{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,30]],"date-time":"2026-03-30T15:07:55Z","timestamp":1774883275115,"version":"3.50.1"},"reference-count":78,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T00:00:00Z","timestamp":1770768000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"},{"start":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T00:00:00Z","timestamp":1770768000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0"}],"funder":[{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","award":["RGPIN-2019-06306"],"award-info":[{"award-number":["RGPIN-2019-06306"]}],"id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2026,5]]},"DOI":"10.1007\/s10664-025-10795-y","type":"journal-article","created":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T08:33:25Z","timestamp":1770798805000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["SecMLOps: A comprehensive framework for integrating security throughout the machine learning operations lifecycle"],"prefix":"10.1007","volume":"31","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4118-5211","authenticated-orcid":false,"given":"Xinrui","family":"Zhang","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7393-5016","authenticated-orcid":false,"given":"Pincan","family":"Zhao","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6316-3040","authenticated-orcid":false,"given":"Jason","family":"Jaskolka","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5441-6763","authenticated-orcid":false,"given":"Heng","family":"Li","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5720-0941","authenticated-orcid":false,"given":"Rongxing","family":"Lu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,2,11]]},"reference":[{"key":"10795_CR1","doi-asserted-by":"publisher","first-page":"103391","DOI":"10.1016\/j.cose.2023.103391","volume":"133","author":"Z Abuabed","year":"2023","unstructured":"Abuabed Z, Alsadeh A, Taweel A (2023) Stride threat model-based framework for assessing the vulnerabilities of modern vehicles. Comput Secur 133:103391. https:\/\/doi.org\/10.1016\/j.cose.2023.103391","journal-title":"Comput Secur"},{"key":"10795_CR2","first-page":"191","volume":"104","author":"A Act","year":"1996","unstructured":"Act A (1996) Health insurance portability and accountability act of 1996. Public Law 104:191","journal-title":"Public Law"},{"key":"10795_CR3","doi-asserted-by":"publisher","unstructured":"Alla S, Adari SK (2021) Beginning MLOps with MLFlow: deploy models in AWS SageMaker, Google Cloud, And Microsoft Azure. Apress, Berkeley, CA. https:\/\/doi.org\/10.1007\/978-1-4842-6549-9. Accessed 24 Feb 2022","DOI":"10.1007\/978-1-4842-6549-9"},{"key":"10795_CR4","first-page":"24392","volume":"34","author":"Y Bai","year":"2021","unstructured":"Bai Y, Yang E, Han B, Yang Y, Li J, Mao Y, Niu G, Liu T (2021) Understanding and improving early stopping for learning with noisy labels. Adv Neural Inf Process Syst 34:24392\u201324403","journal-title":"Adv Neural Inf Process Syst"},{"key":"10795_CR5","doi-asserted-by":"crossref","unstructured":"Bhatt U, Xiang A, Sharma S, Weller A, Taly A, Jia Y, Ghosh J, Puri R, Moura JM, Eckersley P (2020) Explainable machine learning in deployment. In: Proceedings of the 2020 conference on fairness, accountability, and transparency. pp 648\u2013657","DOI":"10.1145\/3351095.3375624"},{"key":"10795_CR6","doi-asserted-by":"publisher","unstructured":"Breck E, Cai S, Nielsen E, Salib M, Sculley D (2017) The ml test score: A rubric for ml production readiness and technical debt reduction. In: 2017 IEEE international conference on big data (Big Data). pp 1123\u20131132. https:\/\/doi.org\/10.1109\/BigData.2017.8258038","DOI":"10.1109\/BigData.2017.8258038"},{"key":"10795_CR7","unstructured":"Carlini N, Tramer F, Wallace E, Jagielski M, Herbert-Voss A, Lee K, Roberts A, Brown T, Song D, Erlingsson U et al (2021) Extracting training data from large language models. In: 30th USENIX security symposium (USENIX Security 21). pp 2633\u20132650"},{"key":"10795_CR8","doi-asserted-by":"crossref","unstructured":"Carlini N, Wagner D (2017) Towards evaluating the robustness of neural networks. In: 2017 IEEE symposium on security and privacy (SP). IEEE, pp 39\u201357","DOI":"10.1109\/SP.2017.49"},{"key":"10795_CR9","unstructured":"Cartella F, Anunciacao O, Funabiki Y, Yamaguchi D, Akishita T, Elshocht O (2021) Adversarial attacks for tabular data: application to fraud detection and imbalanced data. arXiv:2101.08030"},{"issue":"1","key":"10795_CR10","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1146\/annurev-biodatasci-092820-114757","volume":"4","author":"IY Chen","year":"2021","unstructured":"Chen IY, Pierson E, Rose S, Joshi S, Ferryman K, Ghassemi M (2021) Ethical machine learning in healthcare. Ann Rev Biomed Data Sci 4(1):123\u2013144","journal-title":"Ann Rev Biomed Data Sci"},{"key":"10795_CR11","doi-asserted-by":"publisher","unstructured":"Chen H, Babar MA (2024) Security for machine learning-based software systems: a survey of threats, practices, and challenges. ACM Comput Surv 56(6). https:\/\/doi.org\/10.1145\/3638531","DOI":"10.1145\/3638531"},{"issue":"3","key":"10795_CR12","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1109\/MC.2023.3299572","volume":"57","author":"AE Cin\u00e0","year":"2024","unstructured":"Cin\u00e0 AE, Grosse K, Demontis A, Biggio B, Roli F, Pelillo M (2024) Machine learning security against data poisoning: are we there yet? Computer 57(3):26\u201334. https:\/\/doi.org\/10.1109\/MC.2023.3299572","journal-title":"Computer"},{"key":"10795_CR13","doi-asserted-by":"publisher","unstructured":"Debois P (2008) Agile infrastructure and operations: How infra-gile are you? In: Agile 2008 conference. pp 202\u2013207. https:\/\/doi.org\/10.1109\/Agile.2008.42","DOI":"10.1109\/Agile.2008.42"},{"key":"10795_CR14","doi-asserted-by":"crossref","unstructured":"Disterer G (2013) ISO\/IEC 27000, 27001 and 27002 for information security management. J Inf Secur 4(2)","DOI":"10.4236\/jis.2013.42011"},{"issue":"4","key":"10795_CR15","doi-asserted-by":"publisher","first-page":"743","DOI":"10.1109\/TPAMI.2011.155","volume":"34","author":"P Dollar","year":"2012","unstructured":"Dollar P, Wojek C, Schiele B, Perona P (2012) Pedestrian detection: an evaluation of the state of the art. IEEE Trans Pattern Anal Mach Intell 34(4):743\u2013761. https:\/\/doi.org\/10.1109\/TPAMI.2011.155","journal-title":"IEEE Trans Pattern Anal Mach Intell"},{"key":"10795_CR16","doi-asserted-by":"publisher","DOI":"10.1016\/j.bushor.2024.03.007","author":"G Elia","year":"2024","unstructured":"Elia G, Solazzo G, Lerro A, Pigni F, Tucci CL (2024) The digital transformation canvas: a conceptual framework for leading the digital transformation process. Bus Horiz. https:\/\/doi.org\/10.1016\/j.bushor.2024.03.007","journal-title":"Bus Horiz"},{"issue":"6433","key":"10795_CR17","doi-asserted-by":"publisher","first-page":"1287","DOI":"10.1126\/science.aaw4399","volume":"363","author":"SG Finlayson","year":"2019","unstructured":"Finlayson SG, Bowers JD, Ito J, Zittrain JL, Beam AL, Kohane IS (2019) Adversarial attacks on medical machine learning. Science 363(6433):1287\u20131289","journal-title":"Science"},{"key":"10795_CR18","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1016\/j.cose.2016.06.002","volume":"61","author":"SV Flowerday","year":"2016","unstructured":"Flowerday SV, Tuyikeze T (2016) Information security policy development and implementation: the what, how and who. Comput Secur 61:169\u2013183. https:\/\/doi.org\/10.1016\/j.cose.2016.06.002","journal-title":"Comput Secur"},{"issue":"4","key":"10795_CR19","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1145\/2523813","volume":"46","author":"J Gama","year":"2014","unstructured":"Gama J, \u017dliobait\u0117 I, Bifet A, Pechenizkiy M, Bouchachia A (2014) A survey on concept drift adaptation. ACM Comput Surv 46(4):44","journal-title":"ACM Comput Surv"},{"key":"10795_CR20","unstructured":"Gebru T, Morgenstern J, Vecchione B, Wortman\u00a0Vaughan J, Wallach H, Daum\u00e9\u00a0III H, Crawford K (2018) Datasheets for datasets"},{"key":"10795_CR21","unstructured":"Goodfellow IJ, Shlens J, Szegedy C (2014) Explaining and harnessing adversarial examples. arXiv:1412.6572"},{"key":"10795_CR22","doi-asserted-by":"crossref","unstructured":"Greshake K, Abdelnabi S, Mishra S, Endres C, Holz T, Fritz M (2023) Not what you\u2019ve signed up for: compromising real-world LLM-integrated applications with indirect prompt injection. In: Proceedings of the 16th ACM workshop on artificial intelligence and security. pp 79\u201390","DOI":"10.1145\/3605764.3623985"},{"key":"10795_CR23","doi-asserted-by":"publisher","first-page":"1749","DOI":"10.1109\/TIFS.2023.3251842","volume":"18","author":"K Grosse","year":"2023","unstructured":"Grosse K, Bieringer L, Besold TR, Biggio B, Krombholz K (2023) Machine learning security in industry: a quantitative survey. IEEE Trans Inf Forensics Secur 18:1749\u20131762. https:\/\/doi.org\/10.1109\/TIFS.2023.3251842","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"10795_CR24","first-page":"128127","volume":"456","author":"S Guo","year":"2023","unstructured":"Guo S, Zhao X, Wang H, Xu N (2023) Distributed consensus of heterogeneous switched nonlinear multiagent systems with input quantization and dos attacks. Appl Math Comput 456:128127","journal-title":"Appl Math Comput"},{"issue":"1","key":"10795_CR25","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1109\/TSE.2007.70754","volume":"34","author":"C Haley","year":"2008","unstructured":"Haley C, Laney R, Moffett J, Nuseibeh B (2008) Security requirements engineering: a framework for representation and analysis. IEEE Trans Software Eng 34(1):133\u2013153. https:\/\/doi.org\/10.1109\/TSE.2007.70754","journal-title":"IEEE Trans Software Eng"},{"issue":"5","key":"10795_CR26","doi-asserted-by":"publisher","first-page":"568","DOI":"10.1080\/0960085X.2022.2100061","volume":"31","author":"A Hemon-Hildgen","year":"2022","unstructured":"Hemon-Hildgen A, Rowe F (2022) Conceptualising and defining DevOps: a review for understanding, not a framework for practitioners. Eur J Inf Syst 31(5):568\u2013574","journal-title":"Eur J Inf Syst"},{"key":"10795_CR27","unstructured":"International Organization for Standardization (2018) Road Vehicles \u2013 Functional Safety. Geneva, Switzerland. International Organization for Standardization"},{"key":"10795_CR28","unstructured":"International Organization for Standardization (2019) Road Vehicles \u2013 Safety of the Intended Functionality. Geneva, Switzerland. International Organization for Standardization"},{"issue":"2","key":"10795_CR29","doi-asserted-by":"publisher","first-page":"685","DOI":"10.1109\/TDSC.2023.3261327","volume":"21","author":"W Jiang","year":"2024","unstructured":"Jiang W, Li H, Xu G, Zhang T, Lu R (2024) A comprehensive defense framework against model extraction attacks. IEEE Trans Dependable Secure Comput 21(2):685\u2013700. https:\/\/doi.org\/10.1109\/TDSC.2023.3261327","journal-title":"IEEE Trans Dependable Secure Comput"},{"issue":"6","key":"10795_CR30","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1038\/s42256-020-0186-1","volume":"2","author":"GA Kaissis","year":"2020","unstructured":"Kaissis GA, Makowski MR, R\u00fcckert D, Braren RF (2020) Secure, privacy-preserving and federated machine learning in medical imaging. Nat Mach Intell 2(6):305\u2013311","journal-title":"Nat Mach Intell"},{"key":"10795_CR31","doi-asserted-by":"publisher","first-page":"121192","DOI":"10.1016\/j.eswa.2023.121192","volume":"235","author":"H Kasyap","year":"2024","unstructured":"Kasyap H, Tripathy S (2024) Beyond data poisoning in federated learning. Expert Syst Appl 235:121192. https:\/\/doi.org\/10.1016\/j.eswa.2023.121192","journal-title":"Expert Syst Appl"},{"issue":"10","key":"10795_CR32","doi-asserted-by":"publisher","first-page":"4013","DOI":"10.1007\/s10994-022-06177-w","volume":"112","author":"\u0141 Korycki","year":"2023","unstructured":"Korycki \u0141, Krawczyk B (2023) Adversarial concept drift detection under poisoning attacks for robust data stream mining. Mach Learn 112(10):4013\u20134048","journal-title":"Mach Learn"},{"key":"10795_CR33","doi-asserted-by":"publisher","first-page":"31866","DOI":"10.1109\/ACCESS.2023.3262138","volume":"11","author":"D Kreuzberger","year":"2023","unstructured":"Kreuzberger D, K\u00fchl N, Hirschl S (2023) Machine learning operations (MLOps): overview, definition, and architecture. IEEE Access 11:31866\u201331879","journal-title":"IEEE Access"},{"key":"10795_CR34","doi-asserted-by":"crossref","unstructured":"Kumar RSS, Nystr\u00f6m M, Lambert J, Marshall A, Goertzel M, Comissoneru A, Swann M, Xia S (2020) Adversarial machine learning-industry perspectives. In: 2020 IEEE Security and Privacy Workshops (SPW). IEEE, pp 69\u201375","DOI":"10.1109\/SPW50608.2020.00028"},{"issue":"6597","key":"10795_CR35","doi-asserted-by":"publisher","first-page":"9979","DOI":"10.1126\/science.abj9979","volume":"376","author":"M Lanza","year":"2022","unstructured":"Lanza M, Sebastian A, Lu WD, Le Gallo M, Chang M-F, Akinwande D, Puglisi FM, Alshareef HN, Liu M, Roldan JB (2022) Memristive technologies for data storage, computation, encryption, and radio-frequency communication. Science 376(6597):9979","journal-title":"Science"},{"key":"10795_CR36","doi-asserted-by":"publisher","first-page":"106630","DOI":"10.1016\/j.infsof.2021.106630","volume":"139","author":"M-A Laverdi\u00e8re","year":"2021","unstructured":"Laverdi\u00e8re M-A, Julien K, Merlo E (2021) RBAC protection-impacting changes identification: a case study of the security evolution of two PHP applications. Inf Softw Technol 139:106630","journal-title":"Inf Softw Technol"},{"key":"10795_CR37","doi-asserted-by":"publisher","unstructured":"Leite L, Rocha C, Kon F, Milojicic D, Meirelles P (2019) A survey of DevOps concepts and challenges. 52(6). https:\/\/doi.org\/10.1145\/3359981","DOI":"10.1145\/3359981"},{"key":"10795_CR38","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1016\/j.compind.2018.09.004","volume":"103","author":"M Lezzi","year":"2018","unstructured":"Lezzi M, Lazoi M, Corallo A (2018) Cybersecurity for Industry 4.0 in the current literature: A reference framework. Comput Ind 103:97\u2013110. https:\/\/doi.org\/10.1016\/j.compind.2018.09.004","journal-title":"Comput Ind"},{"key":"10795_CR39","doi-asserted-by":"publisher","first-page":"2364","DOI":"10.1109\/TIFS.2022.3184262","volume":"17","author":"J Liu","year":"2022","unstructured":"Liu J, Lau CP, Souri H, Feizi S, Chellappa R (2022) Mutual adversarial training: learning together is better than going alone. IEEE Trans Inf Forensics Secur 17:2364\u20132377. https:\/\/doi.org\/10.1109\/TIFS.2022.3184262","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"10795_CR40","doi-asserted-by":"crossref","unstructured":"Liu M, Jiang J, Zhu C, Yin X-C (2023) VLPD: context-aware pedestrian detection via vision-language semantic self-supervision. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR). pp 6662\u20136671","DOI":"10.1109\/CVPR52729.2023.00644"},{"key":"10795_CR41","doi-asserted-by":"crossref","unstructured":"Mitchell M, Wu S, Zaldivar A, Barnes P, Vasserman L, Hutchinson B, Spitzer E, Raji ID, Gebru T (2019) Model cards for model reporting. In: Proceedings of the conference on fairness, accountability, and transparency. pp 220\u2013229","DOI":"10.1145\/3287560.3287596"},{"key":"10795_CR42","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli S-M, Fawzi A, Frossard P (2016) DeepFool: a simple and accurate method to fool deep neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR)","DOI":"10.1109\/CVPR.2016.282"},{"key":"10795_CR43","doi-asserted-by":"crossref","unstructured":"Mullapudi RT, Chen S, Zhang K, Ramanan D, Fatahalian K (2019) Online model distillation for efficient video inference. In: Proceedings of the IEEE\/CVF international conference on computer vision. pp 3573\u20133582","DOI":"10.1109\/ICCV.2019.00367"},{"key":"10795_CR44","doi-asserted-by":"publisher","unstructured":"Natella R, Liguori P, Improta C, Cukic B, Cotroneo D (2024) AI code generators for security: Friend or foe? IEEE Security & Privacy, 2\u201310. https:\/\/doi.org\/10.1109\/MSEC.2024.3355713","DOI":"10.1109\/MSEC.2024.3355713"},{"key":"10795_CR45","doi-asserted-by":"crossref","unstructured":"Paleyes A, Urma R-G, Lawrence ND (2022) Challenges in deploying machine learning: a survey of case studies. ACM Comput Surv 55(6)","DOI":"10.1145\/3533378"},{"key":"10795_CR46","doi-asserted-by":"publisher","unstructured":"Papernot N, McDaniel P, Sinha A, Wellman MP (2018) SOK: security and privacy in machine learning. In: 2018 IEEE European symposium on security and privacy (EuroS&P). pp 399\u2013414. https:\/\/doi.org\/10.1109\/EuroSP.2018.00035","DOI":"10.1109\/EuroSP.2018.00035"},{"key":"10795_CR47","unstructured":"Paudice A, Mu\u00f1oz-Gonz\u00e1lez L, Gyorgy A, Lupu EC (2018) Detection of adversarial training examples in poisoning attacks through anomaly detection. arXiv:1802.03041"},{"key":"10795_CR48","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1109\/RBME.2020.3013489","volume":"14","author":"A Qayyum","year":"2020","unstructured":"Qayyum A, Qadir J, Bilal M, Al-Fuqaha A (2020) Secure and robust machine learning for healthcare: a survey. IEEE Rev Biomed Eng 14:156\u2013180","journal-title":"IEEE Rev Biomed Eng"},{"key":"10795_CR49","doi-asserted-by":"publisher","first-page":"590","DOI":"10.1007\/978-3-319-49094-6_44","volume-title":"Product-focused software process improvement","author":"L Riungu-Kalliosaari","year":"2016","unstructured":"Riungu-Kalliosaari L, M\u00e4kinen S, Lwakatare LE, Tiihonen J, M\u00e4nnist\u00f6 T (2016) DevOps adoption benefits and challenges in practice: a case study. In: Abrahamsson P, Jedlitschka A, Nguyen Duc A, Felderer M, Amasaki S, Mikkonen T (eds) Product-focused software process improvement. Springer, Cham, pp 590\u2013597"},{"issue":"19","key":"10795_CR50","doi-asserted-by":"publisher","first-page":"8861","DOI":"10.3390\/app11198861","volume":"11","author":"P Ruf","year":"2021","unstructured":"Ruf P, Madan M, Reich C, Ould-Abdeslam D (2021) Demystifying MLOps and presenting a recipe for the selection of open-source tools. Appl Sci 11(19):8861","journal-title":"Appl Sci"},{"issue":"3","key":"10795_CR51","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1007\/s42979-021-00592-x","volume":"2","author":"IH Sarker","year":"2021","unstructured":"Sarker IH (2021) Machine learning: algorithms, real-world applications and research directions. SN Comput Sci 2(3):160","journal-title":"SN Comput Sci"},{"key":"10795_CR52","unstructured":"Schelter S, Biessmann F, Januschowski T, Salinas D, Seufert S, Szarvas G (2018) On challenges in machine learning model management. Data Engineering 5"},{"key":"10795_CR53","unstructured":"Sculley D, Holt G, Golovin D, Davydov E, Phillips T, Ebner D, Chaudhary V, Young M, Crespo JF, Dennison D (2015) Hidden technical debt in machine learning systems. In: Advances in neural information processing systems"},{"key":"10795_CR54","unstructured":"Shankar S, Halpern Y, Breck E, Atwood J, Wilson J, Sculley D (2017) No classification without representation: assessing geodiversity issues in open data sets for the developing world. arxiv.\u00a0Machine Learning"},{"key":"10795_CR55","doi-asserted-by":"publisher","first-page":"101745","DOI":"10.1016\/j.cose.2020.101745","volume":"95","author":"F Sinigaglia","year":"2020","unstructured":"Sinigaglia F, Carbone R, Costa G, Zannone N (2020) A survey on multi-factor authentication for online banking in the wild. Comput Secur 95:101745","journal-title":"Comput Secur"},{"key":"10795_CR56","unstructured":"Steinhardt J, Koh PWW, Liang PS (2017) Certified defenses for data poisoning attacks. Advances in neural information processing systems. 30"},{"key":"10795_CR57","doi-asserted-by":"publisher","unstructured":"Tamburri DA (2020) Sustainable MLOps: trends and challenges. In: 2020 22nd international symposium on symbolic and numeric algorithms for scientific computing (SYNASC). IEEE, Timisoara, Romania, pp 17\u201323. https:\/\/doi.org\/10.1109\/SYNASC51798.2020.00015. Accessed 24 Feb 2022","DOI":"10.1109\/SYNASC51798.2020.00015"},{"key":"10795_CR58","unstructured":"Tram\u00e8r F, Zhang F, Juels A, Reiter MK, Ristenpart T (2016) Stealing machine learning models via prediction $$\\{$$APIs$$\\}$$. In: 25th USENIX security symposium (USENIX Security 16). pp 601\u2013618"},{"key":"10795_CR59","doi-asserted-by":"crossref","unstructured":"Voigt P, Bussche A (2017) The EU general data protection regulation (GDPR). A practical guide, 1st Ed., Cham: Springer International Publishing 10(3152676), 10\u20135555","DOI":"10.1007\/978-3-319-57959-7"},{"key":"10795_CR60","doi-asserted-by":"crossref","unstructured":"Warnett SJ, Zdun U (2024) On the understandability of MLOps system architectures. IEEE Transactions on Software Engineering","DOI":"10.1109\/TSE.2024.3367488"},{"key":"10795_CR61","unstructured":"Wazir S, Kashyap GS, Saxena P (2023) MLOps: a review. arXiv:2308.10908"},{"key":"10795_CR62","unstructured":"Weber M, Domeniconi G, Chen J, Weidele DKI, Bellei C, Robinson T, Leiserson CE (2019) Anti-money laundering in Bitcoin: experimenting with graph convolutional networks for financial forensics. arXiv:1908.02591"},{"key":"10795_CR63","unstructured":"Willis J (2010) What DevOps means to me. https:\/\/www.chef.io\/blog\/what-devops-means-to-me. Accessed 26 May 2024"},{"key":"10795_CR64","unstructured":"Wong E, Rice L, Kolter JZ (2020) Fast is better than free: revisiting adversarial training. https:\/\/arxiv.org\/abs\/2001.03994"},{"key":"10795_CR65","doi-asserted-by":"publisher","first-page":"103141","DOI":"10.1016\/j.cose.2023.103141","volume":"128","author":"WD Xiong","year":"2023","unstructured":"Xiong WD, Luo KL, Li R (2023) AIDTF: Adversarial training framework for network intrusion detection. Comput Secur 128:103141. https:\/\/doi.org\/10.1016\/j.cose.2023.103141","journal-title":"Comput Secur"},{"issue":"2","key":"10795_CR66","doi-asserted-by":"publisher","first-page":"100211","DOI":"10.1016\/j.hcc.2024.100211","volume":"4","author":"Y Yao","year":"2024","unstructured":"Yao Y, Duan J, Xu K, Cai Y, Sun Z, Zhang Y (2024) A survey on large language model (LLM) security and privacy: the good, the bad, and the ugly. High-Confidence Comput 4(2):100211","journal-title":"High-Confidence Comput"},{"key":"10795_CR67","doi-asserted-by":"crossref","unstructured":"Yun S, Han D, Oh SJ, Chun S, Choe J, Yoo Y (2019) CutMix: regularization strategy to train strong classifiers with localizable features. In: International Conference on Computer Vision (ICCV)","DOI":"10.1109\/ICCV.2019.00612"},{"key":"10795_CR68","doi-asserted-by":"publisher","first-page":"112331","DOI":"10.1016\/j.jss.2024.112331","volume":"223","author":"X Zhang","year":"2025","unstructured":"Zhang X, Zhao P, Jaskolka J (2025) Navigating the DevOps landscape. J Syst Softw 223:112331","journal-title":"J Syst Softw"},{"key":"10795_CR69","doi-asserted-by":"crossref","unstructured":"Zhang S, Benenson R, Schiele B (2017) CityPersons: a diverse dataset for pedestrian detection. In: CVPR","DOI":"10.1109\/CVPR.2017.474"},{"key":"10795_CR70","doi-asserted-by":"publisher","unstructured":"Zhang X, Jaskolka J (2022) Conceptualizing the secure machine learning operations (SecMLOps) paradigm. In: 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS). pp 127\u2013138. https:\/\/doi.org\/10.1109\/QRS57517.2022.00023","DOI":"10.1109\/QRS57517.2022.00023"},{"key":"10795_CR71","doi-asserted-by":"crossref","unstructured":"Zhang X, Jaskolka J (2022) Security patterns for machine learning: the data-oriented stages. In: The 27th European conference on pattern languages of programs. EuroPLoP 2022. Kloster Irsee, Germany, p 18","DOI":"10.1145\/3551902.3565070"},{"key":"10795_CR72","doi-asserted-by":"publisher","unstructured":"Zhang X, Zhao P, Jaskolka J (2024) Enhancing security and efficiency in vehicle-to-sensor authentication: a multi-factor approach with cloud assistance. In: 2024 IEEE 23rd international conference on trust, security and privacy in computing and communications (TrustCom). pp 1632\u20131637. https:\/\/doi.org\/10.1109\/TrustCom63139.2024.00224","DOI":"10.1109\/TrustCom63139.2024.00224"},{"key":"10795_CR73","doi-asserted-by":"publisher","first-page":"112063","DOI":"10.1016\/j.jss.2024.112063","volume":"214","author":"X Zhao","year":"2024","unstructured":"Zhao X, Clear T, Lal R (2024) Identifying the primary dimensions of DevSecOps: a multi-vocal literature review. J Syst Softw 214:112063. https:\/\/doi.org\/10.1016\/j.jss.2024.112063","journal-title":"J Syst Softw"},{"issue":"11","key":"10795_CR74","doi-asserted-by":"publisher","first-page":"15424","DOI":"10.1109\/JIOT.2025.3530857","volume":"12","author":"P Zhao","year":"2025","unstructured":"Zhao P, Li C, Zhang X, Richard Yu, F., Fu, Y. (2025) Intelligent cooperative sensing for connected and autonomous vehicles: an improved decision transformer approach. IEEE Internet Things J 12(11):15424\u201315437. https:\/\/doi.org\/10.1109\/JIOT.2025.3530857","journal-title":"IEEE Internet Things J"},{"key":"10795_CR75","doi-asserted-by":"publisher","unstructured":"Zhao Z, Chen G, Liu T, Li T, Song F, Wang J, Sun J (2024) Attack as detection: using adversarial attack methods to detect abnormal examples. ACM Trans Softw Eng Methodol 33(3). https:\/\/doi.org\/10.1145\/3631977","DOI":"10.1145\/3631977"},{"issue":"8","key":"10795_CR76","doi-asserted-by":"publisher","first-page":"1738","DOI":"10.1109\/JPROC.2019.2918951","volume":"107","author":"Z Zhou","year":"2019","unstructured":"Zhou Z, Chen X, Li E, Zeng L, Luo K, Zhang J (2019) Edge intelligence: paving the last mile of artificial intelligence with edge computing. Proc IEEE 107(8):1738\u20131762","journal-title":"Proc IEEE"},{"key":"10795_CR77","doi-asserted-by":"crossref","unstructured":"\u017dliobait\u0117 I, Pechenizkiy M, Gama J (2015) An overview of concept drift applications. Big data analysis: new algorithms for a new society, 91\u2013114","DOI":"10.1007\/978-3-319-26989-4_4"},{"key":"10795_CR78","unstructured":"Zou A, Wang Z, Carlini N, Nasr M, Kolter JZ, Fredrikson M (2023) Universal and transferable adversarial attacks on aligned language models. arXiv:2307.15043"}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-025-10795-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10664-025-10795-y","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-025-10795-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,30]],"date-time":"2026-03-30T14:35:50Z","timestamp":1774881350000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10664-025-10795-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,11]]},"references-count":78,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2026,5]]}},"alternative-id":["10795"],"URL":"https:\/\/doi.org\/10.1007\/s10664-025-10795-y","relation":{},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"value":"1382-3256","type":"print"},{"value":"1573-7616","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,11]]},"assertion":[{"value":"23 May 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 December 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 February 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Not applicable - this study did not require ethical approval.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical Approval"}},{"value":"The authors consent to the use of this work in the Journal.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Informed Consent"}},{"value":"The authors declare that they have no conflict of interests.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interest"}},{"value":"Not applicable.","order":5,"name":"Ethics","group":{"name":"EthicsHeading","label":"Clinical Trial Number"}}],"article-number":"74"}}