{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:27:17Z","timestamp":1766442437431,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":102,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,11,22]],"date-time":"2026-11-22T00:00:00Z","timestamp":1795305600000},"content-version":"vor","delay-in-days":368,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-2055554,CNS-2206865"],"award-info":[{"award-number":["CNS-2055554,CNS-2206865"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765065","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:37:25Z","timestamp":1763854645000},"page":"2519-2533","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["It Should Be Easy but... New Users' Experiences and Challenges with Secret Management Tools"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-3084-7451","authenticated-orcid":false,"given":"Lorenzo","family":"Neil","sequence":"first","affiliation":[{"name":"North Carolina State University, Raleigh, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-3318-8402","authenticated-orcid":false,"given":"Deepthi","family":"Mungara","sequence":"additional","affiliation":[{"name":"Paderborn University, Paderborn, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3300-6540","authenticated-orcid":false,"given":"Laurie","family":"Williams","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7167-7383","authenticated-orcid":false,"given":"Yasemin","family":"Acar","sequence":"additional","affiliation":[{"name":"Paderborn University, Paderborn, Germany and The George Washington University, Washington, DC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7902-1821","authenticated-orcid":false,"given":"Bradley","family":"Reaves","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Lawrence Abrams. 2024. New York Times source code stolen using exposed GitHub token. https:\/\/www.bleepingcomputer.com\/news\/security\/new-york-times-source-code-stolen-using-exposed-github-token\/. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.52"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.25"},{"key":"e_1_3_2_1_4_1","first-page":"22","article-title":"Developers need support, too: A survey of security advice for software developers. In 2017 IEEE Cybersecurity Development (SecDev)","author":"Acar Yasemin","year":"2017","unstructured":"Yasemin Acar, Christian Stransky, Dominik Wermke, Charles Weir, Michelle L Mazurek, and Sascha Fahl. 2017b. Developers need support, too: A survey of security advice for software developers. In 2017 IEEE Cybersecurity Development (SecDev). IEEE, 22-26.","journal-title":"IEEE"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380405"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00122"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10246-y"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3641822.3641881"},{"key":"e_1_3_2_1_9_1","unstructured":"AWS. 2024. uppercaseAWS uppercaseKey uppercaseManagement uppercaseService. https:\/\/aws.amazon.com\/kms. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_10_1","first-page":"113","volume-title":"Twelfth Symposium on Usable Privacy and Security (SOUPS","author":"Bai Wei","year":"2016","unstructured":"Wei Bai, Moses Namara, Yichen Qian, Patrick Gage Kelley, Michelle L Mazurek, and Doowon Kim. 2016. An Inconvenient Trust: User Attitudes toward Security and Usability Tradeoffs for {Key-Directory} Encryption Systems. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016). 113-130."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.2981898"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev53368.2022.00026"},{"key":"e_1_3_2_1_13_1","volume-title":"SecretBench: A Dataset of Software Secrets. arXiv preprint arXiv:2303.06729","author":"Basak Setu Kumar","year":"2023","unstructured":"Setu Kumar Basak, Lorenzo Neil, Bradley Reaves, and Laurie Williams. 2023a. SecretBench: A Dataset of Software Secrets. arXiv preprint arXiv:2303.06729 (2023)."},{"key":"e_1_3_2_1_14_1","volume-title":"What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts? arXiv preprint arXiv:2301.12377","author":"Basak Setu Kumar","year":"2023","unstructured":"Setu Kumar Basak, Lorenzo Neil, Bradley Reaves, and Laurie Williams. 2023b. What Challenges Do Developers Face About Checked-in Secrets in Software Artifacts? arXiv preprint arXiv:2301.12377 (2023)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3607199.3607236"},{"key":"e_1_3_2_1_16_1","volume-title":"Do LLMs meet the needs of software tutorial writers? Opportunities and design implications. In Proceedings of the 2024 ACM Designing Interactive Systems Conference. 1760-1773","author":"Bhat Avinash","year":"2024","unstructured":"Avinash Bhat, Disha Shrivastava, and Jin LC Guo. 2024. Do LLMs meet the needs of software tutorial writers? Opportunities and design implications. In Proceedings of the 2024 ACM Designing Interactive Systems Conference. 1760-1773."},{"key":"e_1_3_2_1_17_1","volume-title":"Tricks of the trade'' \u2013 The art and method of combining interviews and participating observations to generate data on drug users participating in rehabilitation programs. ResearchGate (04","author":"Blaalid Bj\u00f8rnar","year":"2018","unstructured":"Bj\u00f8rnar Blaalid. 2018. ''Tricks of the trade'' \u2013 The art and method of combining interviews and participating observations to generate data on drug users participating in rehabilitation programs. ResearchGate (04 2018), 13."},{"key":"e_1_3_2_1_18_1","unstructured":"Raluca Budiu. 2024. Between-Subjects vs. Within-Subjects Study Design. https:\/\/www.nngroup.com\/articles\/between-within-subjects\/. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_19_1","unstructured":"Matt Burgees. 2024. Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them All. https:\/\/www.wired.com\/story\/secret-hunting-bill-demirkapi\/. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_20_1","volume-title":"The Top Programming Languages","author":"Cass Stephen","year":"2024","unstructured":"Stephen Cass. 2024. The Top Programming Languages 2024. https:\/\/spectrum.ieee.org\/top-programming-languages-2024. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Ramaswamy Chandramouli. 2024. Strategies for the Integration of Software Supply Chain Security in DevSecOps CI\/CD pipelines. https:\/\/csrc.nist.gov\/pubs\/sp\/800\/204\/d\/ipd?ref=blog.gitguardian.com. Accessed: 2024-00-00.","DOI":"10.6028\/NIST.SP.800-204D"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2008.12.036"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3558940"},{"key":"e_1_3_2_1_24_1","unstructured":"Dev Community. 2024. Build and deploy a web app with Python Flask and Doppler. https:\/\/dev.to\/lordghostx\/build-and-deploy-a-web-app-with-python-flask-and-doppler-9jm. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_25_1","first-page":"252","article-title":". Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact","author":"Dahlmanns Markus","year":"2023","unstructured":"Markus Dahlmanns, Constantin Sander, Robin Decker, Klaus Wehrle, Jan Pennekamp, Anastasiia Belova, Thomas Bergs, Matthias Bodenbenner, Andreas B\u00fchrig-Polaczek, Ike Kunze, et al., 2023. Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact. In ACM Transactions on Internet Technology. ACM, 252-266.","journal-title":"ACM Transactions on Internet Technology. ACM"},{"key":"e_1_3_2_1_26_1","unstructured":"Doppler. 2024a. The New Era of Secrets Management. https:\/\/www.doppler.com\/. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_27_1","unstructured":"Doppler. 2024b. Python. https:\/\/docs.doppler.com\/docs\/vscode-python. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-023-10347-2"},{"key":"e_1_3_2_1_29_1","unstructured":"Hugging Face. 2024. openai\/whisper-medium. https:\/\/huggingface.co\/openai\/whisper-medium. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_30_1","volume-title":"33th USENIX Security Symposium (USENIX Security","author":"Fourn\u00e9 Marcel","year":"2024","unstructured":"Marcel Fourn\u00e9, Daniel De Almeida Braga, Jan Jancar, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque, and Yasemin Acar. 2024. ''These results must be false'': A usability evaluation of constant-time analysis tools. In 33th USENIX Security Symposium (USENIX Security 2024)."},{"key":"e_1_3_2_1_31_1","unstructured":"Deen Freelon. 2024a. ReCal2: Reliability for 2 Coders. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_32_1","unstructured":"Deen Freelon. 2024b. ReCal3: Reliability for 3 Coders. http:\/\/dfreelon.org\/utils\/recalfront\/recal3\/. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_33_1","volume-title":"Proceedings of the Australasian Information Security Workshop Conference on ACSW Frontiers 2003 -","volume":"21","author":"Fung Peggy","year":"2003","unstructured":"Peggy Fung, Lam-for Kwok, and Dennis Longley. 2003. Electronic information security documentation. In Proceedings of the Australasian Information Security Workshop Conference on ACSW Frontiers 2003 - Volume 21 (Adelaide, Australia) (ACSW Frontiers '03). Australian Computer Society, Inc., AUS, 25\u201331."},{"key":"e_1_3_2_1_34_1","unstructured":"g2. 2024. Best Secrets Management Tools''. https:\/\/www.g2.com\/categories\/secrets-management-tools. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_35_1","unstructured":"GitHub. 2024a. Managing your account-specific secrets for GitHub Codespaces. https:\/\/docs.github.com\/en\/codespaces\/managing-your-codespaces\/managing-your-account-specific-secrets-for-github-codespaces. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_36_1","unstructured":"GitHub. 2024b. Using secrets in GitHub Actions. https:\/\/docs.github.com\/en\/actions\/security-for-github-actions\/security-guides\/using-secrets-in-github-actions. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_37_1","unstructured":"Google. 2024. Google Secret Manager. https:\/\/cloud.google.com\/secret-manager. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_38_1","first-page":"265","volume-title":"Fourteenth Symposium on Usable Privacy and Security (SOUPS","author":"Gorski Peter Leo","year":"2018","unstructured":"Peter Leo Gorski, Luigi Lo Iacono, Dominik Wermke, Christian Stransky, Sebastian M\u00f6ller, Yasemin Acar, and Sascha Fahl. 2018. Developers deserve security warnings, too: On the effect of integrated security advice on cryptographic {API} misuse. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). 265-281."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3094171"},{"key":"e_1_3_2_1_40_1","unstructured":"HashiCorp. 2024a. hcp vault-secrets run. https:\/\/developer.hashicorp.com\/hcp\/docs\/cli\/commands\/vault-secrets\/run. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_41_1","unstructured":"HashiCorp. 2024b. What is HCP Vault Secrets? https:\/\/developer.hashicorp.com\/hcp\/docs\/vault-secrets\/. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180176"},{"key":"e_1_3_2_1_43_1","volume-title":"Tool documentation enables zero-shot tool-usage with large language models. arXiv preprint arXiv:2308.00675","author":"Hsieh Cheng-Yu","year":"2023","unstructured":"Cheng-Yu Hsieh, Si-An Chen, Chun-Liang Li, Yasuhisa Fujii, Alexander Ratner, Chen-Yu Lee, Ranjay Krishna, and Tomas Pfister. 2023. Tool documentation enables zero-shot tool-usage with large language models. arXiv preprint arXiv:2308.00675 (2023)."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3660818"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2986012.2986024"},{"key":"e_1_3_2_1_46_1","unstructured":"Infisical. 2024. Open Source Secret Management. https:\/\/infisical.com\/. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_47_1","unstructured":"itnews. 2024. AWS urges developers to scrub GitHub of secret keys. https:\/\/www.itnews.com.au\/news\/aws-urges-developers-to-scrub-github-of-secret-keys-375785. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_48_1","unstructured":"Mackenzie Jackson. 2024. 8.5% of Docker Images Expose API and Private Keys. https:\/\/blog.gitguardian.com\/8docker-images-api-and-private-keys\/. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.4103\/0976-0105.141942"},{"key":"e_1_3_2_1_50_1","volume-title":"TIOBE Index for","author":"Jansen Paul","year":"2024","unstructured":"Paul Jansen. 2024. TIOBE Index for November 2024. https:\/\/www.tiobe.com\/tiobe-index\/. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_51_1","first-page":"247","volume-title":"IFIP World Computer Congress, TC 13","author":"Kaiser Johannes","year":"2002","unstructured":"Johannes Kaiser and Martin Reichenbach. 2002. Evaluating security tools towards usable security: A usability taxonomy for the evaluation of security tools based on a categorization of user errors. In IFIP World Computer Congress, TC 13. Springer, 247-256."},{"key":"e_1_3_2_1_52_1","unstructured":"Eyal Katz. 2024. 5 Ways to Prevent Secrets Sprawl. https:\/\/spectralops.io\/blog\/5-ways-to-prevent-secrets-sprawl\/. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_53_1","first-page":"2527","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Krause Alexander","year":"2023","unstructured":"Alexander Krause, Jan H Klemmer, Nicolas Huaman, Dominik Wermke, Yasemin Acar, and Sascha Fahl. 2023. Pushed by Accident: A {Mixed-Methods} Study on Strategies of Handling Secret Information in Source Code Repositories. In 32nd USENIX Security Symposium (USENIX Security 23). 2527-2544."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115707"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev56634.2023.00015"},{"key":"e_1_3_2_1_56_1","volume-title":"How software engineers use documentation: The state of the practice","author":"Lethbridge Timothy C","year":"2003","unstructured":"Timothy C Lethbridge, Janice Singer, and Andrew Forward. 2003. How software engineers use documentation: The state of the practice. IEEE software, Vol. 20, 6 (2003), 35-39."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3660245"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103974"},{"key":"e_1_3_2_1_59_1","volume-title":"Top-10 Secret Management Tools","author":"Matsiiako Vlad","year":"2024","unstructured":"Vlad Matsiiako. 2024. Top-10 Secret Management Tools in 2024. https:\/\/infisical.com\/blog\/best-secret-management-tools. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_60_1","unstructured":"Dwayne Mcdaniel. 2024a. A look at the future of supply chain and national security: Updates from CISA and NIST. https:\/\/blog.gitguardian.com\/software-supply-chain-security-updates-from-cisa-and-nist\/. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_61_1","unstructured":"Dwayne Mcdaniel. 2024b. Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub. https:\/\/blog.gitguardian.com\/toyota-accidently-exposed-a-secret-key-publicly-on-github-for-five-years\/. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359174"},{"key":"e_1_3_2_1_63_1","unstructured":"Medium. 2024. Injecting secrets to Kubernetes containers from the Doppler secrets manager. https:\/\/medium.com\/@peterkracik\/injecting-secrets-to-kubernetes-containers-from-the-doppler-secrets-manager-ef491a20f45b. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"crossref","unstructured":"Michael Meli Matthew R McNiece and Bradley Reaves. 2019. How bad can it git? characterizing secret leakage in public github repositories.. In NDSS.","DOI":"10.14722\/ndss.2019.23418"},{"key":"e_1_3_2_1_65_1","unstructured":"Microsoft. 2024a. Azure Key Vault. https:\/\/learn.microsoft.com\/en-us\/azure\/key-vault\/. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_66_1","unstructured":"Microsoft. 2024b. Visual Studio Code. https:\/\/code.visualstudio.com\/. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3392859"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2900308"},{"key":"e_1_3_2_1_69_1","first-page":"206","volume-title":"Cybersecurity Providing in Information and Telecommunication Systems II 2024","volume":"3826","author":"Mykhaylova Olha","year":"2024","unstructured":"Olha Mykhaylova, Taras Fedynyshyn, and Artem Platonenko. 2024. Hardcoded credentials in Android apps: Service exposure and category-based vulnerability analysis. Cybersecurity Providing in Information and Telecommunication Systems II 2024, Vol. 3826 (2024), 206-211."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3087087"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3524610.3527875"},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/3544549.3585767"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2023.3265855"},{"key":"e_1_3_2_1_74_1","volume-title":"Non Linear Software Documentation with Interactive Code Examples. arXiv preprint arXiv:2311.18057","author":"Nassif Mathieu","year":"2023","unstructured":"Mathieu Nassif and Martin P Robillard. 2023c. Non Linear Software Documentation with Interactive Code Examples. arXiv preprint arXiv:2311.18057 (2023)."},{"key":"e_1_3_2_1_75_1","volume-title":"Extended Version: It Should Be Easy but... New Users' Experiences and Challenges with Secret Management Toolss.","author":"Neil Lorenzo","year":"2025","unstructured":"Lorenzo Neil, Deepthi Mungara, Laurie Williams, Yasemin Acar, and Bradley Reaves. 2025. Extended Version: It Should Be Easy but... New Users' Experiences and Challenges with Secret Management Toolss."},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/3595878"},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00046"},{"key":"e_1_3_2_1_78_1","unstructured":"OWASP Cheat Sheet Series. 2025. Secrets Management Cheat Sheet. https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/Secrets_Management_Cheat_Sheet.html. https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/Secrets_Management_Cheat_Sheet.html Accessed: 2025-07-23."},{"key":"e_1_3_2_1_79_1","volume-title":"Crowd documentation: Exploring the coverage and the dynamics of API discussions on Stack Overflow","author":"Parnin Chris","year":"2012","unstructured":"Chris Parnin, Christoph Treude, Lars Grammel, and Margaret-Anne Storey. 2012. Crowd documentation: Exploring the coverage and the dynamics of API discussions on Stack Overflow. Georgia Institute of Technology, Tech. Rep, Vol. 11 (2012)."},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1109\/QSIC.2014.22"},{"key":"e_1_3_2_1_81_1","unstructured":"PyPI. 2024. doppler-env 0.3.1. https:\/\/pypi.org\/project\/doppler-env\/. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_82_1","unstructured":"Qualtrics. 2024. qualtrics. https:\/\/www.qualtrics.com\/. Accessed: 2024-00-00."},{"volume-title":"Secrets Exposed: How to mitigate risk from secrets leaks \u2014 and prevent future breaches. https:\/\/www.reversinglabs.com\/blog\/secure-your-development-secrets-3-essential-steps. Accessed: 2024-00-00.","year":"2024","key":"e_1_3_2_1_83_1","unstructured":"ReversingLabs. 2024. Secrets Exposed: How to mitigate risk from secrets leaks \u2014 and prevent future breaches. https:\/\/www.reversinglabs.com\/blog\/secure-your-development-secrets-3-essential-steps. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2009.193"},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-014-9323-y"},{"key":"e_1_3_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1145\/3524610.3529156"},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1109\/VLHCC.2007.50"},{"key":"e_1_3_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2015.48"},{"key":"e_1_3_2_1_89_1","first-page":"221","volume-title":"Sixteenth Symposium on Usable Privacy and Security (SOUPS","author":"Smith Justin","year":"2020","unstructured":"Justin Smith, Lisa Nguyen Quang Do, and Emerson Murphy-Hill. 2020. Why can't johnny fix vulnerabilities: A usability evaluation of static analysis tools for security. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020). 221-238."},{"key":"e_1_3_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.1109\/VLHCC.2017.8103450"},{"key":"e_1_3_2_1_91_1","first-page":"5","article-title":"Unified Secret Management Across Cloud Platforms: A Strategy for Secure Credential Storage and Access","volume":"15","author":"Somasundaram Prakash","year":"2024","unstructured":"Prakash Somasundaram. 2024. Unified Secret Management Across Cloud Platforms: A Strategy for Secure Credential Storage and Access. Int. J. Comput. Eng. Technol, Vol. 15 (2024), 5-12.","journal-title":"Int. J. Comput. Eng. Technol"},{"key":"e_1_3_2_1_92_1","unstructured":"Stackoverflow. 2024. 2024 Developer Survey. https:\/\/survey.stackoverflow.co\/2024\/technology#2-programming-scripting-and-markup-languages. Accessed: 2024-00-00."},{"key":"e_1_3_2_1_93_1","volume-title":"A disruptive research playbook for studying disruptive innovations. ACM Transactions on Software Engineering and Methodology","author":"Storey Margaret-Anne","year":"2024","unstructured":"Margaret-Anne Storey, Daniel Russo, Nicole Novielli, Takashi Kobayashi, and Dong Wang. 2024. A disruptive research playbook for studying disruptive innovations. ACM Transactions on Software Engineering and Methodology (2024)."},{"key":"e_1_3_2_1_94_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2944354"},{"key":"e_1_3_2_1_95_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568313"},{"key":"e_1_3_2_1_96_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW.2019.00021"},{"key":"e_1_3_2_1_97_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884800"},{"key":"e_1_3_2_1_98_1","volume-title":"How API documentation fails. Ieee software","author":"Uddin Gias","year":"2015","unstructured":"Gias Uddin and Martin P Robillard. 2015. How API documentation fails. Ieee software, Vol. 32, 4 (2015), 68-75."},{"key":"e_1_3_2_1_99_1","volume-title":"Factors that influence productivity: A checklist. Rethinking productivity in software engineering","author":"Wagner Stefan","year":"2019","unstructured":"Stefan Wagner and Emerson Murphy-Hill. 2019. Factors that influence productivity: A checklist. Rethinking productivity in software engineering (2019), 69-84."},{"key":"e_1_3_2_1_100_1","doi-asserted-by":"publisher","DOI":"10.1109\/MODELS-C.2019.00037"},{"key":"e_1_3_2_1_101_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2019.00019"},{"key":"e_1_3_2_1_102_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786816"}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"CCS '25"},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765065","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765065","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:24:11Z","timestamp":1766442251000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765065"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":102,"alternative-id":["10.1145\/3719027.3765065","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765065","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}