{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T07:18:38Z","timestamp":1775632718793,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":83,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,12,21]],"date-time":"2020-12-21T00:00:00Z","timestamp":1608508800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,12,21]]},"DOI":"10.1145\/3324884.3416593","type":"proceedings-article","created":{"date-parts":[[2021,1,27]],"date-time":"2021-01-27T23:39:02Z","timestamp":1611790742000},"page":"511-523","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Continuous compliance"],"prefix":"10.1145","author":[{"given":"Martin","family":"Kellogg","sequence":"first","affiliation":[{"name":"University of Washington"}]},{"given":"Martin","family":"Sch\u00e4f","sequence":"additional","affiliation":[{"name":"Amazon Web Services"}]},{"given":"Serdar","family":"Tasiran","sequence":"additional","affiliation":[{"name":"Amazon Web Services"}]},{"given":"Michael D.","family":"Ernst","sequence":"additional","affiliation":[{"name":"University of Washington and Amazon Web Services"}]}],"member":"320","published-online":{"date-parts":[[2021,1,27]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2002. FIPS PUB 140-2 Security Requirements for Cryptographic Modules. U.S.Department of Commerce\/National Institute of Standards and Technology."},{"key":"e_1_3_2_1_2_1","volume-title":"Why Cloud Providers Need a SOC Report. https:\/\/www.schellman.com\/blog\/why-cloud-providers-need-a-soc-report. Accessed","author":"Acharya Bhargav","year":"2019","unstructured":"Bhargav Acharya. 2016. Why Cloud Providers Need a SOC Report. https:\/\/www.schellman.com\/blog\/why-cloud-providers-need-a-soc-report. Accessed 28 March 2019."},{"key":"e_1_3_2_1_3_1","volume-title":"CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses. In 2019 IEEE Cybersecurity Development (SecDev)","author":"Afrose Sharmin","unstructured":"Sharmin Afrose, Sazzadur Rahaman, and Danfeng Yao. 2019. CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses. In 2019 IEEE Cybersecurity Development (SecDev). IEEE, 49--61."},{"key":"e_1_3_2_1_4_1","unstructured":"AICPA. 2017. SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions. https:\/\/www.aicpa.org\/content\/dam\/aicpa\/interestareas\/frc\/assuranceadvisoryservices\/downloadabledocuments\/cybersecurity\/soc-2--vs-cyber-whitepaper-web-final.pdf. Accessed 1 February 2019."},{"key":"e_1_3_2_1_5_1","unstructured":"Amazon Web Services Inc. 2006. Amazon S3. https:\/\/aws.amazon.com\/s3\/. Accessed 17 April 2020."},{"key":"e_1_3_2_1_6_1","volume-title":"awslabs\/aws-kms-compliance-checker. https:\/\/github.com\/awslabs\/aws-kms-compliance-checker. Accessed","year":"2020","unstructured":"aws-kms-compliance-checker Developers. 2020. awslabs\/aws-kms-compliance-checker. https:\/\/github.com\/awslabs\/aws-kms-compliance-checker. Accessed 11 August 2020."},{"key":"e_1_3_2_1_7_1","volume-title":"awslabs\/aws-crypto-policy-compliance-checker. https:\/\/github.com\/awslabs\/aws-crypto-policy-compliance-checker. Accessed","year":"2020","unstructured":"awslabs\/aws-crypto-policy-compliance-checker Developers. 2020. awslabs\/aws-crypto-policy-compliance-checker. https:\/\/github.com\/awslabs\/aws-crypto-policy-compliance-checker. Accessed 11 August 2020."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2008.130"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2017.2683508"},{"key":"e_1_3_2_1_10_1","volume-title":"Smid","author":"Barker Elaine B.","year":"2007","unstructured":"Elaine B. Barker, William C. Barker, William E. Burr, W. Timothy Polk, and Miles E. Smid. 2007. SP 800-57. Recommendation for Key Management, Part 1: General (Revised). Technical Report. Gaithersburg, MD, United States."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.27"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1008645826258"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1646353.1646374"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0055716"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818034"},{"key":"e_1_3_2_1_16_1","unstructured":"Grady Booch. 1991. Object Oriented Design with Applications. Benjamin\/Cummings."},{"key":"e_1_3_2_1_17_1","volume-title":"B., Soto, R., de la Barra, CL","author":"Briski KA","year":"2008","unstructured":"KA Briski, Poonam Chitale, Valerie Hamilton, Allan Pratt, B Starr, J Veroulis, and B Villard. 2008. Minimizing code defects to improve software quality and lower development costs. Development Solutions. IBM. Crawford, B., Soto, R., de la Barra, CL (2008)."},{"key":"e_1_3_2_1_18_1","volume-title":"kelloggm\/bucket-compliance-checker. https:\/\/github.com\/kelloggm\/bucket-compliance-checker. Accessed","year":"2020","unstructured":"bucket-complaince-checker Developers. 2020. kelloggm\/bucket-compliance-checker. https:\/\/github.com\/kelloggm\/bucket-compliance-checker. Accessed 11 August 2020."},{"key":"e_1_3_2_1_19_1","unstructured":"Matthew Campagna. 2015. Aws key management service cryptographic details."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.4108\/eai.3-12-2015.2262471"},{"key":"e_1_3_2_1_21_1","volume-title":"Qualified Security Assessors. https:\/\/www.pcisecuritystandards.org\/assessors_and_solutions\/qualified_security_assessors. Accessed","author":"PCI Security Standards Council","year":"2020","unstructured":"PCI Security Standards Council. 2020. Qualified Security Assessors. https:\/\/www.pcisecuritystandards.org\/assessors_and_solutions\/qualified_security_assessors. Accessed 14 April 2020."},{"key":"e_1_3_2_1_22_1","volume-title":"https:\/\/github.com\/CryptoGuardOSS\/cryptoguard\/commit\/2898b5b5ec25d94bbedda271638385c0fa6e0c9c. Accessed","author":"Developers CryptoGuard","year":"2020","unstructured":"CryptoGuard Developers. 2020. CryptoGuardOSS\/crypto-guard. https:\/\/github.com\/CryptoGuardOSS\/cryptoguard\/commit\/2898b5b5ec25d94bbedda271638385c0fa6e0c9c. Accessed 26 April 2020."},{"key":"e_1_3_2_1_23_1","volume-title":"Constant Value Checker. https:\/\/checkerframework.org\/manual\/#constant-value-checker. Accessed","author":"Developers Checker Framework","year":"2019","unstructured":"Checker Framework Developers. 2019. Constant Value Checker. https:\/\/checkerframework.org\/manual\/#constant-value-checker. Accessed 10 August 2019."},{"key":"e_1_3_2_1_24_1","volume-title":"https:\/\/checkerframework.org\/manual\/#whole-program-inference. Accessed","author":"Developers Checker Framework","year":"2020","unstructured":"Checker Framework Developers. 2020. Whole-program Inference. https:\/\/checkerframework.org\/manual\/#whole-program-inference. Accessed 17 April 2020."},{"key":"e_1_3_2_1_25_1","volume-title":"https:\/\/spotbugs.github.io\/. Accessed","author":"Developers SpotBugs","year":"2020","unstructured":"SpotBugs Developers. 2020. SpotBugs. https:\/\/spotbugs.github.io\/. Accessed 24 April 2020."},{"key":"e_1_3_2_1_26_1","unstructured":"Mark Jason Dominus. 2001. Perl regular expression matching is NP-hard. https:\/\/perl.plover.com\/NPC\/."},{"key":"e_1_3_2_1_27_1","unstructured":"Schahram Dustdar. 2010. COMPAS: Compliance-driven Models Languages and Architectures for Services: Publishable Summary. https:\/\/cordis.europa.eu\/docs\/projects\/cnect\/5\/215175\/080\/reports\/001-publishablesummarylongversion1.pdf. Accessed 4 April 2019."},{"key":"e_1_3_2_1_28_1","volume-title":"Cost of Compliance","author":"English Stacy","year":"2018","unstructured":"Stacy English and Susannah Hammond. 2018. Cost of Compliance 2018. https:\/\/legal.thomsonreuters.com\/content\/dam\/ewp-m\/documents\/legal\/en\/pdf\/reports\/cost-of-compliance-special-report-2018.pdf. Accessed 26 February 2019."},{"key":"e_1_3_2_1_29_1","volume-title":"CCS 2014: Proceedings of the 21st ACM Conference on Computer and Communications Security","author":"Ernst Michael D.","unstructured":"Michael D. Ernst, Ren\u00e9 Just, Suzanne Millstein, Werner Dietl, Stuart Pernsteiner, Franziska Roesner, Karl Koscher, Paulo Barros, Ravi Bhoraskar, Seungyeop Han, Paul Vines, and Edward X. Wu. 2014. Collaborative verification of information flow for a high-assurance app store. In CCS 2014: Proceedings of the 21st ACM Conference on Computer and Communications Security. Scottsdale, AZ, USA, 1092--1104."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/301618.301665"},{"key":"e_1_3_2_1_31_1","unstructured":"Electronic Frontier Foundation. 1998. Cracking DES: Secrets of encryption research wiretap politics and chip design."},{"key":"e_1_3_2_1_32_1","unstructured":"Martin Fowler and Matthew Foemmel. 2006. Continuous integration."},{"key":"e_1_3_2_1_33_1","volume-title":"31st International Colloquium, ICALP","author":"Frisch Alain","year":"2004","unstructured":"Alain Frisch and Luca Cardelli. 2004. Greedy regular expression matching. In Automata, Languages and Programming: 31st International Colloquium, ICALP 2004. Turku, Finland, 618--629."},{"key":"e_1_3_2_1_34_1","volume-title":"Whitepaper: The Costs of Failing a PCI-DSS Audit. https:\/\/www.hytrust.com\/wp-content\/uploads\/2015\/08\/HyTrust_Cost_of_Failed_Audit.pdf. Accessed","author":"Fritsche Dan","year":"2015","unstructured":"Dan Fritsche and Bhavana Sasne. 2015. Whitepaper: The Costs of Failing a PCI-DSS Audit. https:\/\/www.hytrust.com\/wp-content\/uploads\/2015\/08\/HyTrust_Cost_of_Failed_Audit.pdf. Accessed 18 March 2019."},{"key":"e_1_3_2_1_35_1","volume-title":"Version 2.4. https:\/\/www.fedramp.gov\/assets\/resources\/documents\/FedRAMP_Security_Assessment_Framework.pdf. Accessed","author":"GSA.","year":"2019","unstructured":"GSA. 2017. FedRAMP SECURITY ASSESSMENT FRAMEWORK, Version 2.4. https:\/\/www.fedramp.gov\/assets\/resources\/documents\/FedRAMP_Security_Assessment_Framework.pdf. Accessed 31 January 2019."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2018.11.004"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1053468.1053470"},{"key":"e_1_3_2_1_38_1","unstructured":"hsm-simulator Developers. 2019. gjyoung1974\/hsm-simulator. https:\/\/github.com\/gjyoung1974\/hsm-simulator\/blob\/432b2b6e9fd63936347293743e54a8e572367fda\/src\/com\/goyoung\/crypto\/hsmsim\/commands\/crypto\/GenerateVISAWorkingKey.java. Accessed 5 May 2020."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-54804-8_10"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606613"},{"key":"e_1_3_2_1_41_1","volume-title":"Information technology adoption across time: a cross-sectional comparison of pre-adoption and post-adoption beliefs. MIS quarterly","author":"Karahanna Elena","year":"1999","unstructured":"Elena Karahanna, Detmar W Straub, and Norman L Chervany. 1999. Information technology adoption across time: a cross-sectional comparison of pre-adoption and post-adoption beliefs. MIS quarterly (1999), 183--213."},{"key":"e_1_3_2_1_42_1","volume-title":"Understanding How Users Would Make Use of a SOC2 Report. https:\/\/www.rubinbrown.com\/soc2_user_document_111710.pdf. Accessed","author":"Katcher Audrey","year":"2019","unstructured":"Audrey Katcher. 2019. Understanding How Users Would Make Use of a SOC2 Report. https:\/\/www.rubinbrown.com\/soc2_user_document_111710.pdf. Accessed 28 March 2019."},{"key":"e_1_3_2_1_43_1","volume-title":"do-like-javac. https:\/\/github.com\/kelloggm\/do-like-javac. Accessed","author":"Kellogg Martin","year":"2020","unstructured":"Martin Kellogg. 2020. do-like-javac. https:\/\/github.com\/kelloggm\/do-like-javac. Accessed 24 April 2020."},{"key":"e_1_3_2_1_44_1","volume-title":"ISSTA 2018, Proceedings of the 2018 International Symposium on Software Testing and Analysis","author":"Kellogg Martin","unstructured":"Martin Kellogg, Vlastimil Dort, Suzanne Millstein, and Michael D. Ernst. 2018. Lightweight verification of array indexing. In ISSTA 2018, Proceedings of the 2018 International Symposium on Software Testing and Analysis. Amsterdam, Netherlands, 3--14."},{"key":"e_1_3_2_1_45_1","volume-title":"Verifying Object Construction. In ICSE 2020, Proceedings of the 42nd International Conference on Software Engineering","author":"Kellogg Martin","unstructured":"Martin Kellogg, Manli Ran, Manu Sridharan, Martin Sch\u00e4f, and Michael D. Ernst. 2020. Verifying Object Construction. In ICSE 2020, Proceedings of the 42nd International Conference on Software Engineering. Seoul, Korea."},{"key":"e_1_3_2_1_46_1","volume-title":"International Symposium on Formal Methods for Components and Objects. Springer, 21--41","author":"Kokash Natallia","year":"2008","unstructured":"Natallia Kokash and Farhad Arbab. 2008. Formal behavioral modeling and compliance analysis for service-oriented systems. In International Symposium on Formal Methods for Components and Objects. Springer, 21--41."},{"key":"e_1_3_2_1_47_1","volume-title":"ECOOP 2018 --- Object-Oriented Programming, 32nd European Conference","author":"Kr\u00fcger Stefan","year":"2018","unstructured":"Stefan Kr\u00fcger, Johannes Sp\u00e4th, Karim Ali, Eric Bodden, and Mira Mezini. 2018. CrySL: An extensible approach to validating the correct usage of cryptographic APIs. In ECOOP 2018 --- Object-Oriented Programming, 32nd European Conference. Amsterdam, Netherlands, 10:1--10:27."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2637166.2637237"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/1127878.1127884"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCC.2016.2522411"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66399-9_15"},{"key":"e_1_3_2_1_52_1","volume-title":"Cloud Security Auditing: Major Approaches and Existing Challenges. In Symposium on Foundations & Practice of Security.","author":"Majumdar Suryadipta","year":"2018","unstructured":"Suryadipta Majumdar, Taous Madi, Yosr Jarraya, Makan Pourzandi, Lingyu Wang, and Mourad Debbabi. 2018. Cloud Security Auditing: Major Approaches and Existing Challenges. In Symposium on Foundations & Practice of Security."},{"key":"e_1_3_2_1_53_1","volume-title":"Frequently Asked Questions. https:\/\/globalrisk.mastercard.com\/wp-content\/uploads\/2017\/03\/Site-Data-Protection-SDP-Program-FAQs-1-March-2017.pdf. Accessed","year":"2019","unstructured":"Mastercard. 2017. Site Data Protection (SDP) Program, Frequently Asked Questions. https:\/\/globalrisk.mastercard.com\/wp-content\/uploads\/2017\/03\/Site-Data-Protection-SDP-Program-FAQs-1-March-2017.pdf. Accessed 18 March 2019."},{"key":"e_1_3_2_1_54_1","volume-title":"Implement Java 8 type argument inference. https:\/\/github.com\/typetools\/checker-framework\/issues\/979. Accessed","author":"Millstein Suzanne","year":"2020","unstructured":"Suzanne Millstein. 2016. Implement Java 8 type argument inference. https:\/\/github.com\/typetools\/checker-framework\/issues\/979. Accessed 17 April 2020."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2008.09.018"},{"key":"e_1_3_2_1_56_1","volume-title":"Access Devices","author":"MS","year":"2018","unstructured":"MS 325E.64. 2007. Access Devices; Breach of Security. Minnesota Statutes (2018): Chapter 325E, Section 64."},{"key":"e_1_3_2_1_57_1","volume-title":"Dash Compliance Automation --- S3 Security Controls. https:\/\/www.dashsdk.com\/docs\/aws\/hipaa\/amazon-s3\/. Accessed","author":"Nemetz Jacob","year":"2020","unstructured":"Jacob Nemetz and Brett Lieblich. 2019. Dash Compliance Automation --- S3 Security Controls. https:\/\/www.dashsdk.com\/docs\/aws\/hipaa\/amazon-s3\/. Accessed 8 April 2020."},{"key":"e_1_3_2_1_58_1","volume-title":"kelloggm\/no-literal-checker. https:\/\/github.com\/kelloggm\/no-literal-checker. Accessed","year":"2020","unstructured":"no-literal-checker Developers. 2020. kelloggm\/no-literal-checker. https:\/\/github.com\/kelloggm\/no-literal-checker. Accessed 11 August 2020."},{"key":"e_1_3_2_1_59_1","volume-title":"ISSTA 2008, Proceedings of the 2008 International Symposium on Software Testing and Analysis","author":"Papi Matthew M.","unstructured":"Matthew M. Papi, Mahmood Ali, Telmo Luis Correa Jr., Jeff H. Perkins, and Michael D. Ernst. 2008. Practical pluggable types for Java. In ISSTA 2008, Proceedings of the 2008 International Symposium on Software Testing and Analysis. Seattle, WA, USA, 201--212."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1007\/1-4020-8147-2_1"},{"key":"e_1_3_2_1_61_1","volume-title":"Payment Card Industry (PCI) Data Security Standard, v. 3.2.1. https:\/\/www.pcisecuritystandards.org\/documents\/PCI_DSS_v3-2-1.pdf. Accessed","author":"PCI Security Standards Council","year":"2019","unstructured":"PCI Security Standards Council. 2018. Payment Card Industry (PCI) Data Security Standard, v. 3.2.1. https:\/\/www.pcisecuritystandards.org\/documents\/PCI_DSS_v3-2-1.pdf. Accessed 26 February 2019."},{"key":"e_1_3_2_1_62_1","volume-title":"PCI DSS v3.2.1 Template for Report on Compliance. https:\/\/www.pcisecuritystandards.org\/documents\/PCI-DSS-v3_2_1-ROC-Reporting-Template.pdf. Accessed","author":"PCI Security Standards Council","year":"2019","unstructured":"PCI Security Standards Council. 2018. PCI DSS v3.2.1 Template for Report on Compliance. https:\/\/www.pcisecuritystandards.org\/documents\/PCI-DSS-v3_2_1-ROC-Reporting-Template.pdf. Accessed 4 April 2019."},{"key":"e_1_3_2_1_63_1","volume-title":"The True Cost of Compliance. https:\/\/www.ponemon.org\/local\/upload\/file\/True_Cost_of_Compliance_Report_copy.pdf. Accessed","author":"Ponemon Institute LLC. 2011.","year":"2019","unstructured":"Ponemon Institute LLC. 2011. The True Cost of Compliance. https:\/\/www.ponemon.org\/local\/upload\/file\/True_Cost_of_Compliance_Report_copy.pdf. Accessed 3 April 2019."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363195"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345659"},{"key":"e_1_3_2_1_66_1","volume-title":"Title 19","author":"RCW","unstructured":"RCW 19.255.020. 2010. Liability of processors, businesses, and vendors. Revised Code of Washington, Title 19, Chapter 19.255, Section 19.255.020."},{"key":"e_1_3_2_1_67_1","volume-title":"ISSRE 2003: Fourteenth International Symposium on Software Reliability Engineering","author":"Saff David","unstructured":"David Saff and Michael D. Ernst. 2003. Reducing wasted development time via continuous testing. In ISSRE 2003: Fourteenth International Symposium on Software Reliability Engineering. Denver, CO, 281--292."},{"key":"e_1_3_2_1_68_1","volume-title":"Example of how to whitelist crypto algorithms. https:\/\/github.com\/awslabs\/aws-crypto-policy-compliance-checker\/blob\/master\/stubs\/javax.crypto.astub. Accessed","author":"Schaef Martin","year":"2020","unstructured":"Martin Schaef. 2019. Example of how to whitelist crypto algorithms. https:\/\/github.com\/awslabs\/aws-crypto-policy-compliance-checker\/blob\/master\/stubs\/javax.crypto.astub. Accessed 11 August 2020."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1137\/0219027"},{"key":"e_1_3_2_1_70_1","volume-title":"https:\/\/github.com\/NewSaigonSoft\/sendmail\/blob\/e31d9a86c7f863c59fc51d5fd2c1b60cc4586faf\/src\/main\/java\/com\/newsaigonsoft\/sendmail\/SecurePassword.java. Accessed","year":"2020","unstructured":"sendmail Developers. 2015. NewSaigonSoft\/sendmail. https:\/\/github.com\/NewSaigonSoft\/sendmail\/blob\/e31d9a86c7f863c59fc51d5fd2c1b60cc4586faf\/src\/main\/java\/com\/newsaigonsoft\/sendmail\/SecurePassword.java. Accessed 5 May 2020."},{"key":"e_1_3_2_1_71_1","unstructured":"Square Inc. 2017. PCI Compliance: What You Need to Know. https:\/\/squareup.com\/guides\/pci-compliance. Accessed 18 March 2019."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCGRID.2017.134"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1986.6312929"},{"key":"e_1_3_2_1_74_1","volume-title":"Welcome To The SWAMP. https:\/\/continuousassurance.org\/. Accessed","author":"Team The SWAMP","year":"2020","unstructured":"The SWAMP Team. 2020. Welcome To The SWAMP. https:\/\/continuousassurance.org\/. Accessed 24 April 2020."},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1109\/SYNASC.2010.52"},{"key":"e_1_3_2_1_76_1","volume-title":"Abu Shohel Ahmed, and Jukka Ylitalo","author":"Ullah Kazi Wali","year":"2013","unstructured":"Kazi Wali Ullah, Abu Shohel Ahmed, and Jukka Ylitalo. 2013. Towards building an automated security compliance tool for the cloud. In Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, 1587--1593."},{"key":"e_1_3_2_1_77_1","volume-title":"Verizon 2018 Payment Security Report. Accessed","author":"van Oosten Ciske","year":"2019","unstructured":"Ciske van Oosten, Anne Turner, Cynthia B. Hanson, Dyana Pearson, Ronald Tosto, and Andi Baritchi. 2018. Verizon 2018 Payment Security Report. Accessed 26 February 2019."},{"key":"e_1_3_2_1_78_1","volume-title":"Security Authorization of Information Systems in Cloud Computing Environments. https:\/\/www.fedramp.gov\/assets\/resources\/documents\/FedRAMP_Policy_Memo.pdf. Accessed","author":"VanRoekel Steven","year":"2019","unstructured":"Steven VanRoekel. 2011. Security Authorization of Information Systems in Cloud Computing Environments. https:\/\/www.fedramp.gov\/assets\/resources\/documents\/FedRAMP_Policy_Memo.pdf. Accessed 31 January 2019."},{"key":"e_1_3_2_1_79_1","volume-title":"https:\/\/github.com\/NitorCreations\/vault\/blob\/3c3ec65879c82bb353b4cf4d22898abb0b7b578f\/java\/src\/main\/java\/com\/nitorcreations\/vault\/VaultClient.java. Accessed","year":"2020","unstructured":"vault Developers. 2020. NitorCreations\/vault. https:\/\/github.com\/NitorCreations\/vault\/blob\/3c3ec65879c82bb353b4cf4d22898abb0b7b578f\/java\/src\/main\/java\/com\/nitorcreations\/vault\/VaultClient.java. Accessed 8 May 2020."},{"key":"e_1_3_2_1_80_1","unstructured":"VISA Inc. 2017. Data Security Compliance Requirements for Service Providers. https:\/\/usa.visa.com\/dam\/VCOM\/download\/merchants\/data-security-compliance-service-providers.pdf. Accessed 31 January 2019."},{"key":"e_1_3_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/103135.103136"},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786816"},{"key":"e_1_3_2_1_83_1","volume-title":"Automate Compliance Verification on AWS Using Provable Security. https:\/\/www.youtube.com\/watch?v=BbXK_-b3DTk. Accessed","author":"Woolf Chad","year":"2020","unstructured":"Chad Woolf, Byron Cook, and Tom McAndrew. 2019. Automate Compliance Verification on AWS Using Provable Security. https:\/\/www.youtube.com\/watch?v=BbXK_-b3DTk. Accessed 25 August 2020."}],"event":{"name":"ASE '20: 35th IEEE\/ACM International Conference on Automated Software Engineering","location":"Virtual Event Australia","acronym":"ASE '20","sponsor":["SIGAI ACM Special Interest Group on Artificial Intelligence","SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"]},"container-title":["Proceedings of the 35th IEEE\/ACM International Conference on Automated Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3324884.3416593","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3324884.3416593","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:01:38Z","timestamp":1750197698000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3324884.3416593"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,21]]},"references-count":83,"alternative-id":["10.1145\/3324884.3416593","10.1145\/3324884"],"URL":"https:\/\/doi.org\/10.1145\/3324884.3416593","relation":{},"subject":[],"published":{"date-parts":[[2020,12,21]]},"assertion":[{"value":"2021-01-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}