{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T14:24:35Z","timestamp":1780410275163,"version":"3.54.1"},"reference-count":52,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,10,1]],"date-time":"2026-10-01T00:00:00Z","timestamp":1790812800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Future Generation Computer Systems"],"published-print":{"date-parts":[[2026,10]]},"DOI":"10.1016\/j.future.2026.108571","type":"journal-article","created":{"date-parts":[[2026,5,4]],"date-time":"2026-05-04T21:59:08Z","timestamp":1777931948000},"page":"108571","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Characterizing the security culture of the research software engineering community: An empirical study"],"prefix":"10.1016","volume":"183","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3145-6468","authenticated-orcid":false,"given":"Matthew","family":"Armstrong","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7824-9151","authenticated-orcid":false,"given":"Jeffrey C.","family":"Carver","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1701-0008","authenticated-orcid":false,"given":"Reed","family":"Milewicz","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6372-3853","authenticated-orcid":false,"given":"Michael","family":"Meinel","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3818-4442","authenticated-orcid":false,"given":"Michael","family":"Felderer","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"issue":"2","key":"10.1016\/j.future.2026.108571_b1","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1002\/asi.22803","article-title":"What is societal impact of research and how can it be assessed? A literature survey","volume":"64","author":"Bornmann","year":"2013","journal-title":"J. Am. Soc. Inf. Sci. Technol."},{"issue":"118","key":"10.1016\/j.future.2026.108571_b2","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1002\/ev.260","article-title":"The Australian research quality framework: A live experiment in capturing the social, economic, environmental, and cultural returns of publicly funded research","volume":"2008","author":"Donovan","year":"2008","journal-title":"New Dir. Eval."},{"key":"10.1016\/j.future.2026.108571_b3","series-title":"The returns to government R&D: Evidence from US appropriations shocks","author":"Fieldhouse","year":"2023"},{"key":"10.1016\/j.future.2026.108571_b4","series-title":"Digital Research 2012","article-title":"The research software engineer","author":"Baxter","year":"2012"},{"key":"10.1016\/j.future.2026.108571_b5","series-title":"A secure future for open-source computational science and engineering","author":"Milewicz","year":"2022"},{"key":"10.1016\/j.future.2026.108571_b6","series-title":"2018 IEEE\/ACM 1st International Workshop on Security Awareness from Design To Deployment","first-page":"49","article-title":"DLR secure software engineering","author":"Krishnamurthy","year":"2018"},{"key":"10.1016\/j.future.2026.108571_b7","series-title":"Europe\u2019s supercomputers hijacked by attackers for crypto mining","author":"BBC","year":"2020"},{"key":"10.1016\/j.future.2026.108571_b8","series-title":"APT groups target healthcare and essential services","author":"CISA","year":"2022"},{"key":"10.1016\/j.future.2026.108571_b9","series-title":"Security forecast","author":"AI Futures Project","year":"2025"},{"key":"10.1016\/j.future.2026.108571_b10","doi-asserted-by":"crossref","unstructured":"Shao-Fang Wen, Mazaher Kianpour, Stewart Kowalski, An empirical study of security culture in open source software communities, in: Proceedings of the 2019 IEEE\/ACM International Conference on Advances in Social Networks Analysis and Mining, 2019, pp. 863\u2013870.","DOI":"10.1145\/3341161.3343520"},{"key":"10.1016\/j.future.2026.108571_b11","unstructured":"Samantha Phillips, Bradley Brummel, Sal Aurigemma, Tyler Moore, Information Security Culture: A look Ahead at Measurement Methods, in: Proceedings of the Annual Information Institute Conference, 2023."},{"key":"10.1016\/j.future.2026.108571_b12","series-title":"Threat Modeling","author":"Tarandach","year":"2020"},{"issue":"3","key":"10.1016\/j.future.2026.108571_b13","doi-asserted-by":"crossref","DOI":"10.1016\/j.patter.2021.100222","article-title":"Taking a fresh look at FAIR for research software","volume":"2","author":"Katz","year":"2021","journal-title":"Patterns"},{"issue":"6","key":"10.1016\/j.future.2026.108571_b14","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1109\/MCSE.2023.3258630","article-title":"Research software engineers: Career entry points and training gaps","volume":"24","author":"Cosden","year":"2022","journal-title":"Comput. Sci. Eng."},{"issue":"2","key":"10.1016\/j.future.2026.108571_b15","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1145\/3685265","article-title":"Investigating research software engineering: Towards RSE research","volume":"68","author":"Felderer","year":"2025","journal-title":"Commun. ACM","ISSN":"https:\/\/id.crossref.org\/issn\/0001-0782","issn-type":"print"},{"key":"10.1016\/j.future.2026.108571_b16","series-title":"Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering","isbn-type":"print","doi-asserted-by":"crossref","DOI":"10.1145\/3597503.3639139","article-title":"A theory of scientific programming efficacy","author":"Pertseva","year":"2024","ISBN":"https:\/\/id.crossref.org\/isbn\/9798400702174"},{"issue":"5","key":"10.1016\/j.future.2026.108571_b17","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1109\/MIC.2014.88","article-title":"Better software, better research","volume":"18","author":"Goble","year":"2014","journal-title":"IEEE Internet Comput."},{"issue":"8","key":"10.1016\/j.future.2026.108571_b18","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1109\/MC.2020.2998235","article-title":"Open source research software","volume":"53","author":"Hasselbring","year":"2020","journal-title":"Computer"},{"issue":"6","key":"10.1016\/j.future.2026.108571_b19","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1109\/MCSE.2023.3259259","article-title":"Good practices for high-quality scientific computing","volume":"24","author":"Dubey","year":"2022","journal-title":"Comput. Sci. Eng."},{"issue":"6","key":"10.1016\/j.future.2026.108571_b20","doi-asserted-by":"crossref","DOI":"10.1371\/journal.pcbi.1005510","article-title":"Good enough practices in scientific computing","volume":"13","author":"Wilson","year":"2017","journal-title":"PLoS Comput. Biol."},{"key":"10.1016\/j.future.2026.108571_b21","series-title":"Organizational membership","year":"2025"},{"key":"10.1016\/j.future.2026.108571_b22","series-title":"Research Software Engineering: Professionalization, Roles, and Identity","author":"Sims","year":"2022"},{"key":"10.1016\/j.future.2026.108571_b23","series-title":"An RSE group model: Operational and organizational approaches from princeton university\u2019s central research software engineering group","author":"Cosden","year":"2022"},{"key":"10.1016\/j.future.2026.108571_b24","series-title":"Foundational competencies and responsibilities of a research software engineer","author":"Goth","year":"2023"},{"key":"10.1016\/j.future.2026.108571_b25","series-title":"International RSE communities","year":"2025"},{"key":"10.1016\/j.future.2026.108571_b26","series-title":"RSE groups","year":"2025"},{"issue":"1","key":"10.1016\/j.future.2026.108571_b27","doi-asserted-by":"crossref","first-page":"361","DOI":"10.1146\/annurev-psych-113011-143809","article-title":"Organizational climate and culture","volume":"64","author":"Schneider","year":"2013","journal-title":"Annu. Rev. Psychol."},{"key":"10.1016\/j.future.2026.108571_b28","series-title":"Security in the Information Society: Visions and Perspectives","first-page":"203","article-title":"Information security culture","author":"Martins","year":"2002"},{"key":"10.1016\/j.future.2026.108571_b29","unstructured":"Anwesh Tuladhar, Daniel Lende, Jay Ligatti, Xinming Ou, An analysis of the role of situated learning in starting a security culture in a software company, in: Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), 2021, pp. 617\u2013632."},{"issue":"8","key":"10.1016\/j.future.2026.108571_b30","first-page":"3032","article-title":"A review on factors influencing implementation of secure software development practices","volume":"10","author":"Kanniah","year":"2016","journal-title":"Int. J. Comput. Syst. Eng."},{"issue":"14s","key":"10.1016\/j.future.2026.108571_b31","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3589951","article-title":"A narrative review of factors affecting the implementation of privacy and security practices in software development","volume":"55","author":"Nurgalieva","year":"2023","journal-title":"ACM Comput. Surv."},{"key":"10.1016\/j.future.2026.108571_b32","unstructured":"Stefanos Evripidou, Uchenna D Ani, Stephen Hailes, Jeremy D McK Watson, Exploring the Security Culture of Operational Technology (OT) Organisations: the Role of External Consultancy in Overcoming Organisational Barriers, in: Nineteenth Symposium on Usable Privacy and Security, (SOUPS 2023), 2023, pp. 113\u2013129."},{"key":"10.1016\/j.future.2026.108571_b33","series-title":"2023 IEEE\/ACM 45th International Conference on Software Engineering","first-page":"1622","article-title":"Measuring secure coding practice and culture: A finger pointing at the moon is not the moon","author":"Ryan","year":"2023"},{"key":"10.1016\/j.future.2026.108571_b34","first-page":"124","article-title":"Finding security champions in blends of organisational culture","volume":"11","author":"Becker","year":"2017","journal-title":"Proc. USEC"},{"key":"10.1016\/j.future.2026.108571_b35","series-title":"Introducing systems thinking as a framework for teaching and assessing threat modeling competency","author":"Joshi","year":"2024"},{"issue":"4","key":"10.1016\/j.future.2026.108571_b36","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1109\/MSP.2011.47","article-title":"Developer-Driven threat modeling: Lessons learned in the trenches","volume":"9","author":"Dhillon","year":"2011","journal-title":"IEEE Secur. Priv."},{"issue":"1","key":"10.1016\/j.future.2026.108571_b37","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1016\/j.ijhcs.2006.08.003","article-title":"Investigation of IS professionals\u2019 intention to practise secure development of applications","volume":"65","author":"Woon","year":"2007","journal-title":"Int. J. Hum.-Comput. Stud."},{"key":"10.1016\/j.future.2026.108571_b38","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness","author":"Bulgurcu","year":"2010","journal-title":"MIS Q."},{"issue":"2","key":"10.1016\/j.future.2026.108571_b39","first-page":"8","article-title":"Vignette analysis: methodology and recent developments","volume":"16","author":"Verneuer-Emre","year":"2022","journal-title":"Methods Data Anal."},{"issue":"1","key":"10.1016\/j.future.2026.108571_b40","article-title":"Using fiction to reveal truth: challenges of using vignettes to understand participant experiences within","volume":"20","author":"Rizvi","year":"2019","journal-title":"Qual. Soc. Res."},{"key":"10.1016\/j.future.2026.108571_b41","series-title":"OWASP threat modeling cheat sheet","author":"Open Worldwide Application Security Project","year":"2023"},{"issue":"7080","key":"10.1016\/j.future.2026.108571_b42","doi-asserted-by":"crossref","first-page":"572","DOI":"10.1136\/bmj.314.7080.572","article-title":"Statistics notes: Cronbach\u2019s alpha","volume":"314","author":"Bland","year":"1997","journal-title":"BMJ","ISSN":"https:\/\/id.crossref.org\/issn\/0959-8138","issn-type":"print"},{"key":"10.1016\/j.future.2026.108571_b43","doi-asserted-by":"crossref","first-page":"1273","DOI":"10.1007\/s11165-016-9602-2","article-title":"The use of Cronbach\u2019s alpha when developing and reporting research instruments in science education","volume":"48","author":"Taber","year":"2018","journal-title":"Res. Sci. Educ."},{"key":"10.1016\/j.future.2026.108571_b44","series-title":"2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","first-page":"1","article-title":"Care and feeding of your security champion","author":"Jaatun","year":"2021"},{"key":"10.1016\/j.future.2026.108571_b45","series-title":"Future of Information and Communication Conference","first-page":"796","article-title":"Establishing a security champion in agile software teams: A systematic literature review","author":"Aalvik","year":"2023"},{"key":"10.1016\/j.future.2026.108571_b46","series-title":"OWASP security culture - security champions","author":"Open Worldwide Application Security Project","year":"2022"},{"issue":"3","key":"10.1016\/j.future.2026.108571_b47","doi-asserted-by":"crossref","first-page":"053","DOI":"10.30574\/wjarr.2023.18.3.0944","article-title":"Theory and practice in secure software development lifecycle: A comprehensive survey","volume":"18","author":"Otieno","year":"2023","journal-title":"World J. Adv. Res. Rev."},{"key":"10.1016\/j.future.2026.108571_b48","series-title":"Software Security Takes a Champion","author":"Asthana","year":"2019"},{"key":"10.1016\/j.future.2026.108571_b49","series-title":"OWASP security champions guide","author":"Open Worldwide Application Security Project","year":"2025"},{"key":"10.1016\/j.future.2026.108571_b50","series-title":"OWASP security culture","author":"Open Worldwide Application Security Project","year":"2022"},{"issue":"2","key":"10.1016\/j.future.2026.108571_b51","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1007\/s10664-022-10252-0","article-title":"Incorporating software security: using developer workshops to engage product managers","volume":"28","author":"Weir","year":"2023","journal-title":"Empir. Softw. Eng."},{"key":"10.1016\/j.future.2026.108571_b52","doi-asserted-by":"crossref","unstructured":"Per Lenberg, Robert Feldt, Lars-G\u00f6ran Wallgren, Towards a behavioral software engineering, in: Proceedings of the 7th International Workshop on Cooperative and Human Aspects of Software Engineering, 2014, pp. 48\u201355.","DOI":"10.1145\/2593702.2593711"}],"container-title":["Future Generation Computer Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167739X26002050?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167739X26002050?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T13:44:35Z","timestamp":1780407875000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167739X26002050"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,10]]},"references-count":52,"alternative-id":["S0167739X26002050"],"URL":"https:\/\/doi.org\/10.1016\/j.future.2026.108571","relation":{},"ISSN":["0167-739X"],"issn-type":[{"value":"0167-739X","type":"print"}],"subject":[],"published":{"date-parts":[[2026,10]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Characterizing the security culture of the research software engineering community: An empirical study","name":"articletitle","label":"Article Title"},{"value":"Future Generation Computer Systems","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.future.2026.108571","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier B.V. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"108571"}}