{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T21:07:12Z","timestamp":1760044032874,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2008,9,22]],"date-time":"2008-09-22T00:00:00Z","timestamp":1222041600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2008,9,22]]},"DOI":"10.1145\/1595676.1595691","type":"proceedings-article","created":{"date-parts":[[2009,8,24]],"date-time":"2009-08-24T14:08:35Z","timestamp":1251122915000},"page":"89-97","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":54,"title":["The developer is the enemy"],"prefix":"10.1145","author":[{"given":"Glenn","family":"Wurster","sequence":"first","affiliation":[{"name":"Carleton University, Canada"}]},{"given":"P. C.","family":"van Oorschot","sequence":"additional","affiliation":[{"name":"Carleton University, Canada"}]}],"member":"320","published-online":{"date-parts":[[2008,9,22]]},"reference":[{"doi-asserted-by":"publisher","key":"e_1_3_2_1_1_1","DOI":"10.1145\/322796.322806"},{"key":"e_1_3_2_1_2_1","volume-title":"Security Engineering","author":"Anderson R.","year":"2008","unstructured":"R. Anderson . Security Engineering , chapter 18: API Security. Wiley , 2 nd edition, 2008 . R. Anderson. Security Engineering, chapter 18: API Security. Wiley, 2nd edition, 2008.","edition":"2"},{"key":"e_1_3_2_1_3_1","first-page":"15","volume-title":"Proc. 7th USENIX Security Symposium, 1998","author":"Anupam V.","year":"1998","unstructured":"V. Anupam and A. Mayer . Security of web browser scripting languages: vulnerabilities, attacks, and remedies . In Proc. 7th USENIX Security Symposium, 1998 , pages 15 -- 28 , 1998 . V. Anupam and A. Mayer. Security of web browser scripting languages: vulnerabilities, attacks, and remedies. In Proc. 7th USENIX Security Symposium, 1998, pages 15--28, 1998."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_4_1","DOI":"10.1145\/1595676.1595684"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_5_1","DOI":"10.1145\/986655.986662"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_6_1","DOI":"10.1109\/MS.2008.18"},{"key":"e_1_3_2_1_7_1","first-page":"8","volume-title":"Proc. 12th USENIX Security Symposium","author":"Bhatkar S.","year":"2003","unstructured":"S. Bhatkar , D.C. DuVarney , and R. Sekar . Address obfuscation: an efficient approach to combat a board range of memory error exploits . In Proc. 12th USENIX Security Symposium , pages 8 -- 23 , Jul 2003 . S. Bhatkar, D.C. DuVarney, and R. Sekar. Address obfuscation: an efficient approach to combat a board range of memory error exploits. In Proc. 12th USENIX Security Symposium, pages 8--23, Jul 2003."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_8_1","DOI":"10.1109\/SP.2006.40"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_9_1","DOI":"10.1109\/2.955101"},{"key":"e_1_3_2_1_10_1","volume-title":"Kernel traffic #265 for 30-Jun-2004. Web Page (viewed","author":"Brown Z.","year":"2008","unstructured":"Z. Brown . Kernel traffic #265 for 30-Jun-2004. Web Page (viewed 29 Mar 2008 ), Jun 2004. http:\/\/www.kerneltraffic.org\/kernel-traffic\/kt20040630 265.html#4. Z. Brown. Kernel traffic #265 for 30-Jun-2004. Web Page (viewed 29 Mar 2008), Jun 2004. http:\/\/www.kerneltraffic.org\/kernel-traffic\/kt20040630 265.html#4."},{"key":"e_1_3_2_1_11_1","first-page":"321","volume-title":"Proc. 13th USENIX Security Symposium, 2004","author":"Chow J.","year":"2004","unstructured":"J. Chow , B. Pfaff , T. Garfinkel , K. Christopher , and M. Rosenblum . Understanding data lifetime via whole system simulation . In Proc. 13th USENIX Security Symposium, 2004 , pages 321 -- 336 , Aug 2004 . J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding data lifetime via whole system simulation. In Proc. 13th USENIX Security Symposium, 2004, pages 321--336, Aug 2004."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_12_1","DOI":"10.1109\/SP.1987.10001"},{"key":"e_1_3_2_1_13_1","volume-title":"Agile Software Development","author":"Cockburn A.","year":"2002","unstructured":"A. Cockburn . Agile Software Development . Addison Wesley , 2002 . A. Cockburn. Agile Software Development. Addison Wesley, 2002."},{"key":"e_1_3_2_1_14_1","volume-title":"Foundations of Security: What Every Programmer Needs to Know","author":"Daswani N.","year":"2007","unstructured":"N. Daswani , C. Kern , and A. Kesavan . Foundations of Security: What Every Programmer Needs to Know , chapter 10: Cross-Domain Security in Web Applications. Apress , 2007 . N. Daswani, C. Kern, and A. Kesavan. Foundations of Security: What Every Programmer Needs to Know, chapter 10: Cross-Domain Security in Web Applications. Apress, 2007."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_15_1","DOI":"10.1145\/365230.365252"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_16_1","DOI":"10.1145\/1143120.1143122"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_17_1","DOI":"10.1145\/1073001.1073009"},{"key":"e_1_3_2_1_18_1","first-page":"10","article-title":"vulnerability in tetex (dvips)","author":"Security","year":"2002","unstructured":"Security vulnerability in tetex (dvips) . Web Page , 10 2002 . http:\/\/www.securityfocus.com\/advisories\/4567. Security vulnerability in tetex (dvips). Web Page, 10 2002. http:\/\/www.securityfocus.com\/advisories\/4567.","journal-title":"Web Page"},{"key":"e_1_3_2_1_19_1","volume-title":"Vista's UAC security prompt was designed to annoy you. Web Page (viewed","author":"Fisher K.","year":"2008","unstructured":"K. Fisher . Vista's UAC security prompt was designed to annoy you. Web Page (viewed 14 Apr 2008 ), Apr 2008. http:\/\/arstechnica.com\/news.ars\/post\/20080411-vistas-uac-security-prompt-was-designed-to-annoy-you.html. K. Fisher. Vista's UAC security prompt was designed to annoy you. Web Page (viewed 14 Apr 2008), Apr 2008. http:\/\/arstechnica.com\/news.ars\/post\/20080411-vistas-uac-security-prompt-was-designed-to-annoy-you.html."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_20_1","DOI":"10.1145\/986655.986664"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_21_1","DOI":"10.1145\/1143120.1143132"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_22_1","DOI":"10.1145\/1143120.1143127"},{"unstructured":"GIT user's manual (for version 1.5.3 or newer). Web Page (viewed 29 Mar 2008) Mar 2008. http:\/\/www.kernel.org\/pub\/software\/scm\/git\/docs\/user-manual.html.  GIT user's manual (for version 1.5.3 or newer). Web Page (viewed 29 Mar 2008) Mar 2008. http:\/\/www.kernel.org\/pub\/software\/scm\/git\/docs\/user-manual.html.","key":"e_1_3_2_1_23_1"},{"key":"e_1_3_2_1_24_1","volume-title":"Understanding the cause and effect of CSS (XSS) vulnerabilities. Web Page (viewed","author":"HTML","year":"2008","unstructured":"HTML code injection and cross-site scripting : Understanding the cause and effect of CSS (XSS) vulnerabilities. Web Page (viewed 4 Apr 2008 ), Apr 2008. http:\/\/www.technicalinfo.net\/papers\/CSS.html. HTML code injection and cross-site scripting: Understanding the cause and effect of CSS (XSS) vulnerabilities. Web Page (viewed 4 Apr 2008), Apr 2008. http:\/\/www.technicalinfo.net\/papers\/CSS.html."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_25_1","DOI":"10.1145\/1217935.1217939"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_26_1","DOI":"10.1109\/MSECP.2003.1176996"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_27_1","DOI":"10.1145\/956653.956654"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_28_1","DOI":"10.1109\/SP.2006.29"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_29_1","DOI":"10.1109\/MS.2008.9"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_30_1","DOI":"10.1145\/1180405.1180434"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_31_1","DOI":"10.1145\/1280680.1280696"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_32_1","DOI":"10.1109\/52.676963"},{"key":"e_1_3_2_1_33_1","volume-title":"Windows XP Tablet PC Edition","author":"Microsoft Corporation","year":"2005","unstructured":"Microsoft Corporation . A detailed description of the data execution prevention (DEP) feature in Windows XP Service Pack 2 , Windows XP Tablet PC Edition 2005 , and Windows Server 2003. Technical report, Microsoft Corporation , Sep 2006. http:\/\/support.microsoft.com\/kb\/875352. Microsoft Corporation. A detailed description of the data execution prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003. Technical report, Microsoft Corporation, Sep 2006. http:\/\/support.microsoft.com\/kb\/875352."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_34_1","DOI":"10.1007\/0-387-25660-1_20"},{"key":"e_1_3_2_1_35_1","volume-title":"Application security in AJAX. Web Page (viewed","author":"Nimphius F.","year":"2008","unstructured":"F. Nimphius . Application security in AJAX. Web Page (viewed 28 Mar 2008 ), Oct 2007. http:\/\/ajax.sys-con.com\/read\/436281.htm. F. Nimphius. Application security in AJAX. Web Page (viewed 28 Mar 2008), Oct 2007. http:\/\/ajax.sys-con.com\/read\/436281.htm."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_36_1","DOI":"10.1109\/2.660187"},{"key":"e_1_3_2_1_37_1","volume-title":"Nov","author":"PHP","year":"2007","unstructured":"PHP : Using Register Globals , Nov 2007 . http:\/\/www.php.net\/manual\/en\/security.globals.php. PHP: Using Register Globals, Nov 2007. http:\/\/www.php.net\/manual\/en\/security.globals.php."},{"key":"e_1_3_2_1_38_1","volume-title":"Nov","author":"PHP","year":"2007","unstructured":"PHP : What are Magic Quotes , Nov 2007 . http:\/\/www.php.net\/manual\/en\/security.magicquotes.php. PHP: What are Magic Quotes, Nov 2007. http:\/\/www.php.net\/manual\/en\/security.magicquotes.php."},{"key":"e_1_3_2_1_39_1","volume-title":"A Guide to Usability: Human Factors in Computing","author":"Preece J.","year":"1993","unstructured":"J. Preece , D. Benyon , G. Davies , and L. Keller . A Guide to Usability: Human Factors in Computing . Addison Wesley , 1993 . J. Preece, D. Benyon, G. Davies, and L. Keller. A Guide to Usability: Human Factors in Computing. Addison Wesley, 1993."},{"key":"e_1_3_2_1_40_1","volume-title":"Mozilla","author":"Ruderman J.","year":"2001","unstructured":"J. Ruderman . The same origin policy. Technical report , Mozilla , 2001 . http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html. J. Ruderman. The same origin policy. Technical report, Mozilla, 2001. http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html."},{"key":"e_1_3_2_1_41_1","volume-title":"Web Page","author":"Schuh J.","year":"2007","unstructured":"J. Schuh . Same-origin policy part 1: Why we're stuck with things like XSS and XSRF\/CSRF . Web Page , Feb 2007 . http:\/\/taossa.com\/index.php\/2007\/02\/08\/same-origin-policy\/. J. Schuh. Same-origin policy part 1: Why we're stuck with things like XSS and XSRF\/CSRF. Web Page, Feb 2007. http:\/\/taossa.com\/index.php\/2007\/02\/08\/same-origin-policy\/."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_42_1","DOI":"10.1145\/1084805.1084812"},{"key":"e_1_3_2_1_43_1","volume-title":"Template engine. Web Page (viewed","author":"Smarty","year":"2008","unstructured":"Smarty : Template engine. Web Page (viewed 28 Mar 2008 ), Feb 2008. http:\/\/smarty.php.net. Smarty: Template engine. Web Page (viewed 28 Mar 2008), Feb 2008. http:\/\/smarty.php.net."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_44_1","DOI":"10.1145\/1600176.1600186"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_46_1","DOI":"10.1145\/1600176.1600189"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_47_1","DOI":"10.1109\/MS.2008.19"},{"key":"e_1_3_2_1_48_1","first-page":"67","volume-title":"Proc. 2007 Network and Distributed System Security Symposium","author":"Vogt P.","year":"2007","unstructured":"P. Vogt , F. Nentwich , N. Jovanovic , C. Kruegel , E. Kirda , and G. Vigna . Cross-site scripting prevention with dynamic data tainting and static analysis . In Proc. 2007 Network and Distributed System Security Symposium , pages 67 -- 78 , Feb 2007 . P. Vogt, F. Nentwich, N. Jovanovic, C. Kruegel, E. Kirda, and G. Vigna. Cross-site scripting prevention with dynamic data tainting and static analysis. In Proc. 2007 Network and Distributed System Security Symposium, pages 67--78, Feb 2007."},{"key":"e_1_3_2_1_49_1","first-page":"w3","article-title":"control for cross-site requests. Technical report","author":"Access","year":"2008","unstructured":"Access control for cross-site requests. Technical report , W3C , Feb 2008 . http:\/\/www. w3 .org\/TR\/2008\/WD-access-control-20080214\/. Access control for cross-site requests. Technical report, W3C, Feb 2008. http:\/\/www.w3.org\/TR\/2008\/WD-access-control-20080214\/.","journal-title":"W3C"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_50_1","DOI":"10.1145\/173668.168635"},{"key":"e_1_3_2_1_51_1","first-page":"149","volume-title":"Proc. 2003 Network&Distributed System Security Symposium","author":"Wilander J.","year":"2003","unstructured":"J. Wilander and M. Kamkar . A comparison of publicly available tools for dynamic buffer over ow prevention . In Proc. 2003 Network&Distributed System Security Symposium , pages 149 -- 162 , 2003 . J. Wilander and M. Kamkar. A comparison of publicly available tools for dynamic buffer over ow prevention. In Proc. 2003 Network&Distributed System Security Symposium, pages 149--162, 2003."},{"key":"e_1_3_2_1_52_1","volume-title":"Cryptology ePrint Archive: Listing for","author":"Wu H.","year":"2005","unstructured":"H. Wu . The misuse of RC4 in Microsoft Word and Excel . In Cryptology ePrint Archive: Listing for 2005 . http:\/\/eprint.iacr.org\/2005\/007.pdf. H. Wu. The misuse of RC4 in Microsoft Word and Excel. In Cryptology ePrint Archive: Listing for 2005. http:\/\/eprint.iacr.org\/2005\/007.pdf."}],"event":{"sponsor":["ACM Association for Computing Machinery"],"acronym":"NSPW '08","name":"NSPW '08: 2008 New Security Paradigms Workshop","location":"Lake Tahoe California USA"},"container-title":["Proceedings of the 2008 New Security Paradigms Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1595676.1595691","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1595676.1595691","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:18:04Z","timestamp":1750249084000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1595676.1595691"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,9,22]]},"references-count":51,"alternative-id":["10.1145\/1595676.1595691","10.1145\/1595676"],"URL":"https:\/\/doi.org\/10.1145\/1595676.1595691","relation":{},"subject":[],"published":{"date-parts":[[2008,9,22]]},"assertion":[{"value":"2008-09-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}