{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T04:08:31Z","timestamp":1772165311963,"version":"3.50.1"},"reference-count":16,"publisher":"Association for Computing Machinery (ACM)","issue":"6","license":[{"start":{"date-parts":[[2024,5,23]],"date-time":"2024-05-23T00:00:00Z","timestamp":1716422400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"published-print":{"date-parts":[[2024,6]]},"abstract":"<jats:p>Continuous assurance at scale.<\/jats:p>","DOI":"10.1145\/3651621","type":"journal-article","created":{"date-parts":[[2024,4,12]],"date-time":"2024-04-12T14:57:53Z","timestamp":1712933873000},"page":"52-60","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Developer Ecosystems for Software Safety"],"prefix":"10.1145","volume":"67","author":[{"given":"Christoph","family":"Kern","sequence":"first","affiliation":[{"name":"Google's Security Foundations organization, Seattle, WA, USA"}]}],"member":"320","published-online":{"date-parts":[[2024,5,23]]},"reference":[{"key":"e_1_3_1_2_2","volume-title":"Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems","author":"Adkins H.","year":"2020","unstructured":"Adkins, H. et al. Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems. O\u2019Reilly Media, 2020; https:\/\/sre.google\/books\/building-secure-reliable-systems\/."},{"key":"e_1_3_1_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/2491245"},{"key":"e_1_3_1_4_2","unstructured":"CWE. Stubborn Weaknesses in the CWE Top 25 2023; https:\/\/cwe.mitre.org\/top25\/archive\/2023\/2023_stubborn_weaknesses.html."},{"key":"e_1_3_1_5_2","unstructured":"CWE. Top 25 Most Dangerous Software Weaknesses 2023; https:\/\/cwe.mitre.org\/top25\/archive\/2023\/2023_top25_list.html."},{"key":"e_1_3_1_6_2","unstructured":"Czapi\u0144ski M. and Wolafka R. Zero Touch Prod: Towards safer and more secure production environments. Usenix 2019; https:\/\/www.usenix.org\/conference\/srecon19emea\/presentation\/czapinski."},{"key":"e_1_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/2643134"},{"key":"e_1_3_1_8_2","unstructured":"Kotowicz K. Trusted Types 2024; https:\/\/w3c.github.io\/trusted-types\/dist\/spec\/."},{"key":"e_1_3_1_9_2","unstructured":"Leveson N. A systems approach to safety and cybersecurity. Usenix 2019; https:\/\/www.usenix.org\/conference\/srecon19emea\/presentation\/leveson."},{"key":"e_1_3_1_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/3446796"},{"key":"e_1_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_1_12_2","volume-title":"The CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems","author":"Seacord R.C.","year":"2014","unstructured":"Seacord, R.C. The CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems, 2nd ed., Addison-Wesley Professional, 2014.","edition":"2"},{"key":"e_1_3_1_13_2","doi-asserted-by":"publisher","unstructured":"Verma A. et al. Large-scale cluster management at Google with Borg. In Proceedings of the 10th European Conf. Computer Systems 2015; 10.1145\/2741948.2741964.","DOI":"10.1145\/2741948.2741964"},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","unstructured":"Wang P. Bangert J. and Kern C.. If it\u2019s not secure it should not compile: Preventing DOM-based XSS in large-scale web development with API hardening. In Proceedings of IEEE\/ACM 43rd Intern. Conf. Softw. Eng. 2021 1360\u20131372; 10.1109\/ICSE43902.2021.00123.","DOI":"10.1109\/ICSE43902.2021.00123"},{"key":"e_1_3_1_15_2","doi-asserted-by":"crossref","unstructured":"Wang P. Gumundsson B.A. and Kotowicz K.. Adopting Trusted Types in production web frameworks to prevent DOM-based cross-site scripting: A case study. In IEEE 2021 European Symp. Security and Privacy Workshops 60\u201373; https:\/\/research.google\/pubs\/pub50513\/.","DOI":"10.1109\/EuroSPW54576.2021.00013"},{"key":"e_1_3_1_16_2","volume-title":"Software Engineering at Google: Lessons Learned from Programming over Time","author":"Winters T.","year":"2020","unstructured":"Winters, T., Manshreck, T., Wright, H. Software Engineering at Google: Lessons Learned from Programming over Time. O\u2019Reilly Media, 2020."},{"key":"e_1_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1145\/2556938"}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3651621","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3651621","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:57:19Z","timestamp":1750291039000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3651621"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5,23]]},"references-count":16,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2024,6]]}},"alternative-id":["10.1145\/3651621"],"URL":"https:\/\/doi.org\/10.1145\/3651621","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"value":"0001-0782","type":"print"},{"value":"1557-7317","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,5,23]]},"assertion":[{"value":"2024-05-23","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}