{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,28]],"date-time":"2024-09-28T04:12:57Z","timestamp":1727496777255},"reference-count":43,"publisher":"IEEE","license":[{"start":{"date-parts":[[2024,5,30]],"date-time":"2024-05-30T00:00:00Z","timestamp":1717027200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,5,30]],"date-time":"2024-05-30T00:00:00Z","timestamp":1717027200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,5,30]]},"DOI":"10.1109\/sera61261.2024.10685585","type":"proceedings-article","created":{"date-parts":[[2024,9,26]],"date-time":"2024-09-26T17:41:47Z","timestamp":1727372507000},"page":"249-254","source":"Crossref","is-referenced-by-count":0,"title":["Drop it All or Pick it Up? How Developers Responded to the Log4JShell Vulnerability"],"prefix":"10.1109","author":[{"given":"Vittunyuta","family":"Maeprasart","sequence":"first","affiliation":[{"name":"Nara Institute of Science and Technology (NAIST),Ecole de technologie supérieure,Montreal"}]},{"given":"Ali","family":"Ouni","sequence":"additional","affiliation":[{"name":"Nara Institute of Science and Technology (NAIST),Ecole de technologie supérieure,Montreal"}]},{"given":"Raula Gaikovina","family":"Kula","sequence":"additional","affiliation":[{"name":"Nara Institute of Science and Technology (NAIST),Ecole de technologie supérieure,Montreal"}]}],"member":"263","reference":[{"volume-title":"The state of the octoverse - the state of the octoverse explores a year of change with new deep dives into developer productivity, security, and how we build communities on github","year":"2020","key":"ref1"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2018.00054"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09830-x"},{"volume-title":"Dependabot","year":"2015","key":"ref4"},{"volume-title":"Greenkeeper - automate your npm dependency management","year":"2015","key":"ref5"},{"volume-title":"Renovatebot\/renovate: Universal dependency update tool that fits into your workflows. .","year":"2016","key":"ref6"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9521-5"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-09951-x"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SANER50967.2021.00048"},{"key":"ref10","first-page":"181","article-title":"On the impact of security vulnerabilities in the npm package dependency network","volume-title":"International Conference on Mining Software Repositories Conference (MSR)","author":"Decan"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.140"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134072"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.60"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10154-1"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2019.00017"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/IWESEP.2018.00013"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2017.09.007"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/ASEW.2015.21"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950325"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-014-9325-9"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2015.7332471"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2019.00053"},{"volume-title":"Log4shell:jndi injection via attackable log4j","year":"2021","key":"ref23"},{"volume-title":"Cve-2021\u201344228 detail","year":"2021","key":"ref24"},{"volume-title":"Log4shell: Jndi injection via attackable log4j","year":"2021","key":"ref25"},{"volume-title":"Java log4jshell vulnerability - what i learned about it this week","year":"2021","key":"ref26"},{"volume-title":"Cve-2021\u201344228","year":"2021","key":"ref27"},{"volume-title":"Log4j - apache log4j 2","year":"1999","key":"ref28"},{"volume-title":"Java se core technologies java naming and directory interface (jndi)","year":"1997","author":"Microsystems","key":"ref29"},{"volume-title":"Libraries.io - the open source discovery service","year":"2015","author":"Nesbitt","key":"ref30"},{"volume-title":"Github graphql api - github docs","year":"2015","key":"ref31"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1214\/aoms\/1177730491.MR0022058.Zbl0041.26103"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1037\/0033-2909.114.3.494"},{"volume-title":"cliffsdelta","year":"2015","key":"ref34"},{"volume-title":"Log4j cve-2021\u201344228 -G cve-2021-45046. issue #20208. hazelcast\/hazelcast","year":"2021","key":"ref35"},{"volume-title":"Latest version brave 5.13.4 cannot be found on mvnrepostiory. issue # 1314. openzipkin\/brave","year":"2021","key":"ref36"},{"volume-title":"upgrade log4j-core to release version 2.16. issue #2402. mybatis\/mybatis-3","year":"2021","key":"ref37"},{"volume-title":"Are cve-2021\u201344228 and cve-2021-45046 truly mitigated?. issue 2610. codelibs fess","year":"2021","key":"ref38"},{"volume-title":"Remote code injection in log4j(cve-2021\u201344228) issue - #2726 - redis\/jedis","year":"2021","key":"ref39"},{"volume-title":"O-day in log4j package \u2022 issue #81620 elas- - tic\/elasticsearch","year":"2021","key":"ref40"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2876340"},{"volume-title":"Spring-boot-starter-Iog4j2 please support the latest version of log4j-2.15 0-rcl - issue #28958 spring-projects\/spring{###} \u2022 boot","year":"2021","key":"ref42"},{"volume-title":"Tweet for log4j","year":"2021","key":"ref43"}],"event":{"name":"2024 IEEE\/ACIS 22nd International Conference on Software Engineering Research, Management and Applications (SERA)","start":{"date-parts":[[2024,5,30]]},"location":"Honolulu, HI, USA","end":{"date-parts":[[2024,6,1]]}},"container-title":["2024 IEEE\/ACIS 22nd International Conference on Software Engineering Research, Management and Applications (SERA)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10685512\/10685554\/10685585.pdf?arnumber=10685585","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,27]],"date-time":"2024-09-27T04:44:10Z","timestamp":1727412250000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10685585\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5,30]]},"references-count":43,"URL":"https:\/\/doi.org\/10.1109\/sera61261.2024.10685585","relation":{},"subject":[],"published":{"date-parts":[[2024,5,30]]}}}