{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T19:40:07Z","timestamp":1755891607301,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":43,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,12,6]],"date-time":"2021-12-06T00:00:00Z","timestamp":1638748800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,12,6]]},"DOI":"10.1145\/3485832.3485922","type":"proceedings-article","created":{"date-parts":[[2021,12,6]],"date-time":"2021-12-06T13:42:32Z","timestamp":1638798152000},"page":"349-364","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["A Cross-role and Bi-national Analysis on Security Efforts and Constraints of Software Development Projects"],"prefix":"10.1145","author":[{"given":"Fumihiro","family":"Kanei","sequence":"first","affiliation":[{"name":"NTT, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ayako Akiyama","family":"Hasegawa","sequence":"additional","affiliation":[{"name":"NTT"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eitaro","family":"Shioji","sequence":"additional","affiliation":[{"name":"NTT"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mitsuaki","family":"Akiyama","sequence":"additional","affiliation":[{"name":"NTT"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,12,6]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Proceedings of the 2016 IEEE Symposium on Security and Privacy(SP \u201916)","author":"Acar Yasemin","year":"2018","unstructured":"Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle\u00a0L Mazurek, and Christian Stransky. 2018. You get where you\u2019re looking for: The impact of information sources on code security. In Proceedings of the 2016 IEEE Symposium on Security and Privacy(SP \u201916). IEEE."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2016.013"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2017.17"},{"key":"e_1_3_2_1_4_1","volume-title":"Proceedings of the 16th Symposium on Usable Privacy and Security(SOUPS \u201920)","author":"Alomar Noura","year":"2020","unstructured":"Noura Alomar, Primal Wijesekera, Edward Qiu, and Serge Egelman. 2020. \u201cYou\u2019ve Got Your Nice List of Bugs, Now What?\u201d Vulnerability Discovery and Management Processes in the Wild. In Proceedings of the 16th Symposium on Usable Privacy and Security(SOUPS \u201920). USENIX Association, 319\u2013339."},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of the 14th Symposium on Usable Privacy and Security(SOUPS \u201918)","author":"Assal Hala","year":"2018","unstructured":"Hala Assal and Sonia Chiasson. 2018. Security in the Software Development Lifecycle. In Proceedings of the 14th Symposium on Usable Privacy and Security(SOUPS \u201918). USENIX Association."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300519"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2015.45"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2011.82"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1035233.1035236"},{"key":"e_1_3_2_1_10_1","volume-title":"Evaluating the use of exploratory factor analysis in psychological research.Psychological methods 4, 3","author":"Fabrigar R","year":"1999","unstructured":"Leandre\u00a0R Fabrigar, Duane\u00a0T Wegener, Robert\u00a0C MacCallum, and Erin\u00a0J Strahan. 1999. Evaluating the use of exploratory factor analysis in psychological research.Psychological methods 4, 3 (1999), 272."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.5555\/1929820.1929834"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.31"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.5555\/3361338.3361362"},{"key":"e_1_3_2_1_14_1","unstructured":"Gartner. 2019. Newsroom (In Japanese). https:\/\/www.gartner.com\/jp\/newsroom\/press-releases\/pr-20190221."},{"volume-title":"Results Summary: Agile in the Enterprise. https:\/\/circle.gartner.com\/Portals\/2\/Resources\/pdf\/Agile in the Enterprise 2019 - Results Summary (updated).pdf.","year":"2019","key":"e_1_3_2_1_15_1","unstructured":"Gartner. 2019. Results Summary: Agile in the Enterprise. https:\/\/circle.gartner.com\/Portals\/2\/Resources\/pdf\/Agile in the Enterprise 2019 - Results Summary (updated).pdf."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2018.00018"},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the 14th Symposium on Usable Privacy and Security(SOUPS \u201918)","author":"Gorski Peter\u00a0Leo","year":"2018","unstructured":"Peter\u00a0Leo Gorski, Luigi\u00a0Lo Iacono, Dominik Wermke, Christian Stransky, Sebastian Moeller, Yasemin Acar, and Sascha Fahl. 2018. Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse. In Proceedings of the 14th Symposium on Usable Privacy and Security(SOUPS \u201918). USENIX Association."},{"volume-title":"Sequential Kaiser-meyer-olkin Procedure as an Alternative for Determining the Number of Factors in Common-factor Analysis: a Monte Carlo Simulation. Ph.\u00a0D. Dissertation","author":"Hill Brent\u00a0Dale","key":"e_1_3_2_1_18_1","unstructured":"Brent\u00a0Dale Hill. 2011. Sequential Kaiser-meyer-olkin Procedure as an Alternative for Determining the Number of Factors in Common-factor Analysis: a Monte Carlo Simulation. Ph.\u00a0D. Dissertation. Oklahoma State University."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.14722\/eurousec.2017.23015"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354239"},{"volume-title":"Proceedings of the 14th Conference on USENIX Security Symposium(SSYM \u201905)","author":"V.","key":"e_1_3_2_1_21_1","unstructured":"V.\u00a0Benjamin Livshits and Monica\u00a0S. Lam. 2005. Finding Security Vulnerabilities in Java Applications with Static Analysis. In Proceedings of the 14th Conference on USENIX Security Symposium(SSYM \u201905). USENIX Association, 18."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897896"},{"key":"e_1_3_2_1_23_1","unstructured":"[23] Macromill Group.2020. https:\/\/group.macromill.com\/."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00125"},{"key":"e_1_3_2_1_25_1","unstructured":"Ministry of Internal Affairs and Communications. 2019. (In Japanese). https:\/\/www.soumu.go.jp\/johotsusintokei\/whitepaper\/ja\/r01\/html\/nd112210.html."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376791"},{"key":"e_1_3_2_1_27_1","unstructured":"National Institute of Standards and Technology. 2020. Zero Trust Architecture. https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-207.pdf."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133977"},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of the 14th Symposium on Usable Privacy and Security(SOUPS \u201918)","author":"Oliveira Daniela\u00a0Seabra","year":"2018","unstructured":"Daniela\u00a0Seabra Oliveira, Tian Lin, Muhammad\u00a0Sajidur Rahman, Rad Akefirad, Donovan Ellis, Eliany Perez, Rahul Bobhate, Lois\u00a0A. DeLong, Justin Cappos, Yuriy Brun, and Natalie\u00a0C. Ebner. 2018. API Blindspots: Why Experienced Developers Write Vulnerable Code. In Proceedings of the 14th Symposium on Usable Privacy and Security(SOUPS \u201918). USENIX Association."},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the 16th Symposium on Usable Privacy and Security(SOUPS \u201920)","author":"Palombo Hernan","year":"2020","unstructured":"Hernan Palombo, Armin\u00a0Ziaie Tabari, Daniel Lende, Jay Ligatti, and Xinming Ou. 2020. An Ethnographic Understanding of Software (In)Security and a Co-Creation Model to Improve Secure Software Development. In Proceedings of the 16th Symposium on Usable Privacy and Security(SOUPS \u201920). USENIX Association."},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of the 15th Symposium on Usable Privacy and Security(SOUPS \u201919)","author":"Patnaik Nikhil","year":"2019","unstructured":"Nikhil Patnaik, Joseph Hallett, and Awais Rashid. 2019. Usability Smells: An Analysis of Developers\u2019 Struggle with Crypto Libraries. In Proceedings of the 15th Symposium on Usable Privacy and Security(SOUPS \u201919). USENIX Association."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2998181.2998191"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300663"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23205"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW.2019.00021"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3173836"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376754"},{"key":"e_1_3_2_1_38_1","volume-title":"Fix It. In Proceedings of the 29th Conference on USENIX Security Symposium(SEC \u201920)","author":"Votipka Daniel","year":"2020","unstructured":"Daniel Votipka, Kelsey\u00a0R. Fulton, James Parker, Matthew Hou, Michelle\u00a0L. Mazurek, and Hicks Michael. 2020. Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It. In Proceedings of the 29th Conference on USENIX Security Symposium(SEC \u201920). USENIX Association."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-SEIP52600.2021.00011"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2018.00019"},{"key":"e_1_3_2_1_41_1","volume-title":"Proceedings of the 2011 IEEE Symposium on Visual Languages and Human-Centric Computing(VL\/HCC \u201911)","author":"Xie Jing","year":"2011","unstructured":"Jing Xie, Heather\u00a0Richter Lipford, and Bill Chu. 2011. Why do programmers make security errors?. In Proceedings of the 2011 IEEE Symposium on Visual Languages and Human-Centric Computing(VL\/HCC \u201911). IEEE."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23255"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606611"}],"event":{"name":"ACSAC '21: Annual Computer Security Applications Conference","acronym":"ACSAC '21","location":"Virtual Event USA"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3485832.3485922","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3485832.3485922","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T19:14:24Z","timestamp":1755890064000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3485832.3485922"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,12,6]]},"references-count":43,"alternative-id":["10.1145\/3485832.3485922","10.1145\/3485832"],"URL":"https:\/\/doi.org\/10.1145\/3485832.3485922","relation":{},"subject":[],"published":{"date-parts":[[2021,12,6]]},"assertion":[{"value":"2021-12-06","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}