{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T08:01:34Z","timestamp":1780300894615,"version":"3.54.0"},"publisher-location":"New York, NY, USA","reference-count":14,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,4,12]],"date-time":"2026-04-12T00:00:00Z","timestamp":1775952000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"European Union & State of North Rhine-Westphalia (NRW)","award":["EFRE\u201120800510"],"award-info":[{"award-number":["EFRE\u201120800510"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,4,12]]},"DOI":"10.1145\/3786151.3788599","type":"proceedings-article","created":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T07:01:45Z","timestamp":1780297305000},"page":"46-49","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["From Detection to Prevention: Explaining Security-Critical Code to Avoid Vulnerabilities"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0906-5463","authenticated-orcid":false,"given":"Ranjith","family":"Krishnamurthy","sequence":"first","affiliation":[{"name":"Paderborn University, Paderborn, North Rhine-Westphalia, Germany and Fraunhofer IEM, Paderborn, North Rhine-Westphalia, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-1884-7969","authenticated-orcid":false,"given":"Oshando","family":"Johnson","sequence":"additional","affiliation":[{"name":"Fraunhofer IEM, Paderborn, North Rhine-Westphalia, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4424-5838","authenticated-orcid":false,"given":"Goran","family":"Piskachev","sequence":"additional","affiliation":[{"name":"Amazon Web Services, New York, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3470-3647","authenticated-orcid":false,"given":"Eric","family":"Bodden","sequence":"additional","affiliation":[{"name":"Paderborn University, Paderborn, North Rhine-Westphalia, Germany and Fraunhofer IEM, Paderborn, North Rhine-Westphalia, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2026,6]]},"reference":[{"key":"e_1_3_3_1_2_2","volume-title":"Code-level metrics for Java using static analysis","author":"Aniche Maur\u00edcio","year":"2024","unstructured":"Maur\u00edcio Aniche. 2024. Code-level metrics for Java using static analysis. https:\/\/github.com\/mauricioaniche\/ck\/"},{"key":"e_1_3_3_1_3_2","volume-title":"Prevent factual errors from LLM hallucinations with mathematically sound Automated Reasoning checks","author":"Barth Antje","year":"2024","unstructured":"Antje Barth. 2024. Prevent factual errors from LLM hallucinations with mathematically sound Automated Reasoning checks. https:\/\/aws.amazon.com\/blogs\/aws\/prevent-factual-errors-from-llm-hallucinations-with-mathematically-sound-automated-reasoning-checks-preview\/"},{"key":"e_1_3_3_1_4_2","doi-asserted-by":"crossref","unstructured":"Istehad Chowdhury and Mohammad Zulkernine. 2011. Using complexity coupling and cohesion metrics as early indicators of vulnerabilities. Journal of Systems Architecture 57 3 (2011) 294\u2013313.","DOI":"10.1016\/j.sysarc.2010.06.003"},{"key":"e_1_3_3_1_5_2","volume-title":"Vulnerable Spring PetClinic","author":"Community Contrast","year":"2019","unstructured":"Contrast Community. 2019. Vulnerable Spring PetClinic. https:\/\/github.com\/contrast-community\/spring-petclinic"},{"key":"e_1_3_3_1_6_2","doi-asserted-by":"crossref","unstructured":"Sarah Elder Nusrat Zahan Rui Shu Monica Metro Valeri Kozarev Tim Menzies and Laurie Williams. 2022. Do I really need all this work to find vulnerabilities? An empirical case study comparing vulnerability detection techniques on a Java application. Empirical Software Engineering 27 6 (2022) 154.","DOI":"10.1007\/s10664-022-10179-6"},{"key":"e_1_3_3_1_7_2","volume-title":"ISO\/IEC 5055:2021 \u2014 Automated source code quality measures","author":"Standardization International\u00a0Organization for","year":"2021","unstructured":"International\u00a0Organization for Standardization. 2021. ISO\/IEC 5055:2021 \u2014 Automated source code quality measures. https:\/\/www.iso.org\/standard\/80623.html"},{"key":"e_1_3_3_1_8_2","volume-title":"Proactively explaining security-critical code.","author":"IEM Fraunhofer","year":"2025","unstructured":"Fraunhofer IEM. 2025. Proactively explaining security-critical code.https:\/\/github.com\/fraunhofer-iem\/critical-marker-plugin"},{"key":"e_1_3_3_1_9_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASEW67777.2025.00045"},{"key":"e_1_3_3_1_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/3643796.3648464"},{"key":"e_1_3_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM55253.2022.00032"},{"key":"e_1_3_3_1_12_2","doi-asserted-by":"crossref","unstructured":"Huan Liu Farhad Hussain Chew\u00a0Lim Tan and Manoranjan Dash. 2002. Discretization: An Enabling Technique. Data mining and knowledge discovery 6 4 (2002) 393\u2013423.","DOI":"10.1023\/A:1016304305535"},{"key":"e_1_3_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM52516.2021.00012"},{"key":"e_1_3_3_1_14_2","doi-asserted-by":"crossref","unstructured":"Miltiadis Siavvas Dionysios Kehagias Dimitrios Tzovaras and Erol Gelenbe. 2021. A hierarchical model for quantifying software security based on static analysis alerts and software metrics. Software Quality Journal 29 2 (2021) 431\u2013507.","DOI":"10.1007\/s11219-021-09555-0"},{"key":"e_1_3_3_1_15_2","first-page":"109","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Votipka Daniel","year":"2020","unstructured":"Daniel Votipka, Kelsey\u00a0R Fulton, James Parker, Matthew Hou, Michelle\u00a0L Mazurek, and Michael Hicks. 2020. Understanding security mistakes developers make: Qualitative analysis from Build it, Break it, Fix it. In 29th USENIX Security Symposium (USENIX Security 20). 109\u2013126."}],"event":{"name":"IDE '26: 3rd ACM\/IEEE International Workshop on Integrated Development Environments","location":"Rio de Janeiro Brazil","acronym":"IDE '26","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS","Faculty of Engineering of University of Porto"]},"container-title":["Proceedings of the 3rd ACM\/IEEE International Workshop on Integrated Development Environments"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3786151.3788599","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T07:17:42Z","timestamp":1780298262000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3786151.3788599"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,12]]},"references-count":14,"alternative-id":["10.1145\/3786151.3788599","10.1145\/3786151"],"URL":"https:\/\/doi.org\/10.1145\/3786151.3788599","relation":{},"subject":[],"published":{"date-parts":[[2026,4,12]]},"assertion":[{"value":"2026-06-01","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}