, S., D\u00edaz-L\u00f3pez, D., Nespoli, P., Laverde, E., Su\u00e1rez, S.: \u201cSecuring Cloud-Based Military Systems with Security Chaos Engineering and Artificial Intelligence.\u201d In: Proceedings of the 18th international conference on availability, reliability and security, ser. ARES \u201923. New York, NY, USA: Association for Computing Machinery (2023)","DOI":"10.1145\/3600160.3605076"},{"key":"909_CR13","unstructured":"Rinehart, A., Shortridge, K.: \u201cSecurity Chaos Engineering Gaining Confidence in Resilience and Safety at Speed and Scale,\u201d Tech. Rep. (2021)"},{"key":"909_CR14","doi-asserted-by":"crossref","unstructured":"Koc, U., Saadatpanah, P., Foster, J.S., Porter, A.A.: \u201cLearning a classifier for false positive error reports emitted by static code analysis tools.\u201d In: Proceedings of the 1st ACM SIGPLAN international workshop on Machine learning and programming languages, ser. MAPL 2017. New York, NY, USA: Association for Computing Machinery, p. 35-42 (2017)","DOI":"10.1145\/3088525.3088675"},{"key":"909_CR15","doi-asserted-by":"crossref","unstructured":"Cankar, M., Petrovic, N., Pita\u00a0Costa, J., Cernivec, A., Antic, J., Martincic, T., Stepec, D.: \u201cSecurity in DevSecOps: Applying Tools and Machine Learning to Verification and Monitoring Steps.\u201d In: Companion of the 2023 ACM\/SPEC international conference on performance engineering, ser. ICPE \u201923 Companion. New York, NY, USA: Association for Computing Machinery, p. 201-205 (2023)","DOI":"10.1145\/3578245.3584943"},{"issue":"6","key":"909_CR16","doi-asserted-by":"publisher","first-page":"3421","DOI":"10.1007\/s10586-023-04124-5","volume":"26","author":"M Al-Hawawreh","year":"2023","unstructured":"Al-Hawawreh, M., Aljuhani, A., Jararweh, Y.: ChatGPT for cybersecurity: practical applications, challenges, and future directions. Clust. Comput. 26(6), 3421\u20133436 (2023)","journal-title":"Clust. Comput."},{"key":"909_CR17","doi-asserted-by":"crossref","unstructured":"Nguyen-Duc, A., Cabrero-Daniel, B., Przybylek, A., Arora, C., Khanna, D., Herda, T., Rafiq, U., Melegati, J., Guerra, E., Kemell, K.-K., Saari, M., Zhang, Z., Le, H., Quan, T., Abrahamsson, P.: \u201cGenerative artificial intelligence for software engineering \u2013 a research agenda\u201d (2023)","DOI":"10.2139\/ssrn.4622517"},{"key":"909_CR18","doi-asserted-by":"publisher","first-page":"80 218","DOI":"10.1109\/ACCESS.2023.3300381","volume":"11","author":"M Gupta","year":"2023","unstructured":"Gupta, M., Akiri, C., Aryal, K., Parker, E., Praharaj, L.: From ChatGPT to ThreatGPT: impact of generative AI in cybersecurity and privacy. IEEE Access 11, 80 218-80 245 (2023)","journal-title":"IEEE Access"},{"issue":"10","key":"909_CR19","doi-asserted-by":"publisher","first-page":"326","DOI":"10.3390\/fi15100326","volume":"15","author":"Z Szab\u00f3","year":"2023","unstructured":"Szab\u00f3, Z., Bilicki, V.: A new approach to web application security: utilizing GPT language models for source code inspection. Future Int. 15(10), 326 (2023)","journal-title":"Future Int."},{"key":"909_CR20","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1007\/978-3-031-34671-2_23","volume-title":"Cyber security, cryptology, and machine learning","author":"M Nair","year":"2023","unstructured":"Nair, M., Sadhukhan, R., Mukhopadhyay, D.: How hardened is your hardware? Guiding ChatGPT to generate secure hardware resistant to CWEs. In: Dolev, S., Gudes, E., Paillier, P. (eds.) Cyber security, cryptology, and machine learning, pp. 320\u2013336. Springer, Cham (2023)"},{"key":"909_CR21","doi-asserted-by":"publisher","first-page":"103424","DOI":"10.1016\/j.cose.2023.103424","volume":"134","author":"T McIntosh","year":"2023","unstructured":"McIntosh, T., Liu, T., Susnjak, T., Alavizadeh, H., Ng, A., Nowrozy, R., Watters, P.: Harnessing GPT-4 for generation of cybersecurity GRC policies: a focus on ransomware attack mitigation. Comput. Secur. 134, 103424 (2023)","journal-title":"Comput. Secur."},{"key":"909_CR22","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1007\/978-981-99-7969-1_18","volume-title":"Data science and artificial intelligence","author":"O Gadyatskaya","year":"2023","unstructured":"Gadyatskaya, O., Papuc, D.: ChatGPT knows your attacks: synthesizing attack trees using LLMs. In: Anutariya, C., Bonsangue, M.M. (eds.) Data science and artificial intelligence, pp. 245\u2013260. Springer, Singapore (2023)"},{"issue":"4","key":"909_CR23","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3331524","volume":"52","author":"W Wide\u0142","year":"2019","unstructured":"Wide\u0142, W., Audinot, M., Fila, B., Pinchinat, S.: Beyond 2014: formal methods for attack tree-based security modeling. ACM Comput. Surv. 52(4), 1\u201336 (2019)","journal-title":"ACM Comput. Surv."},{"key":"909_CR24","unstructured":"Optum: \u201cChaoslingr: Introducing security into chaos testing,\u201d https:\/\/github.com\/Optum\/ChaoSlingr (April 2019), last time accessed: 2024-04-25"},{"key":"909_CR25","doi-asserted-by":"crossref","unstructured":"Konstantinou, C., Stergiopoulos, G., Parvania, M., Esteves-Verissimo, P.: \u201cChaos Engineering for Enhanced Resilience of Cyber-Physical Systems.\u201d In: 2021 resilience week (RWS), pp. 1\u201310 (2021)","DOI":"10.1109\/RWS52686.2021.9611797"},{"issue":"3","key":"909_CR26","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1016\/0098-1354(93)80018-I","volume":"17","author":"J Downs","year":"1993","unstructured":"Downs, J., Vogel, E.: A plant-wide industrial process control problem. Comput. Chem. Eng. 17(3), 245\u2013255 (1993)","journal-title":"Comput. Chem. Eng."},{"key":"909_CR27","doi-asserted-by":"publisher","first-page":"123 044","DOI":"10.1109\/ACCESS.2020.3007338","volume":"8","author":"KA Torkura","year":"2020","unstructured":"Torkura, K.A., Sukmana, M.I., Cheng, F., Meinel, C.: CloudStrike: chaos engineering for security and resiliency in cloud infrastructure. IEEE Access 8, 123 044-123 060 (2020)","journal-title":"IEEE Access"},{"key":"909_CR28","doi-asserted-by":"publisher","first-page":"102124","DOI":"10.1016\/j.cose.2020.102124","volume":"102","author":"KA Torkura","year":"2021","unstructured":"Torkura, K.A., Sukmana, M., Cheng, F., Meinel, C.: Continuous auditing and threat detection in multi-cloud infrastructure. Comput. Secur. 102, 102124 (2021)","journal-title":"Comput. Secur."},{"key":"909_CR29","doi-asserted-by":"crossref","unstructured":"Sharieh, S., Ferworn, A.: \u201cSecuring APIs and Chaos Engineering.\u201d In: 2021 IEEE conference on communications and network security (CNS), pp. 290\u2013294 (2021)","DOI":"10.1109\/CNS53000.2021.9705049"},{"key":"909_CR30","doi-asserted-by":"crossref","unstructured":"Bailey, T., Marchione, P., Swartz, P., Salih, R., Clark, M., Denz, R.: \u201cMeasuring resiliency of system of systems using chaos engineering experiments.\u201d In: 2022 SPIE 12117, disruptive technologies in information sciences VI, vol. 1211704, p.\u00a026 (2022)","DOI":"10.1117\/12.2632779"},{"key":"909_CR31","doi-asserted-by":"crossref","unstructured":"Shortridge, K.: \u201cFrom Lemons to Peaches: Improving Security ROI through Security Chaos Engineering.\u201d In: 2022 IEEE secure development conference (SecDev), pp. 59\u201360 (2022)","DOI":"10.1109\/SecDev53368.2022.00021"},{"issue":"1","key":"909_CR32","doi-asserted-by":"crossref","first-page":"1","DOI":"10.3390\/bdcc7010001","volume":"7","author":"S Palacios Chavarro","year":"2023","unstructured":"Palacios Chavarro, S., Nespoli, P., D\u00edaz-L\u00f3pez, D., Ni\u00f1o Roa, Y.: On the way to automatic exploitation of vulnerabilities and validation of systems security through security chaos Engineering. Big Data Cognit. Comput. 7(1), 1 (2023)","journal-title":"Big Data Cognit. Comput."},{"issue":"3","key":"909_CR33","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1109\/MSEC.2024.3380511","volume":"22","author":"J Pastor-Galindo","year":"2024","unstructured":"Pastor-Galindo, J., Nespoli, P., Ruip\u00e9rez-Valiente, J.A.: Large-language-model-powered agent-based framework for misinformation and disinformation research: opportunities and open challenges. IEEE Secur. Privacy 22(3), 24\u201336 (2024)","journal-title":"IEEE Secur. Privacy"},{"key":"909_CR34","unstructured":"Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A.N., Kaiser, L.u., Polosukhin, I.: \u201cAttention is all you need,\u201d in Advances in Neural Information Processing Systems. In: Guyon, I., Luxburg, U.V., Bengio, S., Wallach, H., Fergus, R., Vishwanathan, S., Garnett, R. Eds., vol.\u00a030. Curran Associates, Inc. (2017)"},{"issue":"8","key":"909_CR35","doi-asserted-by":"publisher","first-page":"462","DOI":"10.3390\/info14080462","volume":"14","author":"M Alawida","year":"2023","unstructured":"Alawida, M., Mejri, S., Mehmood, A., Chikhaoui, B., Isaac Abiodun, O.: A comprehensive study of chatgpt: advancements, limitations, and ethical considerations in natural language processing and cybersecurity. Information 14(8), 462 (2023)","journal-title":"Information"},{"issue":"2","key":"909_CR36","doi-asserted-by":"publisher","first-page":"1361","DOI":"10.1109\/COMST.2017.2781126","volume":"20","author":"P Nespoli","year":"2018","unstructured":"Nespoli, P., Papamartzivanos, D., Marmol, F.G., Kambourakis, G.: Optimal countermeasures selection against cyber attacks: a comprehensive survey on reaction frameworks. IEEE Commun. Surv. Tutor. 20(2), 1361\u20131396 (2018)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"909_CR37","doi-asserted-by":"crossref","unstructured":"Cheung, S., Lindqvist, U., Fong, M.: \u201cModeling multistep cyber attacks for scenario recognition.\u201d In: Proceedings DARPA information survivability conference and exposition, vol.\u00a01, pp. 284\u2013292 vol.1 (2003)","DOI":"10.1109\/DISCEX.2003.1194892"},{"key":"909_CR38","unstructured":"Haque, M.S.: \u201cAn evolutionary approach of attack graphs and attack trees: A survey of attack modeling\u201d (09 2017)"},{"key":"909_CR39","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cosrev.2014.07.001","volume":"13\u201314","author":"B Kordy","year":"2014","unstructured":"Kordy, B., Pi\u00e8tre-Cambac\u00e9d\u00e8s, L., Schweitzer, P.: Dag-based attack and defense modeling: don\u2019t miss the forest for the attack trees. Comput. Sci. Rev. 13\u201314, 1\u201338 (2014)","journal-title":"Comput. Sci. Rev."},{"key":"909_CR40","first-page":"04","volume":"23","author":"V Saini","year":"2008","unstructured":"Saini, V., Duan, Q., Paruchuri, V.: Threat modeling using attack trees. J. Comput. Sci. Coll. 23, 04 (2008)","journal-title":"J. Comput. Sci. Coll."},{"key":"909_CR41","doi-asserted-by":"crossref","unstructured":"Edge, K., Dalton, G., Raines, R., Mills, R.: \u201cUsing attack and protection trees to analyze threats and defenses to homeland security,\u201d pp. 1 \u2013 7 (11 2006)","DOI":"10.1109\/MILCOM.2006.302512"},{"key":"909_CR42","doi-asserted-by":"crossref","unstructured":"Bistarelli, S., Fioravanti, F., Peretti, P.: Defense trees for economic evaluation of security investments 2006, 8 (05 2006)","DOI":"10.1109\/ARES.2006.46"},{"key":"909_CR43","doi-asserted-by":"crossref","unstructured":"Fila, B., Wide\u0142, W.: \u201cExploiting attack-defense trees to find an optimal set of countermeasures.\u201d In: 2020 IEEE 33rd computer security foundations symposium (CSF), pp. 395\u2013410 (2020)","DOI":"10.1109\/CSF49147.2020.00035"},{"key":"909_CR44","doi-asserted-by":"publisher","first-page":"02","DOI":"10.1093\/logcom\/exs029","volume":"24","author":"B Kordy","year":"2014","unstructured":"Kordy, B., Mauw, S., Radomirovi\u0107, S., Schweitzer, P.: Attack-defense trees. J. Log. Comput. 24, 02 (2014)","journal-title":"J. Log. Comput."},{"key":"909_CR45","doi-asserted-by":"crossref","unstructured":"Kumar, R., Goyal, R.: On cloud security requirements, threats, vulnerabilities and countermeasures: a survey. Comput. Sci. Rev. 33, 1\u201348 (2019)","DOI":"10.1016\/j.cosrev.2019.05.002"},{"key":"909_CR46","unstructured":"\u201cOWASP Application Security Verfication Standard,\u201d (2023), last time accessed: 2024-04-25. [Online]. Available: https:\/\/owasp.org\/www-project-application-security-verification-standard\/"},{"key":"909_CR47","doi-asserted-by":"crossref","unstructured":"J\u00f8sang, A., \u00d8degaard, M., Oftedal, E.: Cybersecurity through secure software development. In: Bishop, M., Miloslavskaya, N., Theocharidou, M. (eds.) Information security education across the curriculum, pp. 53\u201363. Springer, Cham (2015)","DOI":"10.1007\/978-3-319-18500-2_5"},{"issue":"11","key":"909_CR48","doi-asserted-by":"publisher","first-page":"246","DOI":"10.3991\/ijim.v14i11.13269","volume":"14","author":"S Alsaqqa","year":"2020","unstructured":"Alsaqqa, S., Sawalha, S., Abdel-Nabi, H.: Agile software development: methodologies and trends. Int. J. Interact. Mobile Technol. (iJIM) 14(11), 246\u2013270 (2020)","journal-title":"Int. J. Interact. Mobile Technol. (iJIM)"},{"key":"909_CR49","doi-asserted-by":"crossref","unstructured":"Lallie, H.S., Debattista, K., Bal, J.: A review of attack graph and attack tree visual syntax in cyber security. Comput. Sci. Rev. 35, 100219 (2020)","DOI":"10.1016\/j.cosrev.2019.100219"},{"key":"909_CR50","unstructured":"\u201cIncorporating business logic to get the best out of DAST,\u201d (2022), last time accessed: 2024-04-25. [Online]. Available: https:\/\/www.invicti.com\/blog\/docs-and-faqs\/incorporate-business-logic-get-the-best-out-of-dast\/"},{"key":"909_CR51","unstructured":"AWS: \u201cThe anatomy of ransomware event targeting data residing in Amazon S3,\u201d https:\/\/aws.amazon.com\/es\/blogs\/security\/anatomy-of-a-ransomware-event-targeting-data-in-amazon-s3\/, (February 2023), last time accessed: 2024-04-25"},{"key":"909_CR52","unstructured":"Dahan, N.: \u201cAuditing IAM PassRole: A Problematic Privilege Escalation Permission,\u201d https:\/\/ermetic.com\/blog\/aws\/auditing-passrole-a-problematic-privilege-escalation-permission\/, (January 2021), last time accessed: 2024-04-25"},{"key":"909_CR53","unstructured":"Frichette, N.: \u201cSteal IAM Credentials and Event Data from Lambda,\u201d https:\/\/hackingthe.cloud\/aws\/exploitation\/lambda-steal-iam-credentials\/, (February 2023), last time accessed: 2024-04-25"},{"key":"909_CR54","unstructured":"Polop, C.: \u201cAws - codebuild privesc - hacktricks cloud,\u201d last time accessed: 2024-04-25. [Online]. Available: https:\/\/cloud.hacktricks.xyz\/pentesting-cloud\/aws-security\/aws-privilege-escalation\/aws-codebuild-privesc"},{"key":"909_CR55","unstructured":"Polop, C.: \u201cSQL injection,\u201d last time accessed: 2024-04-25. [Online]. Available: https:\/\/book.hacktricks.xyz\/pentesting-web\/sql-injection"},{"key":"909_CR56","unstructured":"\u201cNgrok - Secure introspectable tunnels to localhost,\u201d https:\/\/ngrok.com\/, last time accessed: 2024-04-25"},{"key":"909_CR57","unstructured":"\u201cSource Code Analyzer,\u201d (2024), last time accessed: 2024-04-25. [Online]. Available: https:\/\/www.veracode.com\/security\/source-code-security-analyzer"},{"key":"909_CR58","unstructured":"Vollmer, S., Sythoff, J.: \u201cForrester total economic impact study,\u201d last time accessed: 2024-04-25. [Online]. Available: https:\/\/www.iriusrisk.com\/forrester-tei-study"},{"key":"909_CR59","unstructured":"Radford, A., Narasimhan, K., Salimans, T., Sutskever, I., et al.: \u201cImproving language understanding by generative pre-training\u201d (2018)"},{"key":"909_CR60","unstructured":"OpenAI: \u201cOur approach to ai safety,\u201d (2023), last time accessed: 2024-06-29. [Online]. Available: https:\/\/openai.com\/index\/our-approach-to-ai-safety\/"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00909-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-024-00909-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00909-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,12]],"date-time":"2024-10-12T01:11:36Z","timestamp":1728695496000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-024-00909-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,5]]},"references-count":60,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2024,12]]}},"alternative-id":["909"],"URL":"https:\/\/doi.org\/10.1007\/s10207-024-00909-w","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,10,5]]},"assertion":[{"value":"5 October 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}