{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T14:47:21Z","timestamp":1776782841530,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":22,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,9,9]],"date-time":"2019-09-09T00:00:00Z","timestamp":1567987200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,9,9]]},"DOI":"10.1145\/3344948.3344995","type":"proceedings-article","created":{"date-parts":[[2019,9,5]],"date-time":"2019-09-05T12:16:25Z","timestamp":1567685785000},"page":"116-122","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["Inspection guidelines to identify security design flaws"],"prefix":"10.1145","author":[{"given":"Katja","family":"Tuma","sequence":"first","affiliation":[{"name":"University of Gothenburg, Gothenburg, Sweden"}]},{"given":"Danial","family":"Hosseini","sequence":"additional","affiliation":[{"name":"University of Gothenburg, Gothenburg, Sweden"}]},{"given":"Kyriakos","family":"Malamas","sequence":"additional","affiliation":[{"name":"University of Gothenburg, Gothenburg, Sweden"}]},{"given":"Riccardo","family":"Scandariato","sequence":"additional","affiliation":[{"name":"University of Gothenburg, Gothenburg, Sweden"}]}],"member":"320","published-online":{"date-parts":[[2019,9,9]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/APSEC.2013.19"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.5555\/2486788.2486875"},{"key":"e_1_3_2_1_3_1","unstructured":"Iv\u00e1n Arce Kathleen Clark-Fisher Neil Daswani Jim DelGrosso Danny Dhillon Christoph Kern Tadayoshi Kohno Carl Landwehr Gary McGraw Brook Schoenfield etal 2014. Avoiding the top 10 software security design flaws. IEEE Computer Society Center for Secure Design (CSD) Tech. Rep (2014).  Iv\u00e1n Arce Kathleen Clark-Fisher Neil Daswani Jim DelGrosso Danny Dhillon Christoph Kern Tadayoshi Kohno Carl Landwehr Gary McGraw Brook Schoenfield et al. 2014. Avoiding the top 10 software security design flaws. IEEE Computer Society Center for Secure Design (CSD) Tech. Rep (2014)."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-30806-7_4"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5381\/jot.2009.8.3.c5"},{"key":"e_1_3_2_1_6_1","volume-title":"Toward establishing a catalog of security architecture weaknesses. (5","author":"da Silva Santos Joanna Cecilia","year":"2016","unstructured":"Joanna Cecilia da Silva Santos . 2016. Toward establishing a catalog of security architecture weaknesses. (5 2016 ). Joanna Cecilia da Silva Santos. 2016. Toward establishing a catalog of security architecture weaknesses. (5 2016)."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-010-0115-7"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2017.55"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02351-4_10"},{"key":"e_1_3_2_1_10_1","volume-title":"Design Flaws as Security Threats. Master's thesis","author":"Hosseini Danial","unstructured":"Danial Hosseini and Kyriakos Malamas . 2017. Design Flaws as Security Threats. Master's thesis . Chalmers University of Technology and University of Gonthenburg , http:\/\/publications.lib.chalmers.se\/records\/fulltext\/250250\/250250.pdf. Danial Hosseini and Kyriakos Malamas. 2017. Design Flaws as Security Threats. Master's thesis. Chalmers University of Technology and University of Gonthenburg, http:\/\/publications.lib.chalmers.se\/records\/fulltext\/250250\/250250.pdf."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2017.143"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1810295.1810435"},{"key":"e_1_3_2_1_13_1","volume-title":"Architecture Anti-patterns: Automatically Detectable Violations of Design Principles","author":"Mo Ran","year":"2019","unstructured":"Ran Mo , Yuanfang Cai , Rick Kazman , Lu Xiao , and Qiong Feng . 2019 . Architecture Anti-patterns: Automatically Detectable Violations of Design Principles . IEEE Transactions on Software Engineering ( 2019). Ran Mo, Yuanfang Cai, Rick Kazman, Lu Xiao, and Qiong Feng. 2019. Architecture Anti-patterns: Automatically Detectable Violations of Design Principles. IEEE Transactions on Software Engineering (2019)."},{"key":"e_1_3_2_1_14_1","volume-title":"Proceedings of the 24th Conference on Pattern Languages of Programs. The Hillside Group, 23","author":"Nafees Tayyaba","year":"2017","unstructured":"Tayyaba Nafees , Natalie Coull , Ian Ferguson , and Adam Sampson . 2017 . Vulnerability anti-patterns: a timeless way to capture poor software practices (vulnerabilities) . In Proceedings of the 24th Conference on Pattern Languages of Programs. The Hillside Group, 23 . Tayyaba Nafees, Natalie Coull, Ian Ferguson, and Adam Sampson. 2017. Vulnerability anti-patterns: a timeless way to capture poor software practices (vulnerabilities). In Proceedings of the 24th Conference on Pattern Languages of Programs. The Hillside Group, 23."},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings of the 7th International Conference on Empirical Assessment in Software Engineering. 95--102","author":"Runeson Per","year":"2003","unstructured":"Per Runeson . 2003 . Using students as experiment subjects-an analysis on graduate and freshmen student data . In Proceedings of the 7th International Conference on Empirical Assessment in Software Engineering. 95--102 . Per Runeson. 2003. Using students as experiment subjects-an analysis on graduate and freshmen student data. In Proceedings of the 7th International Conference on Empirical Assessment in Software Engineering. 95--102."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/2818754.2818836"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-013-0195-2"},{"key":"e_1_3_2_1_18_1","volume-title":"Threat modeling: Designing for security","author":"Shostack Adam","unstructured":"Adam Shostack . 2014. Threat modeling: Designing for security . John Wiley & Sons . Adam Shostack. 2014. Threat modeling: Designing for security. John Wiley & Sons."},{"key":"e_1_3_2_1_19_1","volume-title":"On the definition of microservice bad smells","author":"Taibi Davide","year":"2018","unstructured":"Davide Taibi and Valentina Lenarduzzi . 2018. On the definition of microservice bad smells . IEEE software 35, 3 ( 2018 ), 56--62. Davide Taibi and Valentina Lenarduzzi. 2018. On the definition of microservice bad smells. IEEE software 35, 3 (2018), 56--62."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2018.06.073"},{"key":"e_1_3_2_1_21_1","volume-title":"Two Architectural Threat Analysis Techniques Compared. In European Conference on Software Architecture. Springer, 347--363","author":"Tuma Katja","year":"2018","unstructured":"Katja Tuma and Riccardo Scandariato . 2018 . Two Architectural Threat Analysis Techniques Compared. In European Conference on Software Architecture. Springer, 347--363 . Katja Tuma and Riccardo Scandariato. 2018. Two Architectural Threat Analysis Techniques Compared. In European Conference on Software Architecture. Springer, 347--363."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2010.313"}],"event":{"name":"ECSA: European Conference on Software Architecture","location":"Paris France","acronym":"ECSA"},"container-title":["Proceedings of the 13th European Conference on Software Architecture - Volume 2"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3344948.3344995","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3344948.3344995","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:54:28Z","timestamp":1750204468000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3344948.3344995"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,9,9]]},"references-count":22,"alternative-id":["10.1145\/3344948.3344995","10.1145\/3344948"],"URL":"https:\/\/doi.org\/10.1145\/3344948.3344995","relation":{},"subject":[],"published":{"date-parts":[[2019,9,9]]},"assertion":[{"value":"2019-09-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}