{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T05:56:13Z","timestamp":1780466173064,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":91,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,5,21]],"date-time":"2022-05-21T00:00:00Z","timestamp":1653091200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Swiss National Science Foundation","award":["PP00P2_170529"],"award-info":[{"award-number":["PP00P2_170529"]}]},{"name":"Swiss National Science Foundation 2","award":["PZ00P2_186090"],"award-info":[{"award-number":["PZ00P2_186090"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,5,21]]},"DOI":"10.1145\/3510003.3511560","type":"proceedings-article","created":{"date-parts":[[2022,7,5]],"date-time":"2022-07-05T22:42:59Z","timestamp":1657060979000},"page":"1317-1329","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":25,"title":["Less is more"],"prefix":"10.1145","author":[{"given":"Larissa","family":"Braz","sequence":"first","affiliation":[{"name":"University of Zurich"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Christian","family":"Aeberhard","sequence":"additional","affiliation":[{"name":"University of Zurich"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"G\u00fcl","family":"\u00c7alikli","sequence":"additional","affiliation":[{"name":"University of Glasgow"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Alberto","family":"Bacchelli","sequence":"additional","affiliation":[{"name":"University of Zurich"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2022,7,5]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2020. CWE Top 25 Most Dangerous Software Errors. https:\/\/cwe.mitre.org\/top25\/archive\/2019\/2019_cwe_top25.html."},{"key":"e_1_3_2_1_2_1","unstructured":"2020. GitLab: Mapping the DevSecOps Landscape - 2020 Survey. https:\/\/about.gitlab.com\/developer-survey."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/52.28121"},{"key":"e_1_3_2_1_4_1","volume-title":"Proceedings of the Symposium on Software Validation: Inspection-Testing-Verification-Alternatives. 13--40","author":"Ackerman A.","unstructured":"A. Ackerman, P. Fowler, and R. Ebenau. 1984. Software Inspections and the Industrial Production of Software. In Proceedings of the Symposium on Software Validation: Inspection-Testing-Verification-Alternatives. 13--40."},{"key":"e_1_3_2_1_5_1","unstructured":"O. Akinola and A. Osofisan. 2009. An Empirical Comparative Study of Checklist based and Ad Hoc Code Reading Techniques in a Distributed Groupware Environment. arXiv preprint arXiv:0909.4260 (2009)."},{"key":"e_1_3_2_1_6_1","first-page":"53","article-title":"Software security requirements checklist","volume":"3","author":"Alam M.","year":"2010","unstructured":"M. Alam. 2010. Software security requirements checklist. International Journal of Software Engineering 3, 1 (2010), 53--62.","journal-title":"International Journal of Software Engineering"},{"key":"e_1_3_2_1_7_1","volume-title":"Proceedings of the symposium on usable privacy and security. 281--296","author":"Assal H.","unstructured":"H. Assal and S. Chiasson. [n.d.]. Security in the software development lifecycle. In Proceedings of the symposium on usable privacy and security. 281--296."},{"key":"e_1_3_2_1_8_1","volume-title":"Proceedings of the workshop on Defects in large software systems. 1--5.","author":"Ayewah N.","unstructured":"N. Ayewah and W. Pugh. 2008. A report on a survey and study of static analysis users. In Proceedings of the workshop on Defects in large software systems. 1--5."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","unstructured":"N. Ayewah W. Pugh D. Hovemeyer J. Morgenthaler and J. Penix. 2008. Using static analysis to find bugs. IEEE software 25 5 (2008) 22--29.","DOI":"10.1109\/MS.2008.130"},{"key":"e_1_3_2_1_10_1","volume-title":"Proceedings of the International Conference on Software Engineering. 712--721","author":"Bacchelli A.","unstructured":"A. Bacchelli and C. Bird. 2013. Expectations, outcomes, and challenges of modern code review. In Proceedings of the International Conference on Software Engineering. 712--721."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.71"},{"key":"e_1_3_2_1_12_1","volume-title":"Proceedings of the international symposium on foundations of software engineering. 85--96","author":"Baum T.","unstructured":"T. Baum, O. Liskin, K. Niklas, and K. Schneider. 2016. Factors influencing code review processes in industry. In Proceedings of the international symposium on foundations of software engineering. 85--96."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-018-9676-8"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1109\/MSP.2008.43","article-title":"Security by Checklist","volume":"6","author":"Bellovin S.","year":"2008","unstructured":"S. Bellovin. 2008. Security by Checklist. IEEE Security Privacy 6, 2 (2008), 88--88.","journal-title":"IEEE Security Privacy"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"B. Boehm and V. Basili. 2001. Software Defect Reduction Top 10 List. 34 1 (2001) 135--137.","DOI":"10.1109\/2.962984"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","unstructured":"L. Braz G. \u00c7alikli and A. Bacchelli. 2022. Data and Material. 10.5281\/zenodo.6026291","DOI":"10.5281\/zenodo.6026291"},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the International Conference on Software Engineering. 499--511","author":"Braz L.","unstructured":"L. Braz, E. Fregnan, G. \u00c7alikli, and A. Bacchelli. 2021. Why Don't Developers Detect Improper Input Validation?'; DROP TABLE Papers;-. In Proceedings of the International Conference on Software Engineering. 499--511."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/308769.308798"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.553635"},{"key":"e_1_3_2_1_20_1","volume-title":"Proceedings of the International Conference on Software Engineering: Software Engineering Education and Training. 20--29","author":"Chong C.","unstructured":"C. Chong, P. Thongtanunam, and C. Tantithamthavorn. 2021. Assessing the Students' Understanding and their Mistakes in Code Review Checklists-An Experience Report of 1,791 Code Review Checklist Questions from 394 Students. In Proceedings of the International Conference on Software Engineering: Software Engineering Education and Training. 20--29."},{"key":"e_1_3_2_1_21_1","volume-title":"Proceedings of the international conference on automated software engineering. 332--343","author":"Christakis M.","unstructured":"M. Christakis and C. Bird. 2016. What developers want and need from program analysis: an empirical study. In Proceedings of the international conference on automated software engineering. 332--343."},{"key":"e_1_3_2_1_22_1","first-page":"329","article-title":"Modern Code Review. In Making Software. O'Reilly","volume":"18","author":"Cohen J.","year":"2010","unstructured":"J. Cohen. 2010. Modern Code Review. In Making Software. O'Reilly, Chapter 18, 329--338.","journal-title":"Chapter"},{"key":"e_1_3_2_1_23_1","unstructured":"T. Cook and D. Campbell. 1979. Quasi-Experimentation: Design and Analysis Issues for Field Settings. Houghton Mifflin Company."},{"key":"e_1_3_2_1_24_1","unstructured":"T. Cook D. Campbell and W. Shadish. 2002. Experimental and quasi-experimental designs for generalized causal inference."},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the International Conference on Agile Software Development. Springer, Cham, 201--216","author":"Cruzes D.","unstructured":"D. Cruzes, M. Felderer, T. Oyetoyan, M. Gander, and I. Pekaric. 2017. How is security testing done in agile teams? A cross-case analysis of four software teams. In Proceedings of the International Conference on Agile Software Development. Springer, Cham, 201--216."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2003.1223643"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2003.1223643"},{"key":"e_1_3_2_1_28_1","volume-title":"Proceedings of the International Symposium on Engineering Secure Software and Systems. 197--212","author":"Edmundson A.","unstructured":"A. Edmundson, B. Holtkamp, E. Rivera, M. Finifter, A. Mettler, and D. Wagner. 2013. An empirical study on the effectiveness of security code review. In Proceedings of the International Symposium on Engineering Secure Software and Systems. 197--212."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1147\/sj.153.0182"},{"key":"e_1_3_2_1_30_1","volume-title":"Software pioneers","author":"Fagan M.","unstructured":"M. Fagan. 2002. Design and code inspections to reduce errors in program development. In Software pioneers. Springer, 575--607."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9523-3"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.3758\/BF03193146"},{"key":"e_1_3_2_1_33_1","volume-title":"Retrieved","author":"Foundation The OWASP","year":"2017","unstructured":"The OWASP Foundation. 2017. O WASP Foundation. Retrieved July 18, 2021 from https:\/\/owasp.org\/"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.58729\/1941-6679.1176"},{"key":"e_1_3_2_1_35_1","unstructured":"Gerrit. 2020. Gerrit Code Review. https:\/\/www.gerritcodereview.com\/."},{"key":"e_1_3_2_1_36_1","unstructured":"T. Gilb and D. Graham. 1993. Software inspections. Addison-Wesley Reading Masachusetts."},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. 243--248","author":"Gilliam D.","unstructured":"D. Gilliam, T. Wolfe, J. Sherif, and M. Bishop. 2003. Software security checklist for the software life cycle. In Proceedings of the International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. 243--248."},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings of the International Conference on Mining Software Repositories. 606--610","author":"Gon\u00e7alves P.","unstructured":"P. Gon\u00e7alves, E. Fregnan, T. Baum, K. Schneider, and A. Bacchelli. 2020. Do Explicit Review Strategies Improve Code Review Performance?. In Proceedings of the International Conference on Mining Software Repositories. 606--610."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.111"},{"key":"e_1_3_2_1_40_1","unstructured":"HackerOne. 2022. HackerOne. https:\/\/www.hackerone.com\/."},{"key":"e_1_3_2_1_41_1","volume-title":"The Programmer's Brain: What every programmer needs to know about cognition","author":"Hermans F.","unstructured":"F. Hermans. 2021. The Programmer's Brain: What every programmer needs to know about cognition. Manning Publications."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.2174\/1874107X00903010015"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0164-1212(99)00073-4"},{"key":"e_1_3_2_1_44_1","unstructured":"F. Lanubile and G. Visaggio. 2000. Evaluating defect detection techniques for software requirements inspections. International SoftwareEngineering Research Network Report (2000) 1--24."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2008.71"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2004.1281254"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-015-9381-9"},{"key":"e_1_3_2_1_48_1","volume-title":"Proceedings of the International Symposium on Empirical Software Engineering and Measurement. 1--10","author":"Meneely A.","unstructured":"A. Meneely and L. Williams. 2010. Strengthening the Empirical Analysis of the Relationship between Linus' Law and Software Security. In Proceedings of the International Symposium on Empirical Software Engineering and Measurement. 1--10."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382756.2382785"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"crossref","unstructured":"A. Naiakshina A. Danilova E. Gerlitz E. von Zezschwitz and M. Smith. 2019. \"If You Want I Can Store the Encrypted Password\": A Password-Storage Field Study with Freelance Developers. 1--12.","DOI":"10.1145\/3290605.3300370"},{"key":"e_1_3_2_1_51_1","volume-title":"Proceedings of the Conference on Computer and Communications Security. 311--328","author":"Naiakshina A.","unstructured":"A. Naiakshina, A. Danilova, C. Tiefenau, M. Herzog, S. Dechand, and M. Smith. 2017. Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study. In Proceedings of the Conference on Computer and Communications Security. 311--328."},{"key":"e_1_3_2_1_52_1","volume-title":"Proceedings of the Conference on Usable Privacy and Security. 297--313","author":"Naiakshina A.","unstructured":"A. Naiakshina, A. Danilova, C. Tiefenau, and M. Smith. 2018. Deception Task Design in Developer Password Studies: Exploring a Student Sample. In Proceedings of the Conference on Usable Privacy and Security. 297--313."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"crossref","unstructured":"E. Neumayer and T. Pl\u00fcmper. 2017. Robustness tests for quantitative research. Cambridge University Press.","DOI":"10.1017\/9781108233590"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.5120\/15174-3251"},{"key":"e_1_3_2_1_55_1","volume-title":"Proceedings of the New Security Paradigms Workshop. Association for Computing Machinery, 46--56","author":"Pieczul O.","unstructured":"O. Pieczul, S. Foley, and M. Zurko. 2017. Developer-Centered Security and the Symmetry of Ignorance. In Proceedings of the New Security Paradigms Workshop. Association for Computing Machinery, 46--56."},{"key":"e_1_3_2_1_56_1","volume-title":"The economic impacts of inadequate infrastructure for software testing","author":"Planning Strategic","year":"2002","unstructured":"Strategic Planning. 2002. The economic impacts of inadequate infrastructure for software testing. National Institute of Standards and Technology (2002)."},{"key":"e_1_3_2_1_57_1","volume-title":"Proceedings of the conference on computer supported cooperative work and social computing. 2489--2503","author":"Poller A.","unstructured":"A. Poller, L. Kocksch, S. Trpe, F. Epp, and K. Kinder-Kurlanda. 2017. Can security become a routine? A study of organizational change in an agile software development group. In Proceedings of the conference on computer supported cooperative work and social computing. 2489--2503."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.391380"},{"key":"e_1_3_2_1_59_1","volume-title":"Retrieved","author":"Project CWE","year":"2013","unstructured":"CWE Project. 2013. CWE Category - Sensitive Data Exposure. Retrieved July 19, 2021 from https:\/\/cwe.mitre.org\/data\/definitions\/1029.html"},{"key":"e_1_3_2_1_60_1","volume-title":"Retrieved","author":"Project CWE","year":"2021","unstructured":"CWE Project. 2021. CWE-209: Generation of Error Message Containing Sensitive Information. Retrieved June 28, 2021 from https:\/\/cwe.mitre.org\/data\/definitions\/209.html"},{"key":"e_1_3_2_1_61_1","volume-title":"Retrieved","author":"Project CWE","year":"2021","unstructured":"CWE Project. 2021. CWE-311: Missing Encryption of Sensitive Data. Retrieved August, 2021 from https:\/\/cwe.mitre.org\/data\/definitions\/311.html"},{"key":"e_1_3_2_1_62_1","volume-title":"Retrieved","author":"Project CWE","year":"2021","unstructured":"CWE Project. 2021. CWE-327: Use of a Broken or Risky Cryptographic Algorithm. Retrieved June 29, 2021 from https:\/\/cwe.mitre.org\/data\/definitions\/327.html"},{"key":"e_1_3_2_1_63_1","volume-title":"Retrieved","author":"Project OWASP","year":"2017","unstructured":"OWASP Project. 2017. O WASP Code Review Guide 2.0. Retrieved June 28, 2021 from https:\/\/owasp.org\/www-pdf-archive\/OWASP_Code_Review_Guide_v2.pdf"},{"key":"e_1_3_2_1_64_1","volume-title":"Retrieved","author":"Project OWASP","year":"2017","unstructured":"OWASP Project. 2017. OWASP Top Ten. Retrieved May 27, 2021 from https:\/\/owasp.org\/www-project-top-ten"},{"key":"e_1_3_2_1_65_1","volume-title":"Retrieved","author":"Project OWASP","year":"2017","unstructured":"OWASP Project. 2017. Sensitive Data Exposure. Retrieved June 28, 2021 from https:\/\/owasp.org\/www-project-top-ten\/2017\/A3_2017-Sensitive_Data_Exposure"},{"key":"e_1_3_2_1_66_1","volume-title":"Proceedings of the Joint Meeting on Foundations of Software Engineering. 202--212","author":"Rigby P.","unstructured":"P. Rigby and C. Bird. 2013. Convergent contemporary software peer review practices. In Proceedings of the Joint Meeting on Foundations of Software Engineering. 202--212."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594458"},{"key":"e_1_3_2_1_68_1","volume-title":"Proceedings of the Conference on Software Engineering Education and Training. 120--124","author":"Rong G.","unstructured":"G. Rong, J. Li, M. Xie, and T. Zheng. 2012. The effect of checklist in code review for inexperienced students: An empirical study. In Proceedings of the Conference on Software Engineering Education and Training. 120--124."},{"key":"e_1_3_2_1_69_1","volume-title":"Proceedings of the International Conference on Software Engineering: Software Engineering in Practice. 181--190","author":"Sadowski C.","unstructured":"C. Sadowski, E. S\u00f6derberg, L. Church, M. Sipko, and A. Bacchelli. 2018. Modern code review: a case study at google. In Proceedings of the International Conference on Software Engineering: Software Engineering in Practice. 181--190."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.81"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"crossref","unstructured":"R. Shirey. 2000. Internet security glossary.","DOI":"10.17487\/rfc2828"},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2015.2398363"},{"key":"e_1_3_2_1_73_1","unstructured":"Ilja Smarjov. 2020. O WASP Secure coding practices checklist and training: Assessment of effectiveness in a technology company. Master's thesis. TALLINN UNIVERSITY OF TECHNOLOGY."},{"key":"e_1_3_2_1_74_1","volume-title":"Proceedings of the Joint Meeting on Foundations of Software Engineering. 248--259","author":"Smith J.","unstructured":"J. Smith, B. Johnson, E. Murphy-Hill, B. Chu, and H. Lipford. 2015. Questions developers ask while diagnosing potential security vulnerabilities with static analysis. In Proceedings of the Joint Meeting on Foundations of Software Engineering. 248--259."},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2810116"},{"key":"e_1_3_2_1_76_1","volume-title":"Proceedings of the Annual Chaos Communication Congress.","author":"Sotirov A.","year":"2008","unstructured":"A. Sotirov, M. Stevens, J. Appelbaum, A. Lenstra, D. Molnar, D. Arne Osvik, and B. de Weger. 2008. MD5 considered harmful today, creating a rogue CA certificate. In Proceedings of the Annual Chaos Communication Congress."},{"key":"e_1_3_2_1_77_1","volume-title":"Proceedings of the International Conference on Software Engineering. 1171--1182","author":"Spadini D.","unstructured":"D. Spadini, G. \u00c7alikli, and A. Bacchelli. 2020. Primers or Reminders? The Effects of Existing Review Comments on Code Review. In Proceedings of the International Conference on Software Engineering. 1171--1182."},{"key":"e_1_3_2_1_78_1","unstructured":"D. Spencer. 2009. Card sorting: Designing usable categories. Rosenfeld Media."},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW.2019.00021"},{"key":"e_1_3_2_1_80_1","volume-title":"Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. 1--12","author":"Thomas T.","unstructured":"T. Thomas, M. Tabassum, B. Chu, and H. Lipford. 2018. Security during application development: An application security expert perspective. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. 1--12."},{"key":"e_1_3_2_1_81_1","volume-title":"Proceedings of the International Conference on Predictive Models and Data Analytics in Software Engineering. 83--92","author":"Thompson C.","unstructured":"C. Thompson and D. Wagner. 2017. A Large-Scale Study of Modern Code Review and Security in Open Source Projects. In Proceedings of the International Conference on Predictive Models and Data Analytics in Software Engineering. 83--92."},{"key":"e_1_3_2_1_82_1","unstructured":"TIOBE. 2020. TIOBE-Index. https:\/\/www.tiobe.com\/tiobe-index\/."},{"key":"e_1_3_2_1_83_1","volume-title":"Proceedings of the Symposium on Usable Privacy and Security.","author":"Turpe S.","unstructured":"S. Turpe, L. Kocksch, and A. Poller. 2016. Penetration Tests a Turning Point in Security Practices? Organizational Challenges and Implications in a Software Development Team. In Proceedings of the Symposium on Usable Privacy and Security."},{"key":"e_1_3_2_1_85_1","volume-title":"Proceedings of the Symposium on Usable Privacy and Security.","author":"Weir C.","unstructured":"C. Weir, A. Rashid, and J. Noble. 2016. How to improve the security skills of mobile app developers? Comparing and contrasting expert views. In Proceedings of the Symposium on Usable Privacy and Security."},{"key":"e_1_3_2_1_86_1","volume-title":"Argument, Please: Using Dialectic for Effective App Security.","author":"Weir C.","year":"2017","unstructured":"C. Weir, A. Rashid, and J. Noble. 2017. I'd Like to Have an Argument, Please: Using Dialectic for Effective App Security. (2017)."},{"key":"e_1_3_2_1_87_1","volume-title":"Last accessed","year":"2021","unstructured":"Wikipedia. Last accessed August 2021. Yahoo! data breaches. https:\/\/en.wikipedia.org\/wiki\/Yahoo!_data_breaches#Late_2014_breach."},{"key":"e_1_3_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2006.08.003"},{"key":"e_1_3_2_1_89_1","volume-title":"Proceedings of the New Security Paradigms Workshop. 89--97","author":"Wurster G.","unstructured":"G. Wurster and P. Van Oorschot. 2008. The developer is the enemy. In Proceedings of the New Security Paradigms Workshop. 89--97."},{"key":"e_1_3_2_1_90_1","volume-title":"Proceedings of the Conference on Computer supported cooperative work and social computing. 1095--1106","author":"Xiao S.","unstructured":"S. Xiao, J. Witschey, and E. Murphy-Hill. 2014. Social influences on secure development tool adoption: why security tools spread. In Proceedings of the Conference on Computer supported cooperative work and social computing. 1095--1106."},{"key":"e_1_3_2_1_91_1","volume-title":"Proceedings of the Symposium on Visual Languages and Human-Centric Computing. 161--164","author":"Xie J.","unstructured":"J. Xie, H. R. Lipford, and B. Chu. 2011. Why do programmers make security errors?. In Proceedings of the Symposium on Visual Languages and Human-Centric Computing. 161--164."},{"key":"e_1_3_2_1_92_1","volume-title":"Software Reading Techniques","author":"Zhu Y.","unstructured":"Y. Zhu. 2016. Software Reading Techniques. Springer."}],"event":{"name":"ICSE '22: 44th International Conference on Software Engineering","location":"Pittsburgh Pennsylvania","acronym":"ICSE '22","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"]},"container-title":["Proceedings of the 44th International Conference on Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3510003.3511560","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3510003.3511560","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:12:24Z","timestamp":1750191144000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3510003.3511560"}},"subtitle":["supporting developers in vulnerability detection during code review"],"short-title":[],"issued":{"date-parts":[[2022,5,21]]},"references-count":91,"alternative-id":["10.1145\/3510003.3511560","10.1145\/3510003"],"URL":"https:\/\/doi.org\/10.1145\/3510003.3511560","relation":{},"subject":[],"published":{"date-parts":[[2022,5,21]]},"assertion":[{"value":"2022-07-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}