{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T18:08:55Z","timestamp":1778090935260,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,11,9]],"date-time":"2020-11-09T00:00:00Z","timestamp":1604880000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100011688","name":"Electronic Components and Systems for European Leadership","doi-asserted-by":"publisher","award":["783163"],"award-info":[{"award-number":["783163"]}],"id":[{"id":"10.13039\/501100011688","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["LO 1719\/3-1"],"award-info":[{"award-number":["LO 1719\/3-1"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,11,9]]},"DOI":"10.1145\/3411495.3421360","type":"proceedings-article","created":{"date-parts":[[2020,11,5]],"date-time":"2020-11-05T23:35:56Z","timestamp":1604619356000},"page":"147-157","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":17,"title":["The Sound of Silence"],"prefix":"10.1145","author":[{"given":"Ralf","family":"Ramsauer","sequence":"first","affiliation":[{"name":"University of Applied Sciences Regensburg, Regensburg, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lukas","family":"Bulwahn","sequence":"additional","affiliation":[{"name":"BMW AG, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"Lohmann","sequence":"additional","affiliation":[{"name":"University of Hanover, Hanover, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wolfgang","family":"Mauerer","sequence":"additional","affiliation":[{"name":"University of Applied Sciences Regensburg & Siemens Corporate Research, Regensburg \/ Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,11,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2017. CVE-2018-3615 CVE-2018-3620 and CVE-2018-3646. https:\/\/cve.mitre.org.  2017. CVE-2018-3615 CVE-2018-3620 and CVE-2018-3646. https:\/\/cve.mitre.org."},{"key":"e_1_3_2_1_2_1","unstructured":"2019. CVE-2019-1125. https:\/\/cve.mitre.org.  2019. CVE-2019-1125. https:\/\/cve.mitre.org."},{"key":"e_1_3_2_1_3_1","unstructured":"Doug Anderson. 2019. Allowing something Change-Id (or something like it) in kernel commits. https:\/\/lists.linuxfoundation.org\/pipermail\/ksummit-discuss\/2019-August\/006739.html.  Doug Anderson. 2019. Allowing something Change-Id (or something like it) in kernel commits. https:\/\/lists.linuxfoundation.org\/pipermail\/ksummit-discuss\/2019-August\/006739.html."},{"key":"e_1_3_2_1_4_1","unstructured":"Ross Anderson. 2002. Security in Open versus Closed Systems?The dance of Boltzmann Coase and Moore. In Open Source Software: Economics Law and Policy.  Ross Anderson. 2002. Security in Open versus Closed Systems?The dance of Boltzmann Coase and Moore. In Open Source Software: Economics Law and Policy."},{"key":"e_1_3_2_1_5_1","volume-title":"Patch Release Behavior: Impact of Vulnerability Disclosure. Information Systems Research","volume":"21","author":"Arora Ashish","year":"2010"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-013-9284-6"},{"key":"e_1_3_2_1_7_1","volume-title":"The Promises and Perils of Mining Git. In 6th IEEE International Working Conference on Mining Software Repositories (MSR).","author":"Bird Christian","year":"2009"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2014.40"},{"key":"e_1_3_2_1_9_1","volume-title":"Emerging Issues in Responsible Vulnerability Disclosure. In Workshop on Information Technology and Systems (WITS).","author":"Cavusoglu Hasan","year":"2004"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131151.3131171"},{"key":"e_1_3_2_1_11_1","volume-title":"Responsible vulnerability disclosure process. https:\/\/tools.ietf.org\/html\/draft-christey-wysopal-vuln-disclosure-00. IETF draft","author":"Christey Steve","year":"2002"},{"key":"e_1_3_2_1_12_1","volume-title":"What to do about CVE numbers. Linux Weekly News (LWN)","author":"Corbet Jonathan","year":"2019"},{"key":"e_1_3_2_1_13_1","volume-title":"CVE-less vulnerabilities. Linux Weekly News (LWN)","author":"Edge Jake","year":"2019"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Stefan Frei Dominik Schatzmann Bernhard Plattner and Brian Trammell. 2010. Modeling the security ecosystem-the dynamics of (in) security. In Economics of Information Security and Privacy.  Stefan Frei Dominik Schatzmann Bernhard Plattner and Brian Trammell. 2010. Modeling the security ecosystem-the dynamics of (in) security. In Economics of Information Security and Privacy.","DOI":"10.1007\/978-1-4419-6967-5_6"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.5555\/2487085.2487150"},{"key":"e_1_3_2_1_16_1","volume-title":"Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response. In IEEE Symposium on Security and Privacy (SP).","author":"Huang Zhen","year":"2016"},{"key":"e_1_3_2_1_17_1","unstructured":"Intel Corporation. 2018. Resources and Response to Side Channel L1 Terminal Fault. https:\/\/www.intel.com\/content\/www\/us\/en\/architecture-and-technology\/l1tf.html.  Intel Corporation. 2018. Resources and Response to Side Channel L1 Terminal Fault. https:\/\/www.intel.com\/content\/www\/us\/en\/architecture-and-technology\/l1tf.html."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/2487085.2487111"},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the 8th ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM).","author":"Jiang Yujuan"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.23"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2013.36"},{"key":"e_1_3_2_1_22_1","unstructured":"Shuah Khan. 2019. [MAINTAINERS SUMMIT] Patch version changes in commit logs? https:\/\/lists.linuxfoundation.org\/pipermail\/ksummit-discuss\/2019-June\/006543.html.  Shuah Khan. 2019. [MAINTAINERS SUMMIT] Patch version changes in commit logs? https:\/\/lists.linuxfoundation.org\/pipermail\/ksummit-discuss\/2019-June\/006543.html."},{"key":"e_1_3_2_1_23_1","volume-title":"Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P).","author":"Kocher Paul","year":"2019"},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of the Linux Symposium.","author":"Kroah-Hartman Greg","year":"2007"},{"key":"e_1_3_2_1_25_1","volume-title":"Why kernel development still uses email. Linux Weekly News (LWN)","author":"Kroah-Hartman Greg","year":"2016"},{"key":"e_1_3_2_1_26_1","volume-title":"Zombieland & Linux. In Embedded Linux Conference Europe (ELCE).","author":"Kroah-Hartman Greg","year":"2019"},{"key":"e_1_3_2_1_27_1","unstructured":"Greg Kroah-Hartman. 2020. personal communication.  Greg Kroah-Hartman. 2020. personal communication."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2010.39"},{"key":"e_1_3_2_1_29_1","unstructured":"Vladimir I Levenshtein. 1966. Binary codes capable of correcting deletions insertions and reversals. In Soviet physics doklady.  Vladimir I Levenshtein. 1966. Binary codes capable of correcting deletions insertions and reversals. In Soviet physics doklady."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134072"},{"key":"e_1_3_2_1_31_1","unstructured":"Linux Kernel Community. 2020. Linux -- How the development process works. https:\/\/www.kernel.org\/doc\/html\/latest\/process\/2.Process.html.  Linux Kernel Community. 2020. Linux -- How the development process works. https:\/\/www.kernel.org\/doc\/html\/latest\/process\/2.Process.html."},{"key":"e_1_3_2_1_32_1","volume-title":"27th USENIX Security Symposium.","author":"Lipp Moritz","year":"2018"},{"key":"e_1_3_2_1_33_1","volume-title":"Professional Linux kernel architecture","author":"Mauerer Wolfgang"},{"key":"e_1_3_2_1_34_1","volume-title":"Open source engineering processes. it--Information Technology","author":"Mauerer Wolfgang","year":"2013"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653717"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00059"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00088"},{"key":"e_1_3_2_1_38_1","volume-title":"Technology & Policy","volume":"12","author":"Raymond Eric","year":"1999"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354252"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.5555\/2337223.2337314"},{"key":"e_1_3_2_1_41_1","unstructured":"The Kernel Community. 2020. Submitting patches: the essential guide to getting your code into the kernel. https:\/\/www.kernel.org\/doc\/html\/latest\/process\/submitting-patches.html.  The Kernel Community. 2020. Submitting patches: the essential guide to getting your code into the kernel. https:\/\/www.kernel.org\/doc\/html\/latest\/process\/submitting-patches.html."},{"key":"e_1_3_2_1_42_1","volume-title":"Proceedings of the 27th USENIX Security Symposium. USENIX Association. See also technical report Foreshadow-NG citeweisse2018foreshadowNG.","author":"Bulck Jo Van","year":"2018"},{"key":"e_1_3_2_1_43_1","volume-title":"Marina Minkin, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Raoul Strackx, Thomas F. Wenisch, and Yuval Yarom.","author":"Weisse Ofir","year":"2018"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106287"},{"key":"e_1_3_2_1_45_1","unstructured":"Marc Zyngier. 2019. personal communication.  Marc Zyngier. 2019. personal communication."}],"event":{"name":"CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event USA","acronym":"CCS '20","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3411495.3421360","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3411495.3421360","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:31:41Z","timestamp":1750195901000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3411495.3421360"}},"subtitle":["Mining Security Vulnerabilities from Secret Integration Channels in Open-Source Projects"],"short-title":[],"issued":{"date-parts":[[2020,11,9]]},"references-count":45,"alternative-id":["10.1145\/3411495.3421360","10.1145\/3411495"],"URL":"https:\/\/doi.org\/10.1145\/3411495.3421360","relation":{},"subject":[],"published":{"date-parts":[[2020,11,9]]},"assertion":[{"value":"2020-11-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}