{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T18:04:26Z","timestamp":1783965866016,"version":"3.55.0"},"reference-count":41,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,6,22]],"date-time":"2026-06-22T00:00:00Z","timestamp":1782086400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100003593","name":"Conselho Nacional de Desenvolvimento Cient\u00edfico e Tecnol\u00f3gico","doi-asserted-by":"publisher","award":["300883\/2025-0"],"award-info":[{"award-number":["300883\/2025-0"]}],"id":[{"id":"10.13039\/501100003593","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003593","name":"Conselho Nacional de Desenvolvimento Cient\u00edfico e Tecnol\u00f3gico","doi-asserted-by":"publisher","award":["406266\/2025-5"],"award-info":[{"award-number":["406266\/2025-5"]}],"id":[{"id":"10.13039\/501100003593","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers &amp; Security"],"published-print":{"date-parts":[[2026,11]]},"DOI":"10.1016\/j.cose.2026.105026","type":"journal-article","created":{"date-parts":[[2026,6,22]],"date-time":"2026-06-22T15:50:10Z","timestamp":1782143410000},"page":"105026","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Cybersecurity risks, DevSecOps challenges, and emerging security priorities: An empirical study across Brazilian organizations"],"prefix":"10.1016","volume":"170","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2159-339X","authenticated-orcid":false,"given":"Edna Dias","family":"Canedo","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-1938-1923","authenticated-orcid":false,"given":"Stefano Luppi","family":"Sp\u00f3sito","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2075-6601","authenticated-orcid":false,"given":"Laerte","family":"Peotta","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1538-4276","authenticated-orcid":false,"given":"Rafael Rabelo","family":"Nunes","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Marcelo","family":"Ladeira","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.cose.2026.105026_b1","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2025.104761","article-title":"Developing ethical principle awareness and reasoning in a cybersecurity context: Enhancing user understanding using ripple down rules","volume":"161","author":"Abdulrahman","year":"2026","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.105026_b2","doi-asserted-by":"crossref","first-page":"43698","DOI":"10.1109\/ACCESS.2025.3549183","article-title":"Empirical investigation of key enablers for secure DevOps practices","volume":"13","author":"Akbar","year":"2025","journal-title":"IEEE Access"},{"key":"10.1016\/j.cose.2026.105026_b3","doi-asserted-by":"crossref","DOI":"10.1016\/j.infsof.2022.106894","article-title":"Toward successful DevSecOps in software development organizations: A decision-making framework","volume":"147","author":"Akbar","year":"2022","journal-title":"Inf. Softw. Technol."},{"key":"10.1016\/j.cose.2026.105026_b4","series-title":"Anais do XXII Simp\u00f3sio Brasileiro de Sistemas de Informa\u00e7\u00e3o","first-page":"1181","article-title":"Privacy, data protection, risk, and compliance in the age of generative AI systems: A systematic mapping study","author":"Andrade","year":"2026"},{"key":"10.1016\/j.cose.2026.105026_b5","series-title":"Framework for Improving Critical Infrastructure Cybersecurity Version 1.1","author":"Barrett","year":"2018"},{"key":"10.1016\/j.cose.2026.105026_b6","series-title":"Enhancing Cybersecurity Framework Adoption: Methodologies and Techniques for Contexts Specific Implementations","author":"Carello","year":"2025"},{"key":"10.1016\/j.cose.2026.105026_b7","series-title":"Novel Approaches to Standard Based Cybersecurity Risk Management in OT Environment","author":"Caviglia","year":"2025"},{"key":"10.1016\/j.cose.2026.105026_b8","series-title":"2025 13th International Symposium on Digital Forensics and Security","first-page":"1","article-title":"Advancing DevSecOps in SMEs: Challenges and best practices for secure CI\/CD pipelines","author":"Cheenepalli","year":"2025"},{"key":"10.1016\/j.cose.2026.105026_b9","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103435","article-title":"Learning from safety science: A way forward for studying cybersecurity incidents in organizations","volume":"134","author":"Ebert","year":"2023","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.105026_b10","series-title":"NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management, Version 1.1","author":"Enterprise","year":"2025"},{"key":"10.1016\/j.cose.2026.105026_b11","series-title":"ISO\/IEC 27001:2022: Information security, cybersecurity and privacy protection \u2014 Information security management systems \u2014 Requirements","author":"for Standardization (ISO)","year":"2022"},{"issue":"5","key":"10.1016\/j.cose.2026.105026_b12","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1109\/MSEC.2025.3596735","article-title":"Cyber ranges: Five use cases for improving cybersecurity skills development in organizations","volume":"23","author":"Glas","year":"2025","journal-title":"IEEE Secur. Priv."},{"key":"10.1016\/j.cose.2026.105026_b13","series-title":"2024 Cyber Research Conference - Ireland","first-page":"1","article-title":"Continuing professional development among cybersecurity professionals in Ireland: A qualitative study","author":"Haren","year":"2024"},{"key":"10.1016\/j.cose.2026.105026_b14","article-title":"Evaluating the cyber security readiness of organizations and its influence on performance","volume":"58","author":"Hasan","year":"2021","journal-title":"J. Inf. Secur. Appl."},{"key":"10.1016\/j.cose.2026.105026_b15","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.103852","article-title":"Navigating Cybersecurity Governance: The influence of opportunity structures in socio-technical transitions for small and medium enterprises","volume":"142","author":"Hoong","year":"2024","journal-title":"Comput. Secur."},{"issue":"1","key":"10.1016\/j.cose.2026.105026_b16","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1007\/s43681-025-00935-x","article-title":"From AI security to ethical AI security: a comparative risk-mitigation framework for classical and hybrid AI governance","volume":"6","author":"Ilari","year":"2026","journal-title":"AI Ethics"},{"issue":"6","key":"10.1016\/j.cose.2026.105026_b17","doi-asserted-by":"crossref","first-page":"137","DOI":"10.1007\/s10664-024-10504-1","article-title":"Recommendations for analysing and meta-analysing small sample size software engineering experiments","volume":"29","author":"Kitchenham","year":"2024","journal-title":"Empir. Softw. Eng."},{"issue":"5","key":"10.1016\/j.cose.2026.105026_b18","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1145\/571681.571686","article-title":"Principles of survey research: part 5: populations and samples","volume":"27","author":"Kitchenham","year":"2002","journal-title":"ACM SIGSOFT Softw. Eng. Notes"},{"key":"10.1016\/j.cose.2026.105026_b19","series-title":"Guide to Advanced Empirical Software Engineering","first-page":"63","article-title":"Personal opinion surveys","author":"Kitchenham","year":"2008"},{"key":"10.1016\/j.cose.2026.105026_b20","series-title":"2020 IEEE 61th International Scientific Conference on Power and Electrical Engineering of Riga Technical University","first-page":"1","article-title":"Cybersecurity curricula recommendations development for technical background and engineering skills in international dimension","author":"Kunicina","year":"2020"},{"key":"10.1016\/j.cose.2026.105026_b21","series-title":"Nartional Congress","article-title":"Brazilian general data protection law (LGPD)","author":"Macedo","year":"2018"},{"key":"10.1016\/j.cose.2026.105026_b22","series-title":"29th Americas Conference on Information Systems, AMCIS 2023, Panama City, Panama, August 10-12, 2023","first-page":"1","article-title":"Navigating the wave of cybersecurity regulations: A systematic analysis of emerging regulatory developments","author":"Marotta","year":"2023"},{"issue":"1","key":"10.1016\/j.cose.2026.105026_b23","doi-asserted-by":"crossref","first-page":"299","DOI":"10.5753\/jisa.2025.5302","article-title":"Data privacy in software practice: Brazilian developers\u2019 perspectives","volume":"16","author":"Matos","year":"2025","journal-title":"J. Internet Serv. Appl."},{"key":"10.1016\/j.cose.2026.105026_b24","series-title":"Proceedings of the 10th ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2016, Ciudad Real, Spain, September 8-9, 2016","first-page":"55:1","article-title":"Surveys in software engineering: Identifying representative samples","author":"de Mello","year":"2016"},{"key":"10.1016\/j.cose.2026.105026_b25","series-title":"Anais do XXII Simp\u00f3sio Brasileiro de Sistemas de Informa\u00e7\u00e3o","first-page":"201","article-title":"Privacy risks associated with the use of LLMs in software development","author":"Menegazzi","year":"2026"},{"key":"10.1016\/j.cose.2026.105026_b26","doi-asserted-by":"crossref","DOI":"10.1016\/j.future.2025.108107","article-title":"Cybersecurity in the age of generative AI: A systematic taxonomy of AI-powered vulnerability assessment and risk management","volume":"175","author":"Mirtaheri","year":"2026","journal-title":"Future Gener. Comput. Syst."},{"key":"10.1016\/j.cose.2026.105026_b27","article-title":"Identifying key factors of cybersecurity readiness in organizations: Insights from Malaysian critical infrastructure","volume":"159","author":"Noor","year":"2025","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.105026_b28","series-title":"OWASP Top 10 Vulnerabilities","author":"OWASP","year":"2025"},{"key":"10.1016\/j.cose.2026.105026_b29","series-title":"2024 International Conference on Intelligent Systems for Cybersecurity","first-page":"1","article-title":"Cybersecurity workforce development and training: A comprehensive review on the significance, strategies, opportunities and challenges","author":"Parkar","year":"2024"},{"key":"10.1016\/j.cose.2026.105026_b30","series-title":"2024 International Conference on Intelligent Systems for Cybersecurity","first-page":"1","article-title":"Cybersecurity workforce development and training: A comprehensive review on the significance, strategies, opportunities and challenges","author":"Parkar","year":"2024"},{"issue":"3","key":"10.1016\/j.cose.2026.105026_b31","doi-asserted-by":"crossref","first-page":"668","DOI":"10.15549\/jeecar.v11i3.1666","article-title":"Assessment of cybersecurity of organizations: An empirical study of Czech and Slovak organizations","volume":"11","author":"Petrov\u00e1","year":"2024","journal-title":"J. East. Eur. Cent. Asian Res. (JEECAR)"},{"key":"10.1016\/j.cose.2026.105026_b32","doi-asserted-by":"crossref","DOI":"10.1016\/j.compeleceng.2025.110097","article-title":"Navigating cybersecurity training: A comprehensive review","volume":"123","author":"Qawasmeh","year":"2025","journal-title":"Comput. Electr. Eng."},{"key":"10.1016\/j.cose.2026.105026_b33","doi-asserted-by":"crossref","DOI":"10.3389\/frcmn.2025.1594554","article-title":"Determinants of cybersecurity investment in ASEAN organizations: an integrated structural equation modeling approach","volume":"6","author":"Rattanapong","year":"2025","journal-title":"Front. Commun. Netw."},{"issue":"3","key":"10.1016\/j.cose.2026.105026_b34","doi-asserted-by":"crossref","first-page":"1529","DOI":"10.1007\/s00146-024-01934-y","article-title":"Sticks and stones may break my bones, but words will never hurt me! - Navigating the cybersecurity risks of generative AI","volume":"40","author":"Shahid","year":"2025","journal-title":"AI Soc."},{"issue":"3","key":"10.1016\/j.cose.2026.105026_b35","article-title":"Secure software and application vulnerabilities in modern devsecops environments: A comprehensive analysis of security challenges, strategies, and future trends","volume":"10","author":"Sharma","year":"2026","journal-title":"J. Comput. Internet Netw. Secur."},{"issue":"6","key":"10.1016\/j.cose.2026.105026_b36","doi-asserted-by":"crossref","DOI":"10.1002\/smr.70029","article-title":"Integrating security controls in DevSecOps: Challenges, solutions, and future research directions","volume":"37","author":"Sinan","year":"2025","journal-title":"J. Softw. Evol. Process."},{"key":"10.1016\/j.cose.2026.105026_b37","doi-asserted-by":"crossref","unstructured":"of Standards, N.I., NIST, T., 2023. Artificial Intelligence Risk Management Framework (AI RMF 1.0). NIST AI 100-1, pp. 1\u201348, URL: https:\/\/doi.org\/10.6028\/NIST.AI.100-1.","DOI":"10.6028\/NIST.AI.100-1"},{"key":"10.1016\/j.cose.2026.105026_b38","doi-asserted-by":"crossref","DOI":"10.1016\/j.accinf.2025.100749","article-title":"Digital transformation and cybersecurity risks","volume":"56","author":"T\u00fcreg\u00fcn","year":"2025","journal-title":"Int. J. Account. Inf. Syst."},{"key":"10.1016\/j.cose.2026.105026_b39","series-title":"Privacy, utility, and cybersecurity risks of software generation by large language models","first-page":"1","author":"Wei","year":"2025"},{"key":"10.1016\/j.cose.2026.105026_b40","series-title":"Experimentation in Software Engineering","author":"Wohlin","year":"2012"},{"issue":"4","key":"10.1016\/j.cose.2026.105026_b41","doi-asserted-by":"crossref","first-page":"435","DOI":"10.1049\/sfw2.12132","article-title":"Revisit security in the era of DevOps: An evidence-based inquiry into DevSecOps industry","volume":"17","author":"Zhou","year":"2023","journal-title":"IET Softw."}],"container-title":["Computers &amp; Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826002026?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826002026?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T17:13:10Z","timestamp":1783962790000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404826002026"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,11]]},"references-count":41,"alternative-id":["S0167404826002026"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2026.105026","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2026,11]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Cybersecurity risks, DevSecOps challenges, and emerging security priorities: An empirical study across Brazilian organizations","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2026.105026","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Authors. Published by Elsevier Ltd.","name":"copyright","label":"Copyright"}],"article-number":"105026"}}