{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T23:39:35Z","timestamp":1768347575391,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":59,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,10,11]],"date-time":"2021-10-11T00:00:00Z","timestamp":1633910400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,10,11]]},"DOI":"10.1145\/3475716.3475786","type":"proceedings-article","created":{"date-parts":[[2021,10,6]],"date-time":"2021-10-06T11:43:50Z","timestamp":1633520630000},"page":"1-12","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Barriers to Shift-Left Security"],"prefix":"10.1145","author":[{"given":"Danielle","family":"Gonzalez","sequence":"first","affiliation":[{"name":"Rochester Institute of Technology, Rochester, NY, USA"}]},{"given":"Paola Peralta","family":"Perez","sequence":"additional","affiliation":[{"name":"Rochester Institute of Technology, Rochester, NY, USA"}]},{"given":"Mehdi","family":"Mirakhorli","sequence":"additional","affiliation":[{"name":"Rochester Institute of Technology, Rochester, NY, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,10,11]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.25"},{"key":"e_1_3_2_1_2_1","volume-title":"Too: A Survey of Security Advice for Software Developers. In 2017 IEEE Cybersecurity Development (SecDev)","author":"Acar Yasemin","year":"2017"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1108\/DTA-07-2017-0054"},{"key":"e_1_3_2_1_4_1","unstructured":"Jeff Atwood and Joel Spolsky. 2008. Security Stack Exchange. https:\/\/security.stackexchange.com\/.  Jeff Atwood and Joel Spolsky. 2008. Security Stack Exchange. https:\/\/security.stackexchange.com\/."},{"key":"e_1_3_2_1_5_1","unstructured":"Jeff Atwood and Joel Spolsky. 2008. Stack Overflow. https:\/\/stackoverflow.com.  Jeff Atwood and Joel Spolsky. 2008. Stack Overflow. https:\/\/stackoverflow.com."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2597073.2597083"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-012-9231-y"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2014.88"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/338330"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5555\/944919.944937"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380404"},{"key":"e_1_3_2_1_12_1","volume-title":"Andrew Van der Stock, and Jim Manico","author":"Cuthbert Daniel","year":"2021"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2014.11"},{"key":"e_1_3_2_1_14_1","volume-title":"OWASP Europe Conference","volume":"1","author":"Vries Stephen De","year":"2006"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(07)70027-2"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2015.26"},{"key":"e_1_3_2_1_17_1","volume-title":"Advances in Computers","author":"Felderer Michael","year":"2015"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3379597.3387471"},{"key":"e_1_3_2_1_19_1","unstructured":"M\u00e5rten Gustafson. 2016. bouncy-castle-pgp. https:\/\/github.com\/chids\/bouncy-castle-pgp.  M\u00e5rten Gustafson. 2016. bouncy-castle-pgp. https:\/\/github.com\/chids\/bouncy-castle-pgp."},{"key":"e_1_3_2_1_20_1","unstructured":"Takeshi Hagikura and Jeremy Walker. 2019. android-FingerprintDialog. https:\/\/github.com\/googlearchive\/android-FingerprintDialog.  Takeshi Hagikura and Jeremy Walker. 2019. android-FingerprintDialog. https:\/\/github.com\/googlearchive\/android-FingerprintDialog."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09819-6"},{"key":"e_1_3_2_1_22_1","volume-title":"Proceedings of the 14th ACM \/ IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM). ACM","author":"Haque Mubin Ul"},{"key":"e_1_3_2_1_23_1","unstructured":"Deac Karns and Adam Stokes. 2019. django-sslserver. https:\/\/github.com\/teddziuba\/django-sslserver.  Deac Karns and Adam Stokes. 2019. django-sslserver. https:\/\/github.com\/teddziuba\/django-sslserver."},{"key":"e_1_3_2_1_24_1","volume-title":"Unit testing: Principles, Practices, and Patterns. Manning","author":"Khorikov Vladimir"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2975961.2975966"},{"key":"e_1_3_2_1_26_1","unstructured":"John Kurkowski. 2011. tldextract. https:\/\/pypi.org\/project\/tldextract\/.  John Kurkowski. 2011. tldextract. https:\/\/pypi.org\/project\/tldextract\/."},{"key":"e_1_3_2_1_27_1","volume-title":"PUMiner. In Proceedings of the 17th International Conference on Mining Software Repositories. ACM","author":"Minh Le Triet Huynh"},{"key":"e_1_3_2_1_28_1","unstructured":"Jiakun Liu Xin Xia David Lo Haoxiang Zhang Ying Zou Ahmed E. Hassan and Shanping Li. 2020. Broken External Links on Stack Overflow. https:\/\/arxiv.org\/abs\/2010.04892. arXiv:2010.04892 [cs.SE]  Jiakun Liu Xin Xia David Lo Haoxiang Zhang Ying Zou Ahmed E. Hassan and Shanping Li. 2020. Broken External Links on Stack Overflow. https:\/\/arxiv.org\/abs\/2010.04892. arXiv:2010.04892 [cs.SE]"},{"key":"e_1_3_2_1_29_1","unstructured":"Jiakun Liu Haoxiang Zhang Xin Xia David Lo Ying Zou Ahmed E. Hassan and Shanping Li. 2021. An Exploratory Study on the Repeatedly Shared External Links on Stack Overflow. https:\/\/arxiv.org\/abs\/2104.03518. arXiv:2104.03518 [cs.SE]  Jiakun Liu Haoxiang Zhang Xin Xia David Lo Ying Zou Ahmed E. Hassan and Shanping Li. 2021. An Exploratory Study on the Repeatedly Shared External Links on Stack Overflow. https:\/\/arxiv.org\/abs\/2104.03518. arXiv:2104.03518 [cs.SE]"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3194707.3194713"},{"key":"e_1_3_2_1_31_1"},{"key":"e_1_3_2_1_32_1","volume-title":"OWASP Top 10 Proactive Controls","author":"Manico Jim","year":"2018"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3084226.3084267"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.5555\/1076526"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/QRS.2017.46"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2896921.2896929"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884790"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.5555\/1857999.1858011"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.5555\/948785.948830"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.25"},{"key":"e_1_3_2_1_41_1","unstructured":"Stack Overflow. 2020. Annual Developer Survey. https:\/\/insights.stackoverflow.com\/survey\/2020.  Stack Overflow. 2020. Annual Developer Survey. https:\/\/insights.stackoverflow.com\/survey\/2020."},{"key":"e_1_3_2_1_42_1","unstructured":"Renas. 2016. robotium. https:\/\/github.com\/robotiumtech\/robotium.  Renas. 2016. robotium. https:\/\/github.com\/robotiumtech\/robotium."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigDataCongress.2018.00037"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-015-9379-3"},{"key":"e_1_3_2_1_45_1","first-page":"66","article-title":"OWASP Testing Guide, v4","volume":"4","author":"Saad Elie","year":"2013","journal-title":"OWASP Foundation"},{"key":"e_1_3_2_1_46_1","unstructured":"Koen Schmeets. 2015. authority-laravel. https:\/\/github.com\/Vespakoen\/authority-laravel.  Koen Schmeets. 2015. authority-laravel. https:\/\/github.com\/Vespakoen\/authority-laravel."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.799955"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.61"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.5555\/2390948.2391052"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.5555\/3099751"},{"key":"e_1_3_2_1_51_1","volume-title":"An Exploratory Study on Stack Overflow. In 2019 IEEE International Conference on Software Architecture (ICSA). IEEE","author":"Tian Fangchao","year":"2019"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2019.110421"},{"key":"e_1_3_2_1_53_1","unstructured":"Filippo Valsorda. 2018. mkcert. https:\/\/github.com\/FiloSottile\/mkcert.  Filippo Valsorda. 2018. mkcert. https:\/\/github.com\/FiloSottile\/mkcert."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.5555\/3294362"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131151.3131157"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11390-016-1672-0"},{"key":"e_1_3_2_1_57_1","first-page":"1","article-title":"The structure and dynamics of knowledge network in domain-specific Q&A sites: a case study of stack overflow","volume":"22","author":"Ye Deheng","year":"2016","journal-title":"Empirical Software Engineering"},{"key":"e_1_3_2_1_58_1","volume-title":"An Analysis of Java Related Posts on Stack Overflow. In 2019 2nd International Conference on Artificial Intelligence and Big Data (ICAIBD). IEEE","author":"Zhang Peng","year":"2019"},{"key":"e_1_3_2_1_59_1","unstructured":"Radim \u0158eh\u016f\u0159ek and Petr Sojka. 2011. Gensim---statistical semantics in python. https:\/\/radimrehurek.com\/gensim_4.0.0\/index.html.  Radim \u0158eh\u016f\u0159ek and Petr Sojka. 2011. Gensim---statistical semantics in python. https:\/\/radimrehurek.com\/gensim_4.0.0\/index.html."}],"event":{"name":"ESEM '21: ACM \/ IEEE International Symposium on Empirical Software Engineering and Measurement","location":"Bari Italy","acronym":"ESEM '21","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"]},"container-title":["Proceedings of the 15th ACM \/ IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3475716.3475786","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3475716.3475786","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:18Z","timestamp":1750193298000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3475716.3475786"}},"subtitle":["The Unique Pain Points of Writing Automated Tests Involving Security Controls"],"short-title":[],"issued":{"date-parts":[[2021,10,11]]},"references-count":59,"alternative-id":["10.1145\/3475716.3475786","10.1145\/3475716"],"URL":"https:\/\/doi.org\/10.1145\/3475716.3475786","relation":{},"subject":[],"published":{"date-parts":[[2021,10,11]]},"assertion":[{"value":"2021-10-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}