{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T10:25:44Z","timestamp":1769941544788,"version":"3.49.0"},"reference-count":87,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"9","license":[{"start":{"date-parts":[[2022,9,1]],"date-time":"2022-09-01T00:00:00Z","timestamp":1661990400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2022,9,1]],"date-time":"2022-09-01T00:00:00Z","timestamp":1661990400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,9,1]],"date-time":"2022-09-01T00:00:00Z","timestamp":1661990400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"German Federal Ministry of Education and Research","award":["13FH016IX6"],"award-info":[{"award-number":["13FH016IX6"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2022,9,1]]},"DOI":"10.1109\/tse.2021.3094171","type":"journal-article","created":{"date-parts":[[2021,7,1]],"date-time":"2021-07-01T19:58:15Z","timestamp":1625169495000},"page":"3467-3484","source":"Crossref","is-referenced-by-count":12,"title":["\u201cI just looked for the solution!\u201dOn Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices"],"prefix":"10.1109","volume":"48","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0391-4054","authenticated-orcid":false,"given":"Peter Leo","family":"Gorski","sequence":"first","affiliation":[{"name":"Department of Computer Science, Data and Application Security Group, H-BRS University of Applied Sciences, Sankt Augustin, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3057-0760","authenticated-orcid":false,"given":"Sebastian","family":"Moller","sequence":"additional","affiliation":[{"name":"Quality and Usability Lab, TU Berlin, Berlin, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7917-6065","authenticated-orcid":false,"given":"Stephan","family":"Wiefling","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Data and Application Security Group, H-BRS University of Applied Sciences, Sankt Augustin, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7863-0622","authenticated-orcid":false,"given":"Luigi Lo","family":"Iacono","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Data and Application Security Group, H-BRS University of Applied Sciences, Sankt Augustin, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Worldwide professional developer population of 24 million projected to grow amid shifting geographical concentrations.","year":"2021"},{"key":"ref2","article-title":"IDC\u2019s worldwide developer census, 2018: Part-time developers lead the expansion of the global developer population.","author":"Dayaratna","year":"2021"},{"key":"ref3","article-title":"Measuring digital development - facts and figures 2019,","year":"2019"},{"key":"ref4","first-page":"281","article-title":"Security in the software development lifecycle","volume-title":"Proc. Symp. Usable Privacy Secur.","author":"Assal"},{"key":"ref5","article-title":"Regulation (eu) 2016\/679 of the European Parliament and of the council of 27 april 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95\/46\/ec (general data protection regulation).","year":"2021"},{"key":"ref6","article-title":"API security top 10 2019","year":"2019"},{"key":"ref7","article-title":"OWASP top 10\u20132017 - the ten most critical web application security risks","year":"2017"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.111"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884790"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.52"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134082"},{"key":"ref12","first-page":"265","article-title":"Developers deserve security warnings, too: On the effect of integrated security advice on cryptographic API misuse","volume-title":"Proc. Symp. Usable Privacy Secur.","author":"Gorski"},{"key":"ref13","first-page":"221","article-title":"Why can\u2019t johnny fix vulnerabilities: A usability evaluation of static analysis tools for security","volume-title":"Proc. Symp. Usable Privacy Secur.","author":"Smith"},{"key":"ref14","first-page":"332","article-title":"What developers want and need from program analysis: An empirical study","volume-title":"Proc. IEEE\/ACM Int. Conf. Automated Softw. Eng.","author":"Christakis"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606613"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2017.17"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.25"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2019.00016"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516655"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115707"},{"key":"ref21","article-title":"Content security policy level 3, W3C Working Draft.","year":"2018"},{"key":"ref22","article-title":"Cross site scripting (XSS).","year":"2020"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11379-1_11"},{"issue":"2","key":"ref24","first-page":"383","article-title":"A measurement study of the content security policy on real-world applications","volume":"18","author":"Patil","year":"2016","journal-title":"Int. J. Netw. Secur."},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978363"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3149408"},{"key":"ref27","first-page":"170","article-title":"Warn if secure or how to deal with security by default in software development?","volume-title":"Proc. Int. Symp. Hum. Aspects Inf. Secur. Assurance","author":"Gorski"},{"key":"ref28","article-title":"Playframework - Content Security Policy Filter.","year":"2018"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/QRS.2018.00028"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2014.70"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2014.80"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.14722\/eurousec.2017.23015"},{"key":"ref34","article-title":"APIs show faster growth rate in 2019 than previous years","year":"2019"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.23046"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978338"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3210459.3210483"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772784"},{"key":"ref39","article-title":"Hackers are collecting payment details, user passwords from thousands of sites - Servers of at least seven companies compromised to deliver malicious code to thousands of sites.","author":"Cimpanu","year":"2019"},{"key":"ref40","article-title":"Clickjacking.","year":"2020"},{"key":"ref41","article-title":"Content security policy.","author":"West","year":"2019"},{"key":"ref42","first-page":"1","article-title":"Poster: UserCSP- user specified content security policies","volume-title":"Proc. Symp. Usable Privacy Secur.","author":"Patil"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-77712-2_22"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1177\/0047281617721853"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3358931.3358937"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2018.8514203"},{"key":"ref47","article-title":"Welcome to information security stack exchange.","year":"2021"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2015.06.008"},{"key":"ref49","article-title":"Eyetracking: Is it worth it?.","author":"Ross","year":"2009"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/APSEC.2015.53"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/3209087.3209092"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09829-4"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/2578153.2578218"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/2168556.2168642"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2010.41"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2012.6240505"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.59"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/2.48797"},{"key":"ref59","first-page":"18","article-title":"The roles beacons play in comprehension for novice and expert programmers","volume-title":"Proc. Programmers, Workshop Psychol. Program. Int. Group","author":"Crosby"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/1117309.1117357"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1037\/0033-295X.87.4.329"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/1056808.1056877"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/1117309.1117356"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2009.5316015"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-009-9125-9"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/2094131.2094133"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2011.09.003"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2012.6240484"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2012.6240505"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2013.6613831"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38709-8_15"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-012-9201-4"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2013.03.106"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2012.01.004"},{"key":"ref75","article-title":"Adding a Google map with a marker to your website.","year":"2019"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1126\/science.7455683"},{"key":"ref77","article-title":"The Go programming language.","year":"2020"},{"key":"ref78","first-page":"297","article-title":"Deception task design in developer password studies: Exploring a student sample","volume-title":"Proc. Symp. Usable Privacy Secur.","author":"Naiakshina"},{"issue":"3","key":"ref79","first-page":"26","article-title":"A cookbook for using the model-view controller user interface paradigm in smalltalk-80","volume":"1","author":"Krasner","year":"1988","journal-title":"J. Object Oriented Program."},{"key":"ref80","article-title":"Secure - http middleware for go that facilitates some quick security wins.","author":"Jacobsen","year":"2020"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-55958-8_2"},{"key":"ref82","first-page":"81","article-title":"Security developer studies with github users: Exploring a convenience sample","volume-title":"Proc. Symp. Usable Privacy Secur.","author":"Acar"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300370"},{"key":"ref84","article-title":"Content-security-policy - Browser compatibility.","year":"2019"},{"key":"ref85","article-title":"Chrome platform status.","year":"2019"},{"key":"ref86","article-title":"Can I use content security policy?","author":"Deveria","year":"2019"},{"key":"ref87","article-title":"Documentation Archive - What\u2019s New in Safari - Safari 10.0.","year":"2018"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/32\/9894039\/09470906.pdf?arnumber=9470906","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,11]],"date-time":"2024-01-11T23:12:09Z","timestamp":1705014729000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9470906\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,9,1]]},"references-count":87,"journal-issue":{"issue":"9"},"URL":"https:\/\/doi.org\/10.1109\/tse.2021.3094171","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"},{"value":"2326-3881","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,9,1]]}}}