{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T10:40:08Z","timestamp":1750502408910,"version":"3.41.0"},"reference-count":43,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2025,4,8]],"date-time":"2025-04-08T00:00:00Z","timestamp":1744070400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,4,8]],"date-time":"2025-04-08T00:00:00Z","timestamp":1744070400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,6]]},"DOI":"10.1007\/s10207-025-01023-1","type":"journal-article","created":{"date-parts":[[2025,4,8]],"date-time":"2025-04-08T20:49:58Z","timestamp":1744145398000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Beyond the code: analyzing OSS developers security awareness and practices"],"prefix":"10.1007","volume":"24","author":[{"given":"Sultan S.","family":"Alqahtani","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,4,8]]},"reference":[{"key":"1023_CR1","unstructured":"Hammond, J., Santinelli, P., Billings, J.J., Ledingham, B.: The Tenth Annual Future of Open Source Survey (2016)"},{"key":"1023_CR2","unstructured":"blackduck.: 2023 Open Source Security and Risk Analysis. [Online]. Available: https:\/\/www.blackduck.com\/resources\/analyst-reports\/open-source-security-risk-analysis.html#introMenu. (2023). Accessed 01 Oct 2024"},{"key":"1023_CR3","unstructured":"Williams, A., Dabirsiaghi, J.: The unfortunate reality of insecure libraries. Asp Secur Inc no. March, pp. 1--26 (2012)"},{"key":"1023_CR4","doi-asserted-by":"crossref","unstructured":"Plate, H., Ponta, S.E., Sabetta, A.: Impact assessment for vulnerabilities in open-source software libraries, in 2015 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 411\u2013420 (2015)","DOI":"10.1109\/ICSM.2015.7332492"},{"key":"1023_CR5","unstructured":"NIST.: \u201cNational Vulnerability Database. [Online]. Available: http:\/\/web.nvd.nist.gov\/view\/vuln\/search (2007). Accessed: 25 Dec 2022"},{"key":"1023_CR6","doi-asserted-by":"crossref","unstructured":"Mousavi, Z., Islam, C., Moore, K., Abuadbba, A., Babar, M.A.: An Investigation into Misuse of Java Security APIs by Large Language Models, in Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, pp. 1299\u20131315. (2024)","DOI":"10.1145\/3634737.3661134"},{"key":"1023_CR7","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1016\/j.scico.2016.01.005","volume":"121","author":"SS Alqahtani","year":"2016","unstructured":"Alqahtani, S.S., Eghan, E.E., Rilling, J.: Tracing known security vulnerabilities in software repositories \u2013 A Semantic Web enabled modeling approach. Sci. Comput. Program. 121, 153\u2013175 (2016)","journal-title":"Sci. Comput. Program."},{"key":"1023_CR8","first-page":"993","volume":"3","author":"DM Blei","year":"2003","unstructured":"Blei, D.M., Ng, A.Y., Jordan, M.I.: Latent dirichlet allocation. J. Mach. Learn. Res. 3, 993\u20131022 (2003)","journal-title":"J. Mach. Learn. Res."},{"issue":"3","key":"1023_CR9","doi-asserted-by":"publisher","first-page":"619","DOI":"10.1007\/s10664-012-9231-y","volume":"19","author":"A Barua","year":"2014","unstructured":"Barua, A., Thomas, S.W., Hassan, A.E.: What are developers talking about? An analysis of topics and trends in Stack Overflow. Empir. Softw. Eng. 19(3), 619\u2013654 (2014)","journal-title":"Empir. Softw. Eng."},{"issue":"5","key":"1023_CR10","doi-asserted-by":"publisher","first-page":"910","DOI":"10.1007\/s11390-016-1672-0","volume":"31","author":"X-L Yang","year":"2016","unstructured":"Yang, X.-L., Lo, D., Xia, X., Wan, Z.-Y., Sun, J.-L.: What security questions do developers ask? A large-scale study of stack overflow posts. J. Comput. Sci. Technol. 31(5), 910\u2013924 (2016)","journal-title":"J. Comput. Sci. Technol."},{"key":"1023_CR11","doi-asserted-by":"crossref","unstructured":"Selva-Mora, A., Quesada-L\u00f3pez, C.: Security Practices in Agile Software Development: A Mapping Study, in Proceedings of the 7th ACM\/IEEE International Workshop on Software-intensive Business, pp. 56\u201363. (2024)","DOI":"10.1145\/3643690.3648241"},{"key":"1023_CR12","doi-asserted-by":"crossref","unstructured":"Kery, M.B., Le Goues, C., Myers, B.A.: Examining programmer practices for locally handling exceptions, in Proceedings of the 13th International Conference on Mining Software Repositories, pp. 484\u2013487. (2016)","DOI":"10.1145\/2901739.2903497"},{"key":"1023_CR13","unstructured":"Pittenger, M.: The State of Open Source Security in Commercial Applications. Open source security analysis."},{"issue":"3","key":"1023_CR14","doi-asserted-by":"publisher","first-page":"1192","DOI":"10.1007\/s10664-015-9379-3","volume":"21","author":"C Rosen","year":"2016","unstructured":"Rosen, C., Shihab, E.: What are mobile developers asking about? A large scale study using stack overflow. Empir. Softw. Eng. 21(3), 1192\u20131223 (2016)","journal-title":"Empir. Softw. Eng."},{"key":"1023_CR15","unstructured":"Alqahtani, S.: OSS study results. [Online]. Available: https:\/\/github.com\/isultane\/OSS-security-study (2024) Accessed 11 Mar 2024"},{"key":"1023_CR16","unstructured":"Sonatype.: 10th annual State of the Software Supply Chain. (2024)"},{"key":"1023_CR17","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1016\/j.jss.2016.07.027","volume":"121","author":"D Badampudi","year":"2016","unstructured":"Badampudi, D., Wohlin, C., Petersen, K.: Software component decision-making: In-house, OSS, COTS or outsourcing - A systematic literature review. J. Syst. Softw. 121, 105\u2013124 (2016)","journal-title":"J. Syst. Softw."},{"key":"1023_CR18","unstructured":"Bals, F.: 2024 Open Source Security and Risk Analysis Report. (2024)"},{"key":"1023_CR19","doi-asserted-by":"crossref","unstructured":"Zhao, L., et al.: \u201cSoftware Composition Analysis for Vulnerability Detection: An Empirical Study on Java Projects,\u201d in Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 960\u2013972. (2023)","DOI":"10.1145\/3611643.3616299"},{"issue":"2","key":"1023_CR20","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1109\/MSEC.2023.3237100","volume":"21","author":"N Zahan","year":"2023","unstructured":"Zahan, N., Lin, E., Tamanna, M., Enck, W., Williams, L.: Software bills of materials are required. Are we there yet? IEEE Secur. Priv. 21(2), 82\u201388 (2023)","journal-title":"IEEE Secur. Priv."},{"key":"1023_CR21","doi-asserted-by":"crossref","unstructured":"Nadi, S., Kr\u00fcger, S., Mezini, M., Bodden, E.: \u2018Jumping Through Hoops\u2019: Why do Java Developers Struggle with Cryptography APIs?,\u201d in Proceedings of the 38th International Conference on Software Engineering, pp. 935\u2013946. (2016)","DOI":"10.1145\/2884781.2884790"},{"key":"1023_CR22","doi-asserted-by":"crossref","unstructured":"Lazar, D., Chen, H., Wang, X., Zeldovich, N.: Why does cryptographic software fail?: a case study and open problems,\u201d in Proceedings of 5th Asia-Pacific Workshop on Systems, pp. 1\u20137 (2014)","DOI":"10.1145\/2637166.2637237"},{"key":"1023_CR23","doi-asserted-by":"crossref","unstructured":"Egele, M., Brumley, D., Fratantonio, Y., Kruegel, C.: An empirical study of cryptographic misuse in android applications, in Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS \u201913, pp. 73\u201384 (2013)","DOI":"10.1145\/2508859.2516693"},{"key":"1023_CR24","doi-asserted-by":"crossref","unstructured":"Fahl, S., Harbach, M., Muders, T., Baumg\u00e4rtner, L., Freisleben, B., Smith, M.: Why eve and mallory love android: an analysis of android SSL (in)security, in Proceedings of the 2012 ACM conference on Computer and communications security, pp. 50\u201361. (2012)","DOI":"10.1145\/2382196.2382205"},{"key":"1023_CR25","doi-asserted-by":"crossref","unstructured":"Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., Shmatikov, V.: The most dangerous code in the world: validating SSL certificates in non-browser software, in Proceedings of the 2012 ACM conference on Computer and communications security, pp. 38\u201349. (2012)","DOI":"10.1145\/2382196.2382204"},{"issue":"11","key":"1023_CR26","doi-asserted-by":"publisher","first-page":"2382","DOI":"10.1109\/TSE.2019.2948910","volume":"47","author":"S Kruger","year":"2021","unstructured":"Kruger, S., Spath, J., Ali, K., Bodden, E., Mezini, M.: CrySL: an extensible approach to validating the correct usage of cryptographic APIs. IEEE Trans. Softw. Eng. 47(11), 2382\u20132400 (2021)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"1","key":"1023_CR27","doi-asserted-by":"publisher","first-page":"288","DOI":"10.1109\/TSE.2022.3150302","volume":"49","author":"Y Zhang","year":"2023","unstructured":"Zhang, Y., Kabir, M.M.A., Xiao, Y., Yao, D., Meng, N.: Automatic detection of java cryptographic API misuses: are we there yet? IEEE Trans. Softw. Eng. 49(1), 288\u2013303 (2023)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"1023_CR28","doi-asserted-by":"crossref","unstructured":"Jean de Dieu, M., Liang, P., Shahin, M.: How do OSS developers utilize architectural solutions from Q&A sites: an empirical study. arxiv, p. 19 (2024)","DOI":"10.1109\/TSE.2025.3572027"},{"issue":"1","key":"1023_CR29","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3694782","volume":"57","author":"R Lin","year":"2025","unstructured":"Lin, R., et al.: Vulnerabilities and security patches detection in OSS: a survey. ACM Comput. Surv. 57(1), 1\u201337 (2025)","journal-title":"ACM Comput. Surv."},{"key":"1023_CR30","doi-asserted-by":"publisher","first-page":"72694","DOI":"10.1109\/ACCESS.2020.2987941","volume":"8","author":"R Kumar","year":"2020","unstructured":"Kumar, R., et al.: A hybrid model of hesitant fuzzy decision-making analysis for estimating usable-security of software. IEEE Access 8, 72694\u201372712 (2020)","journal-title":"IEEE Access"},{"issue":"2","key":"1023_CR31","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1109\/IOTM.001.2300172","volume":"7","author":"AK Pandey","year":"2024","unstructured":"Pandey, A.K., Das, A.K., Kumar, R., Rodrigues, J.J.P.C.: Secure cyber engineering for IoT-Enabled smart healthcare system. IEEE Internet Things Mag. 7(2), 70\u201377 (2024)","journal-title":"IEEE Internet Things Mag."},{"key":"1023_CR32","unstructured":"Stack Exchange In, \u201cStack Exchange Data Explorer,\u201d [Online]. Available: https:\/\/data.stackexchange.com\/ (2024). Accessed 29 Oct 2023"},{"key":"1023_CR33","doi-asserted-by":"crossref","unstructured":"Panichella, A., Dit, B., Oliveto, R., Di Penta, M., Poshyvanyk, D., De Lucia, A.: How to effectively use topic models for software engineering tasks? An approach based on genetic algorithms, in Proceedings of the 2013 International Conference on Software Engineering, pp. 522\u2013531 (2013)","DOI":"10.1109\/ICSE.2013.6606598"},{"key":"1023_CR34","doi-asserted-by":"crossref","unstructured":"H\u00f6rster, E., Lienhart, R., Slaney, M.: Image retrieval on large-scale image databases, in Proceedings of the 6th ACM international conference on Image and video retrieval - CIVR \u201907, pp. 17\u201324 (2007)","DOI":"10.1145\/1282280.1282283"},{"key":"1023_CR35","doi-asserted-by":"crossref","unstructured":"Jo, Y., Oh, A.H.: Aspect and sentiment unification model for online review analysis, in Proceedings of the fourth ACM international conference on Web search and data mining, pp. 815--824. (2011)","DOI":"10.1145\/1935826.1935932"},{"issue":"3","key":"1023_CR36","doi-asserted-by":"publisher","first-page":"272","DOI":"10.1109\/TSE.2016.2576454","volume":"43","author":"X Xia","year":"2017","unstructured":"Xia, X., Lo, D., Ding, Y., Al-Kofahi, J.M., Nguyen, T.N., Wang, X.: Improving automated bug triaging with specialized topic model. IEEE Trans. Softw. Eng. 43(3), 272\u2013297 (2017)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"1023_CR37","doi-asserted-by":"crossref","unstructured":"Chemudugunta, C., Smyth, P., Steyvers, M.: Modeling General and Specific Aspects of Documents with a Probabilistic Topic Model, in Advances in Neural Information Processing Systems 19: Proceedings of the 2006 Conference, p. 214. (2007)","DOI":"10.7551\/mitpress\/7503.003.0035"},{"issue":"S13","key":"1023_CR38","doi-asserted-by":"publisher","first-page":"S8","DOI":"10.1186\/1471-2105-16-S13-S8","volume":"16","author":"W Zhao","year":"2015","unstructured":"Zhao, W., et al.: A heuristic approach to determine an appropriate number of topics in topic modeling. BMC Bioinf. 16(S13), S8 (2015)","journal-title":"BMC Bioinf."},{"key":"1023_CR39","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4842-4476-0","volume-title":"Rapid java persistence and microservices","author":"R Malhotra","year":"2019","unstructured":"Malhotra, R.: Rapid java persistence and microservices. Apress, Berkeley (2019)"},{"key":"1023_CR40","unstructured":"MITRE.: 2022 CWE Top 25 Most Dangerous Software Weaknesses. [Online]. Available: https:\/\/cwe.mitre.org\/top25\/archive\/2022\/2022_cwe_top25.html (2022)"},{"key":"1023_CR41","unstructured":"Kasunic, M.: Designing an effective survey. pp. 1\u2013143 (2005)"},{"issue":"1","key":"1023_CR42","doi-asserted-by":"publisher","first-page":"148","DOI":"10.1214\/aoms\/1177705148","volume":"32","author":"LA Goodman","year":"1961","unstructured":"Goodman, L.A.: Snowball sampling. Ann. Math. Stat. 32(1), 148\u2013170 (1961)","journal-title":"Ann. Math. Stat."},{"key":"1023_CR43","unstructured":"Chang, O., Lewandowski, K.: Launching OSV - Better vulnerability triage for open source. Google Security Team. [Online]. Available: https:\/\/opensource.googleblog.com\/2021\/02\/launching-osv-better-vulnerability.html (2021)"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01023-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01023-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01023-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T10:12:26Z","timestamp":1750500746000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01023-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,8]]},"references-count":43,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,6]]}},"alternative-id":["1023"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01023-1","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2025,4,8]]},"assertion":[{"value":"17 March 2025","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"8 April 2025","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"I have no conflict of interest to disclose. The author Sultan S. Alqahtani, declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"There is no research involving human participates.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Human or animal participants"}}],"article-number":"109"}}