{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T09:11:35Z","timestamp":1768900295292,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":11,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,8,25]],"date-time":"2020-08-25T00:00:00Z","timestamp":1598313600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Software Engineering Institute"},{"name":"Department of Defense with Carnegie Mellon University","award":["FA8702-15-D-0002"],"award-info":[{"award-number":["FA8702-15-D-0002"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,8,25]]},"DOI":"10.1145\/3407023.3409186","type":"proceedings-article","created":{"date-parts":[[2021,11,23]],"date-time":"2021-11-23T04:37:03Z","timestamp":1637642223000},"page":"1-8","source":"Crossref","is-referenced-by-count":13,"title":["Security impacts of sub-optimal DevSecOps implementations in a highly regulated environment"],"prefix":"10.1145","author":[{"given":"Jose Andre","family":"Morales","sequence":"first","affiliation":[{"name":"Carnegie Mellon University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thomas P.","family":"Scanlon","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aaron","family":"Volkmann","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joseph","family":"Yankel","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hasan","family":"Yasar","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,8,25]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Implementing DevOps Practices in Highly Regulated Environments,\" in International Workshop on Secure Software Engineering in DevOps and Agile Devlopment","author":"Morales J. A.","year":"2018"},{"key":"e_1_3_2_1_2_1","unstructured":"S. W. Ambler \"Examing the Agile Cost of Change Curve \" [Online]. Available: http:\/\/www.agilemodeling.com\/essays\/costOfChange.htm.  S. W. Ambler \"Examing the Agile Cost of Change Curve \" [Online]. Available: http:\/\/www.agilemodeling.com\/essays\/costOfChange.htm."},{"key":"e_1_3_2_1_3_1","volume-title":"Software Enginnering Institute","author":"Waits T.","year":"2016"},{"key":"e_1_3_2_1_4_1","volume-title":"Software Engineering Institute","author":"Scanlon T.","year":"2018"},{"key":"e_1_3_2_1_5_1","unstructured":"Tech at GSA \"DevSecOps Guide \" General Services Administration [Online]. Available: https:\/\/tech.gsa.gov\/guides\/dev_sec_ops_guide\/. [Accessed 2020].  Tech at GSA \"DevSecOps Guide \" General Services Administration [Online]. Available: https:\/\/tech.gsa.gov\/guides\/dev_sec_ops_guide\/. [Accessed 2020]."},{"key":"e_1_3_2_1_6_1","volume-title":"Chief Information Officer, \"DoD Enterprise DevSecOps Reference Design Version 1.0","author":"Department of Defense","year":"2019"},{"key":"e_1_3_2_1_7_1","unstructured":"R. V. Vargas \"Using the analytic hierarchy process (ahp) to select and prioritize projects in a portfolio \" in PMI Global Congress 2010.  R. V. Vargas \"Using the analytic hierarchy process (ahp) to select and prioritize projects in a portfolio \" in PMI Global Congress 2010."},{"issue":"12","key":"e_1_3_2_1_8_1","first-page":"390","volume":"3","author":"Muthusamy T.","year":"2013","journal-title":"International Journal of Advanced Research in Computer Science and Software Engineering"},{"key":"e_1_3_2_1_9_1","volume-title":"When and How to Use Them,\" Carnegie Mellon University","author":"Scanlon T.","year":"2018"},{"key":"e_1_3_2_1_10_1","volume-title":"Software Engineering Institute","author":"Scanlon T.","year":"2018"},{"key":"e_1_3_2_1_11_1","volume-title":"Threat Modeling: A Summary of Available Methods,\" Carnegie Mellon University","author":"Shevchenko N.","year":"2018"}],"event":{"name":"ARES 2020: The 15th International Conference on Availability, Reliability and Security","location":"Virtual Event Ireland","acronym":"ARES 2020"},"container-title":["Proceedings of the 15th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3407023.3409186","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3407023.3409186","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:24:42Z","timestamp":1750195482000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3407023.3409186"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,8,25]]},"references-count":11,"alternative-id":["10.1145\/3407023.3409186","10.1145\/3407023"],"URL":"https:\/\/doi.org\/10.1145\/3407023.3409186","relation":{},"subject":[],"published":{"date-parts":[[2020,8,25]]}}}