{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,4]],"date-time":"2026-06-04T15:54:44Z","timestamp":1780588484990,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":96,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,2,4]],"date-time":"2025-02-04T00:00:00Z","timestamp":1738627200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,2,4]]},"DOI":"10.1145\/3715340.3715439","type":"proceedings-article","created":{"date-parts":[[2025,5,28]],"date-time":"2025-05-28T17:04:13Z","timestamp":1748451853000},"page":"30-39","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Asking Security Practitioners: Did You Find the Vulnerable (Mis)Configuration?"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7186-404X","authenticated-orcid":false,"given":"Richard","family":"May","sequence":"first","affiliation":[{"name":"Harz University of Applied Sciences, Wernigerode, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-6001-2431","authenticated-orcid":false,"given":"Christian","family":"Biermann","sequence":"additional","affiliation":[{"name":"msg services gmbh, Harz University of Applied Sciences, Hamburg, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0283-248X","authenticated-orcid":false,"given":"Jacob","family":"Kr\u00fcger","sequence":"additional","affiliation":[{"name":"Eindhoven University of Technology, Eindhoven, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9580-7728","authenticated-orcid":false,"given":"Thomas","family":"Leich","sequence":"additional","affiliation":[{"name":"Harz University of Applied Sciences, Wernigerode, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2025,5,28]]},"reference":[{"key":"e_1_3_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.1145\/2642937.2642990"},{"key":"e_1_3_3_2_3_2","doi-asserted-by":"crossref","unstructured":"I. Abal J. Melo \u015e. St\u0103nciulescu C. Brabrand M. Ribeiro and A. W\u0105sowski. 2018. Variability bugs in highly configurable systems: A qualitative analysis. ACM Transactions on Software Engineering and Methodology 26 3 (2018) 1\u201334.","DOI":"10.1145\/3149119"},{"key":"e_1_3_3_2_4_2","doi-asserted-by":"crossref","unstructured":"P. Abate R. Di\u00a0Cosmo R. Treinen and S. Zacchiroli. 2012. Dependency solving: A separate concern in component evolution management. Journal of Systems and Software 85 10 (2012) 2228\u20132240.","DOI":"10.1016\/j.jss.2012.02.018"},{"key":"e_1_3_3_2_5_2","doi-asserted-by":"crossref","unstructured":"M. Abomhara and G.\u00a0M. K\u00f8ien. 2015. Cyber security and the internet of things: Vulnerabilities threats intruders and attacks. Journal of Cyber Security and Mobility (2015) 65\u201388.","DOI":"10.13052\/jcsm2245-1439.414"},{"key":"e_1_3_3_2_6_2","doi-asserted-by":"crossref","unstructured":"S. AboulEla N. Ibrahim S. Shehmir A. Yadav and R. Kashef. 2024. Navigating the cyber threat landscape: An in-depth analysis of attack detection within IoT ecosystems. AI 5 2 (2024) 704\u2013732.","DOI":"10.3390\/ai5020037"},{"key":"e_1_3_3_2_7_2","doi-asserted-by":"crossref","unstructured":"M. Alicea and I. Alsmadi. 2021. Misconfiguration in firewalls and network access controls: Literature review. Future Internet 13 11 (2021) 283\u2013298.","DOI":"10.3390\/fi13110283"},{"key":"e_1_3_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37521-7"},{"key":"e_1_3_3_2_9_2","doi-asserted-by":"crossref","unstructured":"M. Arlitt and C. Williamson. 2004. Understanding web server configuration issues. Software: Practice and Experience 34 2 (2004) 163\u2013186.","DOI":"10.1002\/spe.575"},{"key":"e_1_3_3_2_10_2","unstructured":"A. Asen W. Bohmayr S. Deutscher M. Gonz\u00e1lez and D. Mkrtchian. 2019. Are you spending enough on cybersecurity? Boston Consulting Group (2019)."},{"key":"e_1_3_3_2_11_2","doi-asserted-by":"crossref","unstructured":"A. Bamrara. 2015. Evaluating database security and cyber attacks: A relational approach. The Journal of Internet Banking and Commerce 20 2 (2015) 1\u201316.","DOI":"10.4172\/1204-5357.1000115"},{"key":"e_1_3_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1145\/3098822.3098834"},{"key":"e_1_3_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/EnCyCriS52570.2021.00014"},{"key":"e_1_3_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/3419111.3421305"},{"key":"e_1_3_3_2_15_2","doi-asserted-by":"crossref","unstructured":"D. Bringhenti G. Marchetto R. Sisto and F. Valenza. 2023. Automation for network security configuration: State of the art and research trends. Comput. Surveys 56 3 (2023) 1\u201337.","DOI":"10.1145\/3616401"},{"key":"e_1_3_3_2_16_2","doi-asserted-by":"crossref","unstructured":"M. Calder M. Kolberg E.\u00a0H. Magill and S. Reiff-Marganiec. 2003. Feature interaction: A critical review and considered forecast. Computer Networks 41 1 (2003) 115\u2013141.","DOI":"10.1016\/S1389-1286(02)00352-3"},{"key":"e_1_3_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICTC.2016.7763373"},{"key":"e_1_3_3_2_18_2","volume-title":"Cybersecurity workforce gap","author":"Crumpler W.","year":"2022","unstructured":"W. Crumpler and J.\u00a0A. Lewis. 2022. Cybersecurity workforce gap. JSTOR."},{"key":"e_1_3_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/2110147.2110167"},{"key":"e_1_3_3_2_20_2","doi-asserted-by":"crossref","unstructured":"D. Dalalana\u00a0Bertoglio and A.\u00a0F. Zorzo. 2017. Overview and open issues on penetration test. Journal of the Brazilian Computer Society 23 (2017) 1\u201316.","DOI":"10.1186\/s13173-017-0051-1"},{"key":"e_1_3_3_2_21_2","doi-asserted-by":"crossref","unstructured":"V. Damasiotis P. Fitsilis and J.\u00a0F. O\u2019Kane. 2018. Modeling software development process complexity. International Journal of Information Technology Project Management 9 4 (2018) 17\u201340.","DOI":"10.4018\/IJITPM.2018100102"},{"key":"e_1_3_3_2_22_2","doi-asserted-by":"crossref","unstructured":"S. Dass and A. Siami\u00a0Namin. 2021. Reinforcement learning for generating secure configurations. Electronics 10 19 (2021) 1\u201319.","DOI":"10.3390\/electronics10192392"},{"key":"e_1_3_3_2_23_2","first-page":"1272","volume-title":"Conference on Computer and Communications Security (CCS)","author":"Dietrich C.","year":"2018","unstructured":"C. Dietrich, K. Krombholz, K. Borgolte, and T. Fiebig. 2018. Investigating system operators\u2019 perspective on security misconfigurations. In Conference on Computer and Communications Security (CCS). ACM, 1272\u20131289."},{"key":"e_1_3_3_2_24_2","doi-asserted-by":"crossref","unstructured":"S. Duan V. Thummala and S. Babu. 2009. Tuning database configuration parameters with ituned. VLDB Endowment 2 1 (2009) 1246\u20131257.","DOI":"10.14778\/1687627.1687767"},{"key":"e_1_3_3_2_25_2","doi-asserted-by":"crossref","unstructured":"C. Ebert G. Gallardo J. Hernantes and N. Serrano. 2016. DevOps. IEEE Software 33 3 (2016) 94\u2013100.","DOI":"10.1109\/MS.2016.68"},{"key":"e_1_3_3_2_26_2","doi-asserted-by":"crossref","unstructured":"M.\u00a0M. Emmanuel M.\u00a0N. Ibrahim et\u00a0al. 2015. Automatic synchronization of common parameters in configuration files. Journal of Software Engineering and Applications 8 04 (2015) 192.","DOI":"10.4236\/jsea.2015.84020"},{"key":"e_1_3_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/SERE.2013.30"},{"key":"e_1_3_3_2_28_2","first-page":"1","volume-title":"IST-Africa","author":"Gamundani A.\u00a0M.","year":"2018","unstructured":"A.\u00a0M. Gamundani and L.\u00a0M. Nekare. 2018. A review of new trends in cyber attacks: A zoom into distributed database systems. In IST-Africa. IEEE, 1\u20139."},{"key":"e_1_3_3_2_29_2","doi-asserted-by":"crossref","unstructured":"A.\u00a0N. Ghazi K. Petersen S.\u00a0V.\u00a0R. Reddy and H. Nekkanti. 2018. Survey research in software engineering: Problems and mitigation strategies. IEEE Access 7 (2018) 24703\u201324718.","DOI":"10.1109\/ACCESS.2018.2881041"},{"key":"e_1_3_3_2_30_2","doi-asserted-by":"crossref","unstructured":"I.\u00a0B. Haimed M. Albahar and A. Alzubaidi. 2023. Exploiting misconfiguration vulnerabilities in Microsoft\u2019s Azure Active Directory for privilege escalation attacks. Future Internet 15 7 (2023) 226.","DOI":"10.3390\/fi15070226"},{"key":"e_1_3_3_2_31_2","doi-asserted-by":"crossref","unstructured":"Z. He K. Li and K. Li. 2021. Cost-efficient server configuration and placement for mobile edge computing. Transactions on Parallel and Distributed Systems 33 9 (2021) 2198\u20132212.","DOI":"10.1109\/TPDS.2021.3135955"},{"key":"e_1_3_3_2_32_2","doi-asserted-by":"crossref","unstructured":"A. Heyerdahl. 2022. Risk assessment without the risk? A controversy about security and risk in Norway. Journal of Risk Research 25 2 (2022) 252\u2013267.","DOI":"10.1080\/13669877.2021.1936610"},{"key":"e_1_3_3_2_33_2","doi-asserted-by":"crossref","unstructured":"Z.\u00a0B. Houidi and D. Rossi. 2022. Neural language models for network configuration: Opportunities and reality check. Computer Communications 193 (2022) 118\u2013125.","DOI":"10.1016\/j.comcom.2022.06.035"},{"key":"e_1_3_3_2_34_2","doi-asserted-by":"crossref","unstructured":"M. Humayun M. Niazi N.\u00a0Z. Jhanjhi M. Alshayeb and S. Mahmood. 2020. Cyber security threats and vulnerabilities: A systematic mapping study. Arabian Journal for Science and Engineering 45 4 (2020) 3171\u20133189.","DOI":"10.1007\/s13369-019-04319-2"},{"key":"e_1_3_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519575"},{"key":"e_1_3_3_2_36_2","volume-title":"Systems and software engineering \u2013 SQuaRE - system and software quality","year":"2011","unstructured":"ISO\/IEC 25010 2011. Systems and software engineering \u2013 SQuaRE - system and software quality. Standard. ISO."},{"key":"e_1_3_3_2_37_2","volume-title":"Information technology \u2013 security techniques \u2013 information security management systems","year":"2018","unstructured":"ISO\/IEC 27000 2018. Information technology \u2013 security techniques \u2013 information security management systems. Standard. ISO."},{"key":"e_1_3_3_2_38_2","volume-title":"Information security management systems \u2013 requirements","year":"2013","unstructured":"ISO\/IEC 27001 2013. Information security management systems \u2013 requirements. Standard. ISO."},{"key":"e_1_3_3_2_39_2","volume-title":"Information security, cybersecurity and privacy protection \u2013 Guidance on managing information security risks","year":"2022","unstructured":"ISO\/IEC 27005 2022. Information security, cybersecurity and privacy protection \u2013 Guidance on managing information security risks. Standard. ISO."},{"key":"e_1_3_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1145\/2994475.2994483"},{"key":"e_1_3_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/SEAMS.2017.11"},{"key":"e_1_3_3_2_42_2","volume-title":"Exploring the cybersecurity skills gap: A qualitative study of recruitment and retention from a human resource management perspective","author":"Jordan C.\u00a0A.","year":"2022","unstructured":"C.\u00a0A. Jordan. 2022. Exploring the cybersecurity skills gap: A qualitative study of recruitment and retention from a human resource management perspective. Northcentral University."},{"key":"e_1_3_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-13499-0_9"},{"key":"e_1_3_3_2_44_2","doi-asserted-by":"publisher","DOI":"10.1145\/3377024.3377026"},{"key":"e_1_3_3_2_45_2","doi-asserted-by":"publisher","DOI":"10.1145\/3461001.3471147"},{"key":"e_1_3_3_2_46_2","doi-asserted-by":"crossref","unstructured":"R.\u00a0A. Khan S.\u00a0U. Khan H.\u00a0U. Khan and M. Ilyas. 2021. Systematic mapping study on security approaches in secure software engineering. IEEE Access 9 (2021) 19139\u201319160.","DOI":"10.1109\/ACCESS.2021.3052311"},{"key":"e_1_3_3_2_47_2","doi-asserted-by":"crossref","unstructured":"A.-M. Konsta A.\u00a0L. Lafuente B. Spiga and N. Dragoni. 2024. Survey: Automatic generation of attack trees and attack graphs. Computers & Security 137 (2024) 103602.","DOI":"10.1016\/j.cose.2023.103602"},{"key":"e_1_3_3_2_48_2","doi-asserted-by":"crossref","unstructured":"S. Li W. Li X. Liao S. Peng S. Zhou Z. Jia and T. Wang. 2018. Confvd: System reactions analysis and evaluation through misconfiguration injection. IEEE Transactions on Reliability 67 4 (2018) 1393\u20131405.","DOI":"10.1109\/TR.2018.2865962"},{"key":"e_1_3_3_2_49_2","doi-asserted-by":"crossref","unstructured":"S. Loureiro. 2021. Security misconfigurations and how to prevent them. Network Security 2021 5 (2021) 13\u201316.","DOI":"10.1016\/S1353-4858(21)00053-2"},{"key":"e_1_3_3_2_50_2","doi-asserted-by":"publisher","DOI":"10.1145\/3336294.3336296"},{"key":"e_1_3_3_2_51_2","doi-asserted-by":"crossref","unstructured":"I. Maganha C. Silva and L.\u00a0M. D.\u00a0F. Ferreira. 2019. The layout design in reconfigurable manufacturing systems: A literature review. The International Journal of Advanced Manufacturing Technology 105 (2019) 683\u2013700.","DOI":"10.1007\/s00170-019-04190-3"},{"key":"e_1_3_3_2_52_2","doi-asserted-by":"publisher","DOI":"10.1145\/3465481.3469187"},{"key":"e_1_3_3_2_53_2","unstructured":"S.\u00a0L. Martins F.\u00a0M. Cruz R.\u00a0P. Ara\u00fajo and C.\u00a0M.\u00a0R. Silva. 2024. Systematic literature review on security misconfigurations in web applications. International Journal of Computers and Applications (2024) 1\u201313."},{"key":"e_1_3_3_2_54_2","first-page":"1","volume-title":"International Conference on ENTERprise Information Systems","author":"May R.","year":"2023","unstructured":"R. May, C. Biermann, A. Kenner, J. Kr\u00fcger, and T. Leich. 2023. A product-line-engineering framework for secure enterprise-resource-planning systems. In International Conference on ENTERprise Information Systems. Elsevier, 1\u20138."},{"key":"e_1_3_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.1145\/3546932.3546994"},{"key":"e_1_3_3_2_56_2","doi-asserted-by":"publisher","DOI":"10.1145\/3634713.3634729"},{"key":"e_1_3_3_2_57_2","doi-asserted-by":"publisher","DOI":"10.5220\/0012006700003538"},{"key":"e_1_3_3_2_58_2","doi-asserted-by":"publisher","DOI":"10.1145\/3664476.3664510"},{"key":"e_1_3_3_2_59_2","doi-asserted-by":"crossref","unstructured":"A. McCormac D. Calic M. Butavicius K. Parsons T. Zwaans M. Pattinson et\u00a0al. 2017. A reliable measure of information security awareness and the identification of bias in responses. Australasian Journal of Information Systems 21 (2017) 1\u201312.","DOI":"10.3127\/ajis.v21i0.1697"},{"key":"e_1_3_3_2_60_2","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970322"},{"key":"e_1_3_3_2_61_2","doi-asserted-by":"crossref","unstructured":"P. Mell K. Scarfone and S. Romanosky. 2006. Common vulnerability scoring system. IEEE Security & Privacy 4 6 (2006) 85\u201389.","DOI":"10.1109\/MSP.2006.145"},{"key":"e_1_3_3_2_62_2","doi-asserted-by":"crossref","unstructured":"D. Mellado E. Fern\u00e1ndez-Medina and M. Piattini. 2010. Security requirements engineering framework for software product lines. Information and Software Technology 52 10 (2010) 1094\u20131117.","DOI":"10.1016\/j.infsof.2010.05.007"},{"key":"e_1_3_3_2_63_2","doi-asserted-by":"crossref","unstructured":"D. Mellado H. Mouratidis and E. Fern\u00e1ndez-Medina. 2014. Secure tropos framework for software product lines requirements engineering. Computer Standards & Interfaces 36 4 (2014) 711\u2013722.","DOI":"10.1016\/j.csi.2013.12.006"},{"key":"e_1_3_3_2_64_2","doi-asserted-by":"publisher","DOI":"10.1145\/3233027.3233042"},{"key":"e_1_3_3_2_65_2","doi-asserted-by":"publisher","DOI":"10.1145\/2961111.2962619"},{"key":"e_1_3_3_2_66_2","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487824"},{"key":"e_1_3_3_2_67_2","first-page":"62","volume-title":"Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)","author":"Ne\u0161i\u0107 D.","year":"2019","unstructured":"D. Ne\u0161i\u0107, J. Kr\u00fcger, S. St\u0103nciulescu, and T. Berger. 2019. Principles of feature modeling. In Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE). ACM, 62\u201373."},{"key":"e_1_3_3_2_68_2","doi-asserted-by":"crossref","unstructured":"A. Nhlabatsi R. Laney and B. Nuseibeh. 2008. Feature interaction: The security threat from within software systems. Progress in Informatics 5 75 (2008) 1.","DOI":"10.2201\/NiiPi.2008.5.8"},{"key":"e_1_3_3_2_69_2","volume-title":"Guide to data-centric system threat modeling","year":"2016","unstructured":"NIST SP 800-154 2016. Guide to data-centric system threat modeling. Standard. National Institute of Standards and Technology."},{"key":"e_1_3_3_2_70_2","volume-title":"Guide for conducting risk assessments","year":"2012","unstructured":"NIST SP 800-30r1 2012. Guide for conducting risk assessments. Standard. National Institute of Standards and Technology."},{"key":"e_1_3_3_2_71_2","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417232"},{"key":"e_1_3_3_2_72_2","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-28901-1"},{"key":"e_1_3_3_2_73_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2008.45"},{"key":"e_1_3_3_2_74_2","doi-asserted-by":"crossref","unstructured":"A. Rahman S.\u00a0I. Shamim D.\u00a0B. Bose and R. Pandita. 2023. Security misconfigurations in open source kubernetes manifests: An empirical study. ACM Transactions on Software Engineering and Methodology 32 4 (2023) 1\u201336.","DOI":"10.1145\/3579639"},{"key":"e_1_3_3_2_75_2","unstructured":"S. Samonas and D. Coss. 2014. The CIA strikes back: Redefining confidentiality integrity and availability in security. Journal of Information System Security 10 3 (2014)."},{"key":"e_1_3_3_2_76_2","doi-asserted-by":"crossref","unstructured":"M. Santolucito E. Zhai R. Dhodapkar A. Shim and R. Piskac. 2017. Synthesizing configuration file specifications with association rule learning. ACM on Programming Languages 1 (2017) 1\u201320.","DOI":"10.1145\/3133888"},{"key":"e_1_3_3_2_77_2","doi-asserted-by":"crossref","unstructured":"A.\u00a0M. Satpute J. Priya J. Mishra and S. Anilkumar. 2022. Software reliability modelling and application in software development life cycle. International Journal of Advances and Current Practices in Mobility 5 123 (2022) 1577\u20131584.","DOI":"10.4271\/2022-28-0123"},{"key":"e_1_3_3_2_78_2","doi-asserted-by":"crossref","unstructured":"M. Sayagh N. Kerzazi B. Adams and F. Petrillo. 2018. Software configuration engineering in practice: Interviews survey and systematic literature review. IEEE Transactions on Software Engineering 46 6 (2018) 646\u2013673.","DOI":"10.1109\/TSE.2018.2867847"},{"key":"e_1_3_3_2_79_2","doi-asserted-by":"crossref","unstructured":"K. Scarfone and P. Mell. 2010. The common configuration scoring system (CCSS): Metrics for software security configuration vulnerabilities. NIST Interagency Report 7502 (2010).","DOI":"10.6028\/NIST.IR.7502"},{"key":"e_1_3_3_2_80_2","doi-asserted-by":"crossref","unstructured":"I. Schaefer R. Rabiser D. Clarke L. Bettini D. Benavides G. Botterweck A. Pathak S. Trujillo and K. Villela. 2012. Software diversity: State of the art and perspectives. International Journal on Software Tools for Technology Transfer 14 (2012) 477\u2013495.","DOI":"10.1007\/s10009-012-0253-y"},{"key":"e_1_3_3_2_81_2","volume-title":"Dependency injection principles, practices, and patterns","author":"Seemann M.","year":"2019","unstructured":"M. Seemann and S. van Deursen. 2019. Dependency injection principles, practices, and patterns. Simon and Schuster."},{"key":"e_1_3_3_2_82_2","doi-asserted-by":"publisher","DOI":"10.1145\/2855321.2855368"},{"key":"e_1_3_3_2_83_2","doi-asserted-by":"publisher","DOI":"10.1145\/1966445.1966451"},{"key":"e_1_3_3_2_84_2","doi-asserted-by":"crossref","unstructured":"T. Th\u00fcm S. Apel C. K\u00e4stner I. Schaefer and G. Saake. 2014. A classification and survey of analysis strategies for software product lines. ACM Computing Surveys 47 1 (2014) 1\u201345.","DOI":"10.1145\/2580950"},{"key":"e_1_3_3_2_85_2","doi-asserted-by":"crossref","unstructured":"\u00c1.\u00a0J. Varela-Vaca D. Borrego M.\u00a0T. G\u00f3mez-L\u00f3pez R.\u00a0M. Gasca and A.\u00a0G. M\u00e1rquez. 2023. Feature models to boost the vulnerability management process. Journal of Systems and Software 195 (2023) 1\u201322\u00a0pages.","DOI":"10.1016\/j.jss.2022.111541"},{"key":"e_1_3_3_2_86_2","doi-asserted-by":"publisher","DOI":"10.1145\/3382025.3414952"},{"key":"e_1_3_3_2_87_2","doi-asserted-by":"crossref","unstructured":"\u00c1.\u00a0J. Varela-Vaca D.\u00a0G. Rosado L.\u00a0E. S\u00e1nchez M.\u00a0T. G\u00f3mez-L\u00f3pez R.\u00a0M. Gasca and E. Fernandez-Medina. 2021. CARMEN: A framework for the verification and diagnosis of the specification of security requirements in cyber-physical systems. Computers in Industry 132 (2021) 1\u201314.","DOI":"10.1016\/j.compind.2021.103524"},{"key":"e_1_3_3_2_88_2","doi-asserted-by":"crossref","unstructured":"S. Wang B. Luo W. Shi and D. Tiwari. 2016. Application configuration selection for energy-efficient execution on multicore systems. J. Parallel and Distrib. Comput. 87 (2016) 43\u201354.","DOI":"10.1016\/j.jpdc.2015.09.003"},{"key":"e_1_3_3_2_89_2","doi-asserted-by":"crossref","unstructured":"W. Wang S. Jian Y. Tan Q. Wu and C. Huang. 2022. Representation learning-based network intrusion detection system by capturing explicit and implicit feature interactions. Computers & Security 112 (2022) 102537.","DOI":"10.1016\/j.cose.2021.102537"},{"key":"e_1_3_3_2_90_2","doi-asserted-by":"crossref","unstructured":"S.\u00a0J. Weamie. 2022. Cross-site scripting attacks and defensive techniques: A comprehensive survey. International Journal of Communications Network and System Sciences 15 8 (2022) 126\u2013148.","DOI":"10.4236\/ijcns.2022.158010"},{"key":"e_1_3_3_2_91_2","doi-asserted-by":"crossref","unstructured":"Y. Wei X. Sun L. Bo S. Cao X. Xia and B. Li. 2021. A comprehensive study on security bug characteristics. Journal of Software: Evolution and Process 33 10 (2021) e2376.","DOI":"10.1002\/smr.2376"},{"key":"e_1_3_3_2_92_2","doi-asserted-by":"publisher","DOI":"10.4271\/2017-01-1655"},{"key":"e_1_3_3_2_93_2","doi-asserted-by":"crossref","unstructured":"T. Xu and Y. Zhou. 2015. Systems approaches to tackling configuration errors: A survey. Comput. Surveys 47 4 (2015) 1\u201341.","DOI":"10.1145\/2791577"},{"key":"e_1_3_3_2_94_2","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043572"},{"key":"e_1_3_3_2_95_2","doi-asserted-by":"crossref","unstructured":"J. Zhang R. Piskac E. Zhai and T. Xu. 2021. Static detection of silent misconfigurations with deep interaction analysis. Proceedings of the ACM on Programming Languages 5 (2021) 1\u201330.","DOI":"10.1145\/3485517"},{"key":"e_1_3_3_2_96_2","doi-asserted-by":"crossref","unstructured":"Y. Zhang H. He O. Legunsen S. Li W. Dong and T. Xu. 2021. An evolutionary study of configuration design and implementation in cloud systems. International Conference on Software Engineering (ICSE) 188\u2013200.","DOI":"10.1109\/ICSE43902.2021.00029"},{"key":"e_1_3_3_2_97_2","doi-asserted-by":"publisher","DOI":"10.1109\/QRS-C.2016.35"}],"event":{"name":"VaMoS 2025: 19th International Working Conference on Variability Modelling of Software-Intensive Systems","location":"Rennes France","acronym":"VaMoS 2025"},"container-title":["Proceedings of the 19th International Working Conference on Variability Modelling of Software-Intensive Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3715340.3715439","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3715340.3715439","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:18Z","timestamp":1750295898000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3715340.3715439"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,2,4]]},"references-count":96,"alternative-id":["10.1145\/3715340.3715439","10.1145\/3715340"],"URL":"https:\/\/doi.org\/10.1145\/3715340.3715439","relation":{},"subject":[],"published":{"date-parts":[[2025,2,4]]},"assertion":[{"value":"2025-05-28","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}