{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,25]],"date-time":"2025-10-25T12:48:31Z","timestamp":1761396511500,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":55,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,4,19]],"date-time":"2023-04-19T00:00:00Z","timestamp":1681862400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,4,19]]},"DOI":"10.1145\/3544548.3580705","type":"proceedings-article","created":{"date-parts":[[2023,4,20]],"date-time":"2023-04-20T04:27:55Z","timestamp":1681964875000},"page":"1-17","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Analyzing the Use of Public and In-house Secure Development Guidelines in U.S. and Japanese Industries"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5212-9274","authenticated-orcid":false,"given":"Fumihiro","family":"Kanei","sequence":"first","affiliation":[{"name":"NTT, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5527-5306","authenticated-orcid":false,"given":"Ayako A.","family":"Hasegawa","sequence":"additional","affiliation":[{"name":"NICT, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8743-9101","authenticated-orcid":false,"given":"Eitaro","family":"Shioji","sequence":"additional","affiliation":[{"name":"NTT, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7052-8562","authenticated-orcid":false,"given":"Mitsuaki","family":"Akiyama","sequence":"additional","affiliation":[{"name":"NTT, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,4,19]]},"reference":[{"key":"e_1_3_3_3_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.25"},{"key":"e_1_3_3_3_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2016.013"},{"key":"e_1_3_3_3_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2017.17"},{"key":"e_1_3_3_3_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380405"},{"key":"e_1_3_3_3_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00122"},{"key":"e_1_3_3_3_6_1","volume-title":"Proceedings of the 14th Symposium on Usable Privacy and Security(SOUPS \u201918)","author":"Assal Hala","year":"2018","unstructured":"Hala Assal and Sonia Chiasson. 2018. Security in the Software Development Lifecycle. In Proceedings of the 14th Symposium on Usable Privacy and Security(SOUPS \u201918). USENIX Association, 281\u2013296."},{"key":"e_1_3_3_3_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300519"},{"key":"e_1_3_3_3_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2019.00016"},{"key":"e_1_3_3_3_9_1","first-page":"2","article-title":"The Menlo Report","volume":"10","author":"Dittrich Michael","year":"2012","unstructured":"Bailey, Michael and Dittrich, David and Kenneally, Erin and Maughan, Doug. 2012. The Menlo Report. IEEE Security and Privacy 10, 2 (Mar 2012), 71\u201375.","journal-title":"IEEE Security and Privacy"},{"key":"e_1_3_3_3_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2007.08.006"},{"key":"e_1_3_3_3_11_1","unstructured":"Carnegie Mellon University. 2022. SEI CERT Coding Standards - CERT Secure Coding - Confluence. https:\/\/wiki.sei.cmu.edu\/confluence\/display\/seccode"},{"key":"e_1_3_3_3_12_1","unstructured":"Dennis Child. 1990. The Essentials of Factor Analysis. Cassell Educational."},{"key":"e_1_3_3_3_13_1","volume-title":"A Coefficient of Agreement for Nominal Scales. Educational and psychological measurement 20, 1","author":"Cohen Jacob","year":"1960","unstructured":"Jacob Cohen. 1960. A Coefficient of Agreement for Nominal Scales. Educational and psychological measurement 20, 1 (1960), 37\u201346."},{"volume-title":"Statistical power analysis for the behavioral sciences","author":"Cohen Jacob","key":"e_1_3_3_3_14_1","unstructured":"Jacob Cohen. 2013. Statistical power analysis for the behavioral sciences. Routledge."},{"key":"e_1_3_3_3_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1035233.1035236"},{"key":"e_1_3_3_3_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom50675.2020.00055"},{"key":"e_1_3_3_3_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-SEET52601.2021.00034"},{"key":"e_1_3_3_3_18_1","volume-title":"Evaluating the use of exploratory factor analysis in psychological research. Psychological methods 4, 3","author":"Fabrigar R","year":"1999","unstructured":"Leandre\u00a0R Fabrigar, Duane\u00a0T Wegener, Robert\u00a0C MacCallum, and Erin\u00a0J Strahan. 1999. Evaluating the use of exploratory factor analysis in psychological research. Psychological methods 4, 3 (1999), 272."},{"key":"e_1_3_3_3_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.31"},{"volume-title":"Perspective. In Proceedings of the 30th USENIX Security Symposium(SEC \u201921)","author":"Wolf Flynn","key":"e_1_3_3_3_20_1","unstructured":"Flynn Wolf and Adam J. Aviv and Ravi Kuber. 2021. Security Obstacles and Motivations for Small Businesses from a CISO\u2019s Perspective. In Proceedings of the 30th USENIX Security Symposium(SEC \u201921). USENIX Association, 1199\u20131216."},{"key":"e_1_3_3_3_21_1","volume-title":"Proceedings of the 14th Symposium on Usable Privacy and Security(SOUPS \u201918)","author":"Gorski Peter\u00a0Leo","year":"2018","unstructured":"Peter\u00a0Leo Gorski, Luigi\u00a0Lo Iacono, Dominik Wermke, Christian Stransky, Sebastian Moeller, Yasemin Acar, and Sascha Fahl. 2018. Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse. In Proceedings of the 14th Symposium on Usable Privacy and Security(SOUPS \u201918). USENIX Association, 265\u2013281."},{"key":"e_1_3_3_3_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.111"},{"key":"e_1_3_3_3_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833756"},{"key":"e_1_3_3_3_24_1","volume-title":"Proceedings of the Fourteenth Symposium on Usable Privacy and Security(SOUPS \u201918)","author":"Haney M","year":"2018","unstructured":"Julie\u00a0M Haney, Mary Theofanos, Yasemin Acar, and Sandra\u00a0Spickard Prettyman. 2018. \u201cWe make it a big deal in the company\u201d: Security Mindsets in Organizations that Develop Cryptographic Products. In Proceedings of the Fourteenth Symposium on Usable Privacy and Security(SOUPS \u201918). 357\u2013373."},{"volume-title":"Sequential Kaiser-meyer-olkin Procedure as an Alternative for Determining the Number of Factors in Common-factor Analysis: a Monte Carlo Simulation. Ph.\u00a0D. Dissertation","author":"Hill Brent\u00a0Dale","key":"e_1_3_3_3_25_1","unstructured":"Brent\u00a0Dale Hill. 2011. Sequential Kaiser-meyer-olkin Procedure as an Alternative for Determining the Number of Factors in Common-factor Analysis: a Monte Carlo Simulation. Ph.\u00a0D. Dissertation. Oklahoma State University."},{"key":"e_1_3_3_3_26_1","doi-asserted-by":"publisher","DOI":"10.14722\/eurousec.2017.23015"},{"key":"e_1_3_3_3_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485832.3485922"},{"key":"e_1_3_3_3_28_1","volume-title":"The Measurement of Observer Agreement for Categorical Data. Biometrics","author":"Landis J\u00a0Richard","year":"1977","unstructured":"J\u00a0Richard Landis and Gary\u00a0G Koch. 1977. The Measurement of Observer Agreement for Categorical Data. Biometrics (1977), 159\u2013174."},{"key":"e_1_3_3_3_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/CHASE.2019.00023"},{"key":"e_1_3_3_3_30_1","unstructured":"Macromill Group. 2020.. https:\/\/group.macromill.com\/"},{"key":"e_1_3_3_3_31_1","unstructured":"Ministry of Internal Affairs and Communications. 2018. (In Japanese). https:\/\/www.soumu.go.jp\/johotsusintokei\/whitepaper\/ja\/h30\/html\/nd113110.html"},{"key":"e_1_3_3_3_32_1","volume-title":"Proceedings of the 14th Symposium on Usable Privacy and Security(SOUPS \u201918)","author":"Oliveira Daniela\u00a0Seabra","year":"2018","unstructured":"Daniela\u00a0Seabra Oliveira, Tian Lin, Muhammad\u00a0Sajidur Rahman, Rad Akefirad, Donovan Ellis, Eliany Perez, Rahul Bobhate, Lois\u00a0A. DeLong, Justin Cappos, Yuriy Brun, and Natalie\u00a0C. Ebner. 2018. API Blindspots: Why Experienced Developers Write Vulnerable Code. In Proceedings of the 14th Symposium on Usable Privacy and Security(SOUPS \u201918). USENIX Association, 315\u2013328."},{"key":"e_1_3_3_3_33_1","unstructured":"Open Web Application Security Project. 2022. OWASP Application Security Verification Standard. https:\/\/owasp.org\/www-project-application-security-verification-standard\/"},{"key":"e_1_3_3_3_34_1","unstructured":"OWASP. 2022. OWASP SAMM. https:\/\/owaspsamm.org\/"},{"key":"e_1_3_3_3_35_1","volume-title":"Proceedings of the 16th Symposium on Usable Privacy and Security(SOUPS \u201920)","author":"Palombo Hernan","year":"2020","unstructured":"Hernan Palombo, Armin\u00a0Ziaie Tabari, Daniel Lende, Jay Ligatti, and Xinming Ou. 2020. An Ethnographic Understanding of Software (In)Security and a Co-Creation Model to Improve Secure Software Development. In Proceedings of the 16th Symposium on Usable Privacy and Security(SOUPS \u201920). USENIX Association, 205\u2013220."},{"key":"e_1_3_3_3_36_1","volume-title":"Proceedings of the 15th Symposium on Usable Privacy and Security(SOUPS \u201919)","author":"Patnaik Nikhil","year":"2019","unstructured":"Nikhil Patnaik, Joseph Hallett, and Awais Rashid. 2019. Usability Smells: An Analysis of Developers\u2019 Struggle with Crypto Libraries. In Proceedings of the 15th Symposium on Usable Privacy and Security(SOUPS \u201919). USENIX Association, 245\u2013257."},{"key":"e_1_3_3_3_37_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0895-4356(96)00236-3"},{"key":"e_1_3_3_3_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2998181.2998191"},{"key":"e_1_3_3_3_39_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2011.09.009"},{"key":"e_1_3_3_3_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025926"},{"key":"e_1_3_3_3_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445488"},{"key":"e_1_3_3_3_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW.2019.00021"},{"key":"e_1_3_3_3_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3491102.3501957"},{"key":"e_1_3_3_3_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445616"},{"key":"e_1_3_3_3_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3173836"},{"key":"e_1_3_3_3_46_1","volume-title":"Proceedings of the 16th Symposium on Usable Privacy and Security(SOUPS \u201921)","author":"Tuladhar Anwesh","year":"2021","unstructured":"Anwesh Tuladhar, Daniel Lende, Jay Ligatti, and Xinming Ou. 2021. An Analysis of the Role of Situated Learning in Starting a Security Culture in a Software Company. In Proceedings of the 16th Symposium on Usable Privacy and Security(SOUPS \u201921). USENIX Association, 617\u2013632."},{"key":"e_1_3_3_3_47_1","volume-title":"RSA Conference","author":"Ukrop Martin","year":"2018","unstructured":"Martin Ukrop and Vashek Matyas. 2018. Why Johnny the Developer Can\u2019t Work with Public Key Certificates: An Experimental Study of OpenSSL Usability. In Topics in Cryptology \u2013 CT-RSA 2018: The Cryptographers\u2019 Track at the RSA Conference 2018. Springer, 45\u201364."},{"key":"e_1_3_3_3_48_1","volume-title":"Relaxing the Rule of Ten Events per Variable in Logistic and Cox Regression. American journal of epidemiology 165, 6","author":"Vittinghoff Eric","year":"2007","unstructured":"Eric Vittinghoff and Charles\u00a0E McCulloch. 2007. Relaxing the Rule of Ten Events per Variable in Logistic and Cox Regression. American journal of epidemiology 165, 6 (2007), 710\u2013718."},{"key":"e_1_3_3_3_49_1","doi-asserted-by":"publisher","DOI":"10.1177\/0095798418771807"},{"key":"e_1_3_3_3_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-SEIP52600.2021.00011"},{"key":"e_1_3_3_3_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786816"},{"key":"e_1_3_3_3_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/2531602.2531722"},{"key":"e_1_3_3_3_53_1","volume-title":"Proceedings of the 2011 IEEE Symposium on Visual Languages and Human-Centric Computing(VL\/HCC \u201911)","author":"Xie Jing","year":"2011","unstructured":"Jing Xie, Heather\u00a0Richter Lipford, and Bill Chu. 2011. Why do programmers make security errors?. In Proceedings of the 2011 IEEE Symposium on Visual Languages and Human-Centric Computing(VL\/HCC \u201911). IEEE."},{"key":"e_1_3_3_3_54_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11390-016-1672-0"},{"key":"e_1_3_3_3_55_1","volume-title":"Proceedings of the 2018 IEEE\/ACM 40th International Conference on Software Engineering(ICSE \u201918)","author":"Zhang Tianyi","year":"2018","unstructured":"Tianyi Zhang, Ganesha Upadhyaya, Anastasia Reinhardt, Hridesh Rajan, and Miryung Kim. 2018. Are Online Code Examples Reliable ? An Empirical Study of API Misuse on Stack Overflow. In Proceedings of the 2018 IEEE\/ACM 40th International Conference on Software Engineering(ICSE \u201918). IEEE, 886\u2013896."}],"event":{"name":"CHI '23: CHI Conference on Human Factors in Computing Systems","sponsor":["SIGCHI ACM Special Interest Group on Computer-Human Interaction"],"location":"Hamburg Germany","acronym":"CHI '23"},"container-title":["Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3544548.3580705","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3544548.3580705","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:37:24Z","timestamp":1750178244000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3544548.3580705"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,4,19]]},"references-count":55,"alternative-id":["10.1145\/3544548.3580705","10.1145\/3544548"],"URL":"https:\/\/doi.org\/10.1145\/3544548.3580705","relation":{},"subject":[],"published":{"date-parts":[[2023,4,19]]},"assertion":[{"value":"2023-04-19","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}