{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T09:21:24Z","timestamp":1767864084792,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":97,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,2,7]],"date-time":"2024-02-07T00:00:00Z","timestamp":1707264000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,2,7]]},"DOI":"10.1145\/3634713.3634729","type":"proceedings-article","created":{"date-parts":[[2024,1,23]],"date-time":"2024-01-23T18:06:19Z","timestamp":1706033179000},"page":"112-122","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Vulnerably (Mis)Configured? Exploring 10 Years of Developers' Q&As on Stack Overflow"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7186-404X","authenticated-orcid":false,"given":"Richard","family":"May","sequence":"first","affiliation":[{"name":"Harz University of Applied Sciences, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-6001-2431","authenticated-orcid":false,"given":"Christian","family":"Biermann","sequence":"additional","affiliation":[{"name":"msg services gmbh, Germany and Harz University of Applied Sciences, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-1057-5989","authenticated-orcid":false,"given":"Xenia Marlene","family":"Zerweck","sequence":"additional","affiliation":[{"name":"Harz University of Applied Sciences, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4679-9754","authenticated-orcid":false,"given":"Kai","family":"Ludwig","sequence":"additional","affiliation":[{"name":"Landesamt f\u00fcr Geoinformation und Landesvermessung Niedersachsen, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0283-248X","authenticated-orcid":false,"given":"Jacob","family":"Kr\u00fcger","sequence":"additional","affiliation":[{"name":"Eindhoven University of Technology, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9580-7728","authenticated-orcid":false,"given":"Thomas","family":"Leich","sequence":"additional","affiliation":[{"name":"Harz University of Applied Sciences, Germany"}]}],"member":"320","published-online":{"date-parts":[[2024,2,7]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Automated Software Engineering Conference. ACM, 421\u2013432","author":"Abal I.","unstructured":"I. Abal, C. Brabrand, and A. Wasowski. 2014. 42 variability bugs in the Linux kernel: A qualitative analysis. In Automated Software Engineering Conference. ACM, 421\u2013432."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3149119"},{"key":"e_1_3_2_1_3_1","volume-title":"Cyber security and the internet of things: Vulnerabilities, threats, intruders and attacks. Journal of Cyber Security and Mobility","author":"Abomhara M.","year":"2015","unstructured":"M. Abomhara and G.\u00a0M. K\u00f8ien. 2015. Cyber security and the internet of things: Vulnerabilities, threats, intruders and attacks. Journal of Cyber Security and Mobility (2015), 65\u201388."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2803210"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2018.02.005"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1108\/DTA-07-2017-0054"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1155\/2022\/4908134"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"S. Apel D. Batory C. K\u00e4stner and G. Saake. 2013. Feature-oriented software product lines. Springer.","DOI":"10.1007\/978-3-642-37521-7"},{"key":"e_1_3_2_1_9_1","article-title":"Evaluating database security and cyber attacks: A relational approach","volume":"20","author":"Bamrara A.","year":"2015","unstructured":"A. Bamrara. 2015. Evaluating database security and cyber attacks: A relational approach. The Journal of Internet Banking and Commerce 20, 2 (2015).","journal-title":"The Journal of Internet Banking and Commerce"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-012-9231-y"},{"key":"e_1_3_2_1_11_1","volume-title":"Conference of the Special Interest Group on Data Communication. ACM, 155\u2013168","author":"Beckett R.","unstructured":"R. Beckett, A. Gupta, R. Mahajan, and D. Walker. 2017. A general approach to network configuration verification. In Conference of the Special Interest Group on Data Communication. ACM, 155\u2013168."},{"key":"e_1_3_2_1_12_1","volume-title":"Stack Overflow. In International Conference on Advanced Aspects of Software Engineering. IEEE, 1\u20135.","author":"Beddiar C.","year":"2020","unstructured":"C. Beddiar, I.\u00a0E. Khelili, N. Bounour, and A.-D. Seriai. 2020. Classification of android APIs posts: An analysis of developer\u2019s discussions on Stack Overflow. In International Conference on Advanced Aspects of Software Engineering. IEEE, 1\u20135."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.5555\/944919.944937"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","unstructured":"D. Bringhenti G. Marchetto R. Sisto and F. Valenza. 2023. Automation for network security configuration: State of the art and research Trends. Comput. Surveys (2023).","DOI":"10.1145\/3616401"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(02)00352-3"},{"key":"e_1_3_2_1_16_1","volume-title":"Conference on Control Systems and Computer Science. IEEE, 312\u2013316","author":"Cernica I.","unstructured":"I. Cernica and N. Popescu. 2019. Security evaluation of wordpress backup plugins. In Conference on Control Systems and Computer Science. IEEE, 312\u2013316."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-10054-w"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2110147.2110167"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"crossref","unstructured":"A.\u00a0A. Elkhail and T. Cerny. 2019. On relating code smells to security vulnerabilities. In BigDataSecurity. IEEE 7\u201312.","DOI":"10.1109\/BigDataSecurity-HPSC-IDS.2019.00013"},{"key":"e_1_3_2_1_20_1","volume-title":"International Database Engineering and Applications Symposium. ACM, 202\u2013203","author":"Fernandes S.","unstructured":"S. Fernandes and J. Bernardino. 2015. What is BigQuery?. In International Database Engineering and Applications Symposium. ACM, 202\u2013203."},{"key":"e_1_3_2_1_21_1","volume-title":"Automated Software Engineering Conference. 1\u201312","author":"Fernandez-Amoros D.","unstructured":"D. Fernandez-Amoros, R. Heradio, C. Mayr-Dorn, and A. Egyed. 2022. Scalable sampling of highly-configurable systems: Generating random instances of the Linux kernel. In Automated Software Engineering Conference. 1\u201312."},{"key":"e_1_3_2_1_22_1","volume-title":"Symposium on Security and Privacy. IEEE, 121\u2013136","author":"Fischer F.","unstructured":"F. Fischer, K. B\u00f6ttinger, H. Xiao, C. Stransky, Y. Acar, M. Backes, and S. Fahl. 2017. Stack Overflow considered harmful? The impact of copy&paste on Android application security. In Symposium on Security and Privacy. IEEE, 121\u2013136."},{"key":"e_1_3_2_1_23_1","volume-title":"IST-Africa","author":"Gamundani M.","unstructured":"A.\u00a0M. Gamundani and L.\u00a0M. Nekare. 2018. A review of new trends in cyber attacks: A zoom into distributed database systems. In IST-Africa. IEEE, 1\u20139."},{"key":"e_1_3_2_1_24_1","volume-title":"Inferring and Securing Software Configurations Using Automated Reasoning. In Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM, 1517\u20131520","author":"Gazzillo P.","year":"2020","unstructured":"P. Gazzillo. 2020. Inferring and Securing Software Configurations Using Automated Reasoning. In Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM, 1517\u20131520."},{"key":"e_1_3_2_1_25_1","volume-title":"International Symposium on Technologies for Homeland Security. IEEE.","author":"Gutgarts B.","unstructured":"P.\u00a0B. Gutgarts and A. Temin. 2010. Security-critical versus safety-critical software. In International Symposium on Technologies for Homeland Security. IEEE."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.tbench.2023.100089"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"M.\u00a0U. Haque L.\u00a0H. Iwaya and M.\u00a0A. Babar. 2020. Challenges in docker development: A large-scale study using Stack Overflow. In Empirical Software Engineering and Measurement. ACM 1\u201311.","DOI":"10.1145\/3382494.3410693"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/s13369-019-04319-2"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.02.003"},{"key":"e_1_3_2_1_30_1","volume-title":"European Conference on Computer Systems. ACM, 199\u2013217","author":"Iqbal S.","unstructured":"M.\u00a0S. Iqbal, R. Krishna, M.\u00a0A. Javidian, B. Ray, and P. Jamshidi. 2022. Unicorn: Reasoning about configurable system performance through the lens of causality. In European Conference on Computer Systems. ACM, 199\u2013217."},{"key":"e_1_3_2_1_31_1","unstructured":"ISO\/IEC 25010 2011. Systems and software engineering \u2013 SQuaRE - System and software quality. Standard. ISO."},{"key":"e_1_3_2_1_32_1","unstructured":"ISO\/IEC 27000 2018. Information technology \u2013 Security techniques \u2013 Information security management systems. Standard. ISO."},{"key":"e_1_3_2_1_33_1","unstructured":"ISO\/IEC 27001 2013. Information Security Management Systems \u2013 Requirements. Standard. ISO."},{"key":"e_1_3_2_1_34_1","unstructured":"ISO\/IEC 27005 2022. Information security cybersecurity and privacy protection \u2013 Guidance on managing information security risks. Standard. ISO."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"K.\u00a0C. Kang S.\u00a0G. Cohen J.\u00a0A. Hess W.\u00a0E. Novak and A.\u00a0S. Peterson. 1990. Feature-oriented domain analysis feasibility study. Technical Report CMU\/SEI-90-TR-21. Carnegie Mellon University.","DOI":"10.21236\/ADA235785"},{"key":"e_1_3_2_1_36_1","volume-title":"Working Conference on Variability Modelling of Software-Intensive Systems. ACM, 1\u20139.","author":"Kenner A.","unstructured":"A. Kenner, S. Dassow, C. Lausberger, J. Kr\u00fcger, and T. Leich. 2020. Using variability modeling to support security evaluations: Virtualizing the right attack scenarios. In Working Conference on Variability Modelling of Software-Intensive Systems. ACM, 1\u20139."},{"key":"e_1_3_2_1_37_1","volume-title":"Systems and Software Product Line Conference. ACM, 148\u2013159","author":"Kenner A.","unstructured":"A. Kenner, R. May, J. Kr\u00fcger, G. Saake, and T. Leich. 2021. Safety, security, and configurable software systems: A systematic mapping study. In Systems and Software Product Line Conference. ACM, 148\u2013159."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3052311"},{"key":"e_1_3_2_1_39_1","volume-title":"Evidence-based software engineering and systematic reviews","author":"Kitchenham A.","unstructured":"B.\u00a0A. Kitchenham, D. Budgen, and O.\u00a0P. Brereton. 2015. Evidence-based software engineering and systematic reviews. CRC Press."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","unstructured":"V. Klotzman F. Farmahinifarahani and C. Lopes. 2021. Public software development activity during the pandemic. In Empirical Software Engineering and Measurement. 1\u201312.","DOI":"10.1145\/3475716.3475778"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3167132.3167458"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.31219\/osf.io\/m7ghx"},{"key":"e_1_3_2_1_43_1","volume-title":"International Workshop on Conducting Empirical Studies in Industry. IEEE, 23\u201326","author":"Kr\u00fcger J.","unstructured":"J. Kr\u00fcger, I. Schr\u00f6ter, A. Kenner, and T. Leich. 2017. Empirical studies in question-answering systems: A discussion. In International Workshop on Conducting Empirical Studies in Industry. IEEE, 23\u201326."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.egyr.2021.08.126"},{"key":"e_1_3_2_1_45_1","volume-title":"International Conference on Software Quality, Reliability and Security. IEEE, 1060\u20131068","author":"Licorish A.","unstructured":"S.\u00a0A. Licorish and T. Nishatharan. 2021. Contextual profiling of Stack Overflow Java code cecurity vulnerabilities initial insights from a pilot study. In International Conference on Software Quality, Reliability and Security. IEEE, 1060\u20131068."},{"key":"e_1_3_2_1_46_1","volume-title":"Mining Software Repositories Conference. IEEE, 93\u201396","author":"Linares-V\u00e1squez M.","unstructured":"M. Linares-V\u00e1squez, B. Dit, and D. Poshyvanyk. 2013. An exploratory analysis of mobile development issues using Stack Overflow. In Mining Software Repositories Conference. IEEE, 93\u201396."},{"key":"e_1_3_2_1_47_1","volume-title":"International Conference on Information and Communication Technologies for Sustainability. ACM, 26\u201332","author":"Lopez T.","unstructured":"T. Lopez, T.\u00a0T. Tun, A. Bandara, M. Levine, B. Nuseibeh, and H. Sharp. 2018. An investigation of security conversations in Stack Overflow: Perceptions of security and community involvement. In International Conference on Information and Communication Technologies for Sustainability. ACM, 26\u201332."},{"key":"e_1_3_2_1_48_1","volume-title":"Systems and Software Product Line Conference. ACM, 218\u2013230","author":"Ludwig K.","unstructured":"K. Ludwig, J. Kr\u00fcger, and T. Leich. 2019. Covert and phantom features in annotations: Do they impact variability analysis?. In Systems and Software Product Line Conference. ACM, 218\u2013230."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.52825\/ocp.v2i.149"},{"key":"e_1_3_2_1_50_1","volume-title":"International Conference on ENTERprise Information Systems. Elsevier, 1\u20138.","author":"May R.","unstructured":"R. May, C. Biermann, A. Kenner, J. Kr\u00fcger, and T. Leich. 2023. A product-line-engineering framework for secure enterprise-resource-planning systems. In International Conference on ENTERprise Information Systems. Elsevier, 1\u20138."},{"key":"e_1_3_2_1_51_1","volume-title":"Systems and Software Product Line Conference. ACM, 108\u2013119","author":"May R.","unstructured":"R. May, C. Biermann, J. Kr\u00fcger, G. Saake, and T. Leich. 2022. A systematic mapping study of security concepts for configurable data storages. In Systems and Software Product Line Conference. ACM, 108\u2013119."},{"key":"e_1_3_2_1_52_1","volume-title":"International Conference on Software Technologies. SciTePress, 217\u2013224","author":"May R.","unstructured":"R. May, J. Gautam, C. Sharma, C. Biermann, and T. Leich. 2023. A systematic mapping study on security in configurable safety-critical systems based on product-line concepts. In International Conference on Software Technologies. SciTePress, 217\u2013224."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"crossref","unstructured":"J. Meinicke T. Th\u00fcm R. Schr\u00f6ter F. Benduhn T. Leich and G. Saake. 2017. Mastering software variability with FeatureIDE. Springer.","DOI":"10.1007\/978-3-319-61443-4"},{"key":"e_1_3_2_1_54_1","volume-title":"Conference on Automated Software Engineering. ACM, 483\u2013494","author":"Meinicke J.","unstructured":"J. Meinicke, C.-P. Wong, C. K\u00e4stner, T. Th\u00fcm, and G. Saake. 2016. On essential configuration complexity: Measuring interactions in highly-configurable systems. In Conference on Automated Software Engineering. ACM, 483\u2013494."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3084226.3084267"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2006.145"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2008.03.004"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2010.05.007"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180201"},{"key":"e_1_3_2_1_60_1","volume-title":"Systems and Software Product Line Conference. ACM, 149\u2013159","author":"Mesa O.","unstructured":"O. Mesa, R. Vieira, M. Viana, V.\u00a0H.\u00a0S. Durelli, E. Cirilo, M. Kalinowski, and C. Lucena. 2018. Understanding vulnerabilities in pPugin-based web systems: An exploratory study of wordpress. In Systems and Software Product Line Conference. ACM, 149\u2013159."},{"key":"e_1_3_2_1_61_1","volume-title":"International Conference on Software Engineering. IEEE, 140\u2013151","author":"Nadi S.","unstructured":"S. Nadi, T. Berger, C. K\u00e4stner, and K. Czarnecki. 2014. Mining configuration constraints: Static analyses and empirical results. In International Conference on Software Engineering. IEEE, 140\u2013151."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2022.111563"},{"key":"e_1_3_2_1_63_1","volume-title":"Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM, 62\u201373","author":"Ne\u0161i\u0107 D.","unstructured":"D. Ne\u0161i\u0107, J. Kr\u00fcger, S. St\u0103nciulescu, and T. Berger. 2019. Principles of feature modeling. In Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM, 62\u201373."},{"key":"e_1_3_2_1_64_1","first-page":"1","article-title":"Feature interaction: The security threat from within software systems","volume":"5","author":"Nhlabatsi A.","year":"2008","unstructured":"A. Nhlabatsi, R. Laney, and B. Nuseibeh. 2008. Feature interaction: The security threat from within software systems. Progress in Informatics 5, 75 (2008), 1.","journal-title":"Progress in Informatics"},{"key":"e_1_3_2_1_65_1","volume-title":"Guide to data-centric system threat modeling. Standard","author":"NIST SP","unstructured":"NIST SP 800-154 2016. Guide to data-centric system threat modeling. Standard. National Institute of Standards and Technology."},{"key":"e_1_3_2_1_66_1","volume-title":"Guide for conducting risk assessments. Standard","author":"NIST SP","unstructured":"NIST SP 800-30r1 2012. Guide for conducting risk assessments. Standard. National Institute of Standards and Technology."},{"key":"e_1_3_2_1_67_1","volume-title":"International Symposium on Communication Systems, Networks and Digital Signal Processing. IEEE, 1\u20136.","author":"Onumah N.","unstructured":"N. Onumah, S. Attwood, and R. Kharel. 2020. Towards secure application development: A cyber security centred holistic approach. In International Symposium on Communication Systems, Networks and Digital Signal Processing. IEEE, 1\u20136."},{"key":"e_1_3_2_1_68_1","volume-title":"Software product line engineering: Foundations, principles, and techniques","author":"Pohl K.","unstructured":"K. Pohl, G. B\u00f6ckle, and F. Van Der\u00a0Linden. 2005. Software product line engineering: Foundations, principles, and techniques. Springer."},{"key":"e_1_3_2_1_69_1","article-title":"The CIA strikes back: Redefining confidentiality, integrity and availability in security","volume":"10","author":"Samonas S.","year":"2014","unstructured":"S. Samonas and D. Coss. 2014. The CIA strikes back: Redefining confidentiality, integrity and availability in security. Journal of Information System Security 10, 3 (2014).","journal-title":"Journal of Information System Security"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133888"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10009-012-0253-y"},{"key":"e_1_3_2_1_72_1","volume-title":"Hawaii International Conference on System Sciences. IEEE, 2898\u20132907","author":"Sengupta S.","unstructured":"S. Sengupta and C. Haythornthwaite. 2020. Learning with comments: An analysis of comments and community on Stack Overflow. In Hawaii International Conference on System Sciences. IEEE, 2898\u20132907."},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/2934687"},{"key":"e_1_3_2_1_74_1","volume-title":"Conference on Empirical Methods in Natural Language Processing. ACL, 952\u2013961","author":"Stevens K.","unstructured":"K. Stevens, P. Kegelmeyer, D. Andrzejewski, and D. Buttler. 2012. Exploring topic coherence over many models and many topics. In Conference on Empirical Methods in Natural Language Processing. ACL, 952\u2013961."},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/2855321.2855368"},{"key":"e_1_3_2_1_76_1","volume-title":"European Symposium on Usable Security. ACM, 117\u2013130","author":"Tahaei M.","unstructured":"M. Tahaei, J. Bernd, and A. Rashid. 2022. Privacy, permissions, and the health app ecosystem: A stack overflow exploration. In European Symposium on Usable Security. ACM, 117\u2013130."},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2022-0038"},{"key":"e_1_3_2_1_78_1","volume-title":"Conference on Human Factors in Computing Systems. ACM, 1\u201314","author":"Tahaei M.","unstructured":"M. Tahaei, K. Vaniea, and N. Saphra. 2020. Understanding Privacy-related questions on Stack Overflow. In Conference on Human Factors in Computing Systems. ACM, 1\u201314."},{"key":"e_1_3_2_1_79_1","volume-title":"European Conference on Computer Systems. ACM, 47\u201360","author":"Tartler R.","unstructured":"R. Tartler, D. Lohmann, J. Sincero, and W. Schr\u00f6der-Preikschat. 2011. Feature consistency in compile-time-configurable system software: Facing the Linux 10,000 feature problem. In European Conference on Computer Systems. ACM, 47\u201360."},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1145\/2580950"},{"key":"e_1_3_2_1_81_1","volume-title":"International Conference on Information Integration and Web-based Applications & Services. ACM, 1\u20137.","author":"Trunde H.","unstructured":"H. Trunde and E. Weippl. 2015. Wordpress security: An analysis based on publicly available exploits. In International Conference on Information Integration and Web-based Applications & Services. ACM, 1\u20137."},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.compind.2021.103524"},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2016.184"},{"key":"e_1_3_2_1_84_1","volume-title":"International Conference on Software Engineering. ACM, 300\u2013301","author":"von Nostitz-Wallwitz I.","unstructured":"I. von Nostitz-Wallwitz, J. Kr\u00fcger, J. Siegmund, and T. Leich. 2018. Knowledge transfer from research to industry: A survey on program comprehension. In International Conference on Software Engineering. ACM, 300\u2013301."},{"key":"e_1_3_2_1_85_1","unstructured":"R. Wang Y. Zhou S. Chen S. Qadeer D. Evans and Y. Gurevich. 2013. Explicating { SDKs} : uncovering assumptions underlying secure authentication and authorization. In Security. USENIX 399\u2013314."},{"key":"e_1_3_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102537"},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.4236\/ijcns.2022.158010"},{"key":"e_1_3_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1002\/smr.2376"},{"key":"e_1_3_2_1_89_1","doi-asserted-by":"crossref","unstructured":"J. Xu and G. Russello. 2022. Automated security-focused network configuration management: State of the art challenges and future directions. In nternational Conference on Software Engineering and Applications. IEEE 409\u2013420.","DOI":"10.1109\/DSA56465.2022.00061"},{"key":"e_1_3_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2901767"},{"key":"e_1_3_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1145\/2631775.2631809"},{"key":"e_1_3_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11390-016-1672-0"},{"key":"e_1_3_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10462-018-09680-6"},{"key":"e_1_3_2_1_94_1","volume-title":"International Conference on Software Engineering. IEEE, 652\u2013661","author":"Zheng Y.","unstructured":"Y. Zheng and X. Zhang. 2013. Path sensitive static analysis of web applications for remote code execution vulnerability detection. In International Conference on Software Engineering. IEEE, 652\u2013661."},{"key":"e_1_3_2_1_95_1","volume-title":"Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM, 914\u2013919","author":"Zhou Y.","unstructured":"Y. Zhou and A. Sharma. 2017. Automated identification of security issues from commit messages and bug reports. In Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM, 914\u2013919."},{"key":"e_1_3_2_1_96_1","volume-title":"Perspectives on Data Science for Software Engineering","author":"Zimmermann T.","unstructured":"T. Zimmermann. 2016. Card-sorting: From text to themes. In Perspectives on Data Science for Software Engineering. Elsevier, 137\u2013141."},{"key":"e_1_3_2_1_97_1","doi-asserted-by":"publisher","DOI":"10.1080\/08874417.2020.1712269"}],"event":{"name":"VaMoS 2024: 18th International Working Conference on Variability Modelling of Software-Intensive Systems","location":"Bern Switzerland","acronym":"VaMoS 2024"},"container-title":["Proceedings of the 18th International Working Conference on Variability Modelling of Software-Intensive Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634713.3634729","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3634713.3634729","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T01:43:27Z","timestamp":1755913407000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634713.3634729"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,2,7]]},"references-count":97,"alternative-id":["10.1145\/3634713.3634729","10.1145\/3634713"],"URL":"https:\/\/doi.org\/10.1145\/3634713.3634729","relation":{},"subject":[],"published":{"date-parts":[[2024,2,7]]},"assertion":[{"value":"2024-02-07","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}