{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T08:12:34Z","timestamp":1778832754861,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":67,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,4,12]],"date-time":"2026-04-12T00:00:00Z","timestamp":1775952000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/legalcode"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,4,12]]},"DOI":"10.1145\/3786160.3788466","type":"proceedings-article","created":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T07:46:16Z","timestamp":1778831176000},"page":"18-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["An Overview of Cyber Security Funding for Open Source Software"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5147-3084","authenticated-orcid":false,"given":"Jukka","family":"Ruohonen","sequence":"first","affiliation":[{"name":"University of Southern Denmark, S\u00f8nderborg, Denmark"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3378-2945","authenticated-orcid":false,"given":"Gaurav","family":"Choudhary","sequence":"additional","affiliation":[{"name":"Technical University of Denmark, Copenhagen, Denmark"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4483-0105","authenticated-orcid":false,"given":"Adam","family":"Alami","sequence":"additional","affiliation":[{"name":"University Southern Denmark, S\u00f8nderborg, Denmark"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,5,15]]},"reference":[{"key":"e_1_3_3_1_2_2","doi-asserted-by":"crossref","unstructured":"A.\u00a0Alami R.\u00a0Pardo and J.\u00a0Lin\u00e5ker. Free Open Source Communities Sustainability: Does It Make a Difference in Software Quality? Empirical Software Engineering 29:1\u201340 2024.","DOI":"10.1007\/s10664-024-10529-6"},{"key":"e_1_3_3_1_3_2","doi-asserted-by":"crossref","unstructured":"R.\u00a0Anderson and T.\u00a0Moore. The Economics of Information Security. Science 314(5799):610\u2013613 2006.","DOI":"10.1126\/science.1130992"},{"key":"e_1_3_3_1_4_2","unstructured":"A.\u00a0A. Bangash T.\u00a0Ge Z.\u00a0Zhao A.\u00a0Singh Z.\u00a0Wang and B.\u00a0Adams. The State of the SBOM Tool Ecosystems: A Comparative Analysis of SPDX and CycloneDX. Archived manuscript available online: https:\/\/arxiv.org\/abs\/2512.21781 2025."},{"key":"e_1_3_3_1_5_2","doi-asserted-by":"crossref","unstructured":"A.\u00a0Besiekierska. Legal Assessment of the National Cybersecurity System in Poland in the Light of the New Developments in the NIS2 Directive. In Proceedings of the 46th MIPRO ICT and Electronics Convention (MIPRO 2023) pages 1474\u20131477 Opatija 2023. IEEE.","DOI":"10.23919\/MIPRO57284.2023.10159958"},{"key":"e_1_3_3_1_6_2","doi-asserted-by":"crossref","unstructured":"T.\u00a0Bol M.\u00a0de Vaanc and A.\u00a0van de Rijt. The Matthew Effect in Science Funding. PNAS 115(19):4887\u20134890 2018.","DOI":"10.1073\/pnas.1719557115"},{"key":"e_1_3_3_1_7_2","doi-asserted-by":"crossref","unstructured":"D.\u00a0Braun. The Role of Funding Agencies in the Cognitive Development of Science. Research Policy 27:807\u2013821 1998.","DOI":"10.1016\/S0048-7333(98)00092-4"},{"key":"e_1_3_3_1_8_2","doi-asserted-by":"crossref","unstructured":"M.\u00a0Cocos. Policy Hybridization: Continuity and Change in Swedish Research Funding. Scandinavian Journal of Public Administration 24(4):71\u201395 2020.","DOI":"10.58235\/sjpa.v24i4.8593"},{"key":"e_1_3_3_1_9_2","unstructured":"CZI. Essential Open Source Software for Science. The Chan Zuckerberg Initiative (CZI) available online in April 2025: https:\/\/chanzuckerberg.com\/eoss\/ 2025."},{"key":"e_1_3_3_1_10_2","doi-asserted-by":"crossref","unstructured":"C.\u00a0Di Mauro S.\u00a0Bouchon C.\u00a0Logtmeijer R.\u00a0D. Pride T.\u00a0Hartung and J.\u00a0P. Nordvik. A Structured Approach to Identifying European Critical Infrastructures. International Journal of Critical Infrastructure 6(3):277\u2013292 2010.","DOI":"10.1504\/IJCIS.2010.033340"},{"key":"e_1_3_3_1_11_2","doi-asserted-by":"crossref","unstructured":"J.\u00a0D\u00edaz J.\u00a0P\u00e9rez C.\u00a0Gallardo and \u00c1ngel Gonz\u013aez-Prieto. Applying Inter-Rater Reliability and Agreement in Collaborative Grounded Theory Studies in Software Engineering. Journal of Systems and Software 195:111520 2023.","DOI":"10.1016\/j.jss.2022.111520"},{"key":"e_1_3_3_1_12_2","doi-asserted-by":"crossref","unstructured":"P.\u00a0Eckhardt and A.\u00a0Kotovskaia. The EUs Cybersecurity Framework: The Interplay Between the Cyber Resilience Act and the NIS 2 Directive. International Cybersecurity Law Review 4:147\u2013164 2023.","DOI":"10.1365\/s43439-023-00084-z"},{"key":"e_1_3_3_1_13_2","doi-asserted-by":"crossref","unstructured":"J.\u00a0Farquhar N.\u00a0Michels and J.\u00a0Robson. Triangulation in Industrial Qualitative Case Study Research: Widening the Scope. Industrial Marketing Management 87:160\u2013170 2020.","DOI":"10.1016\/j.indmarman.2020.02.001"},{"key":"e_1_3_3_1_14_2","unstructured":"FCF. Overview. FOSS Contributor Fund (FCF). Available online in April 2025: https:\/\/github.com\/indeedeng\/FOSS-Contributor-Fund 2025."},{"key":"e_1_3_3_1_15_2","doi-asserted-by":"crossref","unstructured":"B.\u00a0M. Frischmann A.\u00a0Marciano and G.\u00a0B. Ramello. Retrospectives: Tragedy of the Commons After 50 Years. Journal of Economic Perspectives 33(4):211\u2013228 2019.","DOI":"10.1257\/jep.33.4.211"},{"key":"e_1_3_3_1_16_2","doi-asserted-by":"crossref","unstructured":"G.\u00a0M. Greco and L.\u00a0Floridi. The Tragedy of the Digital Commons. Ethics and Information Technology 6:73\u201381 2004.","DOI":"10.1007\/s10676-004-2895-2"},{"key":"e_1_3_3_1_17_2","doi-asserted-by":"crossref","unstructured":"J.\u00a0A. Halderman. To Strengthen Security Change Developers\u2019 Incentives. IEEE Security & Privacy 8(2):79\u201382 2010.","DOI":"10.1109\/MSP.2010.85"},{"key":"e_1_3_3_1_18_2","unstructured":"S.\u00a0Hamer J.\u00a0Bowen M.\u00a0N. Haque R.\u00a0Hines C.\u00a0Madden and L.\u00a0Williams. Closing the Chain: How to Reduce Your Risk of Being SolarWinds Log4j or XZ Utils. Archived manuscript available online: https:\/\/arxiv.org\/abs\/2503.12192 2025."},{"key":"e_1_3_3_1_19_2","doi-asserted-by":"crossref","unstructured":"C.\u00a0Herley and P.\u00a0C. Van Oorschot. SoK: Science Security and the Elusive Goal of Security as a Scientific Pursuit. In Procceedings of the IEEE Symposium on Security and Privacy (S&P) pages 99\u2013120 San Jose 2017. IEEE.","DOI":"10.1109\/SP.2017.38"},{"key":"e_1_3_3_1_20_2","doi-asserted-by":"crossref","unstructured":"P.\u00a0F. Katina and P.\u00a0T. Hester. Systemic Determination of Infrastructure Criticality. International Journal of Critical Infrastructure 9(3):211\u2013225 2013.","DOI":"10.1504\/IJCIS.2013.054980"},{"key":"e_1_3_3_1_21_2","doi-asserted-by":"crossref","unstructured":"D.\u00a0S. Katz E.\u00a0A. Jensen and M.\u00a0Barker. Understanding and Advancing Research Software Grant Funding Models. Open Research Europe 5 2025. Available online: https:\/\/open-research-europe.ec.europa.eu\/articles\/5-199.","DOI":"10.12688\/openreseurope.20210.1"},{"key":"e_1_3_3_1_22_2","doi-asserted-by":"crossref","unstructured":"M.\u00a0Lehto. Cyber-Attacks Against Critical Infrastructure. In M.\u00a0Lehto and P.\u00a0Neittaanm\u00e4ki editors Cyber Security: Critical Infrastructure Protection pages 3\u201342. Springer Cham 2022.","DOI":"10.1007\/978-3-030-91293-2_1"},{"key":"e_1_3_3_1_23_2","doi-asserted-by":"crossref","unstructured":"N.\u00a0McDonald S.\u00a0Schoenebeck and A.\u00a0Forte. Reliability and Inter-Rater Reliability in Qualitative Research: Norms and Guidelines for CSCW and HCI Practice. Proceedings of the ACM on Human-Computer Interaction CSCW(72):71:1 \u2013 72:23 2019.","DOI":"10.1145\/3359174"},{"key":"e_1_3_3_1_24_2","doi-asserted-by":"crossref","unstructured":"M.\u00a0Mocanu V.\u00a0D. Rusu and A.\u00a0Bibiri. Competing for Research Funding: Key Elements Impacting the Evaluation of Grant Proposal. Heliyon 10:e36015 2024.","DOI":"10.1016\/j.heliyon.2024.e36015"},{"key":"e_1_3_3_1_25_2","unstructured":"NLnet Foundation. Welcome to NLnet Foundation. Available online in April 2025: https:\/\/nlnet.nl\/ 2025."},{"key":"e_1_3_3_1_26_2","unstructured":"OpenSSF. Alpha-Omega 2023 Annual Report. The Open Source Security Foundation (OpenSSF) available online in November 2024: https:\/\/alpha-omega.dev\/wp-content\/uploads\/sites\/22\/2024\/02\/Alpha-Omega-Annual-Report-2023.pdf 2023."},{"key":"e_1_3_3_1_27_2","unstructured":"OpenSSF. Alpha-Omega. The Open Source Security Foundation (OpenSSF) available online in November 2024: https:\/\/alpha-omega.dev\/ 2024."},{"key":"e_1_3_3_1_28_2","unstructured":"OpenSSF. Alpha-Omega Engagement: FreeBSD. The Open Source Security Foundation (OpenSSF) available online in November 2024: https:\/\/github.com\/ossf\/alpha-omega\/tree\/main\/alpha\/engagements\/2024\/FreeBSD 2024."},{"key":"e_1_3_3_1_29_2","unstructured":"OpenSSF. Alpha-Omega Engagement: Rust Foundation. The Open Source Security Foundation (OpenSSF) available online in November 2024: https:\/\/github.com\/ossf\/alpha-omega\/tree\/main\/alpha\/engagements\/2023\/rust 2024."},{"key":"e_1_3_3_1_30_2","unstructured":"OpenSSF. README (OpenSSL). The Open Source Security Foundation (OpenSSF) available online in November 2024: https:\/\/github.com\/ossf\/alpha-omega\/tree\/main\/alpha\/engagements\/2023\/OpenSSL 2024."},{"key":"e_1_3_3_1_31_2","unstructured":"OpenSSF. WG Securing Critical Projects. The Open Source Security Foundation (OpenSSF) available online in November 2024: https:\/\/github.com\/ossf\/wg-securing-critical-projects 2024."},{"key":"e_1_3_3_1_32_2","doi-asserted-by":"crossref","unstructured":"C.\u00a0Osborne. Open Source Software Developers\u2019 Views on Public and Private Funding: A Case Study on scikit-learn. In Companion Publication of the 2024 Conference on Computer-Supported Cooperative Work and Social Computing (CSCW Companion 2024) pages 154\u2013161. ACM San Jose Costa Rica 2024.","DOI":"10.1145\/3678884.3681844"},{"key":"e_1_3_3_1_33_2","unstructured":"C.\u00a0Osborne P.\u00a0Sharratt D.\u00a0Foster and M.\u00a0Boehm. A Toolkit for Measuring the Impacts of Public Funding on Open Source Software Development. Archived manuscript available online in November 2024: https:\/\/arxiv.org\/abs\/2411.06027 2024."},{"key":"e_1_3_3_1_34_2","unstructured":"OSTIF. Open Source Technology Improvement Fund: Securing Open Source for the World. Open Source Technology Improvement Fund (OSTIF) available online in April 2025: https:\/\/ostif.org\/ 2025."},{"key":"e_1_3_3_1_35_2","unstructured":"OTF. Supporting Internet Freedom Worldwide. Open Technology Fund (OTF) available online in April 2025: https:\/\/www.opentech.fund\/ 2025."},{"key":"e_1_3_3_1_36_2","doi-asserted-by":"crossref","unstructured":"I.\u00a0Pashchenko D.-L. Vu and F.\u00a0Massacci. A Qualitative Study of Dependency Management and Its Security Implications. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS 2020) pages 1513\u20131531 Virtual Event 2020. ACM.","DOI":"10.1145\/3372297.3417232"},{"key":"e_1_3_3_1_37_2","doi-asserted-by":"crossref","unstructured":"X.\u00a0Ramaj M.\u00a0S\u00e1nchez-Gord\u00f3n V.\u00a0Gkioulos and R.\u00a0Colomo-Palacios. On DevSecOps and Risk Management in Critical Infrastructures: Practitioners\u2019 Insights on Needs and Goals. In Proceedings of the 2024 ACM\/IEEE 4th International Workshop on Engineering and Cybersecurity of Critical Systems and 2024 IEEE\/ACM Second International Workshop on Software Vulnerability (EnCyCriS\/SVM 2024) pages 45\u201352 Lisbon 2024. ACM.","DOI":"10.1145\/3643662.3643954"},{"key":"e_1_3_3_1_38_2","doi-asserted-by":"crossref","unstructured":"J.\u00a0Ruohonen K.\u00a0Rindell and S.\u00a0Busetti. From Cyber Security Incident Management to Cyber Security Crisis Management in the European Union. Computers & Security 159:104689 2025.","DOI":"10.1016\/j.cose.2025.104689"},{"key":"e_1_3_3_1_39_2","doi-asserted-by":"crossref","unstructured":"J.\u00a0Ruohonen and M.\u00a0Saddiqa. A Time Series Analysis of Malware Uploads to Programming Language Ecosystems. In Proceedings of the 20th International Conference on Availability Reliability and Security (ARES 2025) pages 269\u2013285 Ghent 2025. Springer.","DOI":"10.1007\/978-3-032-00633-2_16"},{"key":"e_1_3_3_1_40_2","unstructured":"J.\u00a0Ruohonen and P.\u00a0Timmers. Early Perspectives on the Digital Europe Programme. Archived manuscript available online: https:\/\/arxiv.org\/abs\/2501.03098 2025."},{"key":"e_1_3_3_1_41_2","doi-asserted-by":"crossref","unstructured":"J.\u00a0Ruohonen and P.\u00a0Timmers. Vulnerability Coordination Under the Cyber Resilience Act. Applied Cybersecurity & Internet Governance 4(1):1\u201318 2025.","DOI":"10.60097\/ACIG\/213350"},{"key":"e_1_3_3_1_42_2","doi-asserted-by":"crossref","unstructured":"I.\u00a0Ryan U.\u00a0Roedig and K.\u00a0Stol. Unhelpful Assumptions in Software Security Research. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS 2023) pages 3460\u20133474 Copenhagen 2023. ACM.","DOI":"10.1145\/3576915.3623122"},{"key":"e_1_3_3_1_43_2","doi-asserted-by":"crossref","unstructured":"C.\u00a0H. Saunders A.\u00a0Sierpe C.\u00a0von Plessen A.\u00a0M. Kennedy L.\u00a0C. Leviton S.\u00a0L. Bernstein J.\u00a0Goldwag J.\u00a0R. King C.\u00a0M. Marx J.\u00a0A. Pogue R.\u00a0K. Saunders A.\u00a0Van Citters R.\u00a0W. Yen G.\u00a0Elwyn and J.\u00a0K. Leyenaar. Practical Thematic Analysis: A Guide for Multidisciplinary Health Services Research Teams Engaging in Qualitative Analysis. BMJ 381:e074256 2023.","DOI":"10.1136\/bmj-2022-074256"},{"key":"e_1_3_3_1_44_2","unstructured":"C.\u00a0Sharma. Tragedy of the Digital Commons. North Carolina Law Review 101:1129\u20131228 2023."},{"key":"e_1_3_3_1_45_2","unstructured":"STA. Applying for Investment from the Sovereign Tech Fund. Sovereign Tech Agency (STA) available online in November 2024: https:\/\/www.sovereign.tech\/programs\/fund 2024."},{"key":"e_1_3_3_1_46_2","unstructured":"STA. Bundler & RubyGems (2022): Package Management for a Popular Programming Language. Sovereign Tech Agency (STA) available online in November 2024: https:\/\/www.sovereign.tech\/tech\/bundler-rubygems 2024."},{"key":"e_1_3_3_1_47_2","unstructured":"STA. GNOME: Improving Accessibility Tooling and Security for the Linux Desktop Ecosystem. Sovereign Tech Agency (STA) available online in November 2024: https:\/\/www.sovereign.tech\/tech\/gnome 2024."},{"key":"e_1_3_3_1_48_2","unstructured":"STA. Logback: Maintaining Improving and Securing a Java Logging Library. Sovereign Tech Agency (STA) available online in November 2024: https:\/\/www.sovereign.tech\/programs\/fund 2024."},{"key":"e_1_3_3_1_49_2","unstructured":"STA. OpenJS Foundation: Improving Javascript Ecosystem Infrastructure and Security. Sovereign Tech Agency (STA) available online in November 2024: https:\/\/www.sovereign.tech\/tech\/openjs 2024."},{"key":"e_1_3_3_1_50_2","unstructured":"STA. OpenSSH: Secure Connections for Administrators. Sovereign Tech Agency (STA) available online in November 2024: https:\/\/www.sovereign.tech\/tech\/openssh 2024."},{"key":"e_1_3_3_1_51_2","unstructured":"STA. p5.js Documentation Organization & Accessibility. Sovereign Tech Agency (STA) available online in November 2024: https:\/\/www.sovereign.tech\/tech\/p5js 2024."},{"key":"e_1_3_3_1_52_2","unstructured":"STA. Rusty SBOMs. Sovereign Tech Agency (STA) available online in November 2024: https:\/\/www.sovereign.tech\/tech\/rusty-sboms 2024."},{"key":"e_1_3_3_1_53_2","unstructured":"STA. Strengthening Digital Infrastructure and Open Source Ecosystems in the Public Interest. Sovereign Tech Agency (STA) available online in November 2024: https:\/\/www.sovereign.tech\/ 2025."},{"key":"e_1_3_3_1_54_2","doi-asserted-by":"crossref","unstructured":"K.-J. Stol P.\u00a0Ralph and B.\u00a0Fitzgerald. Grounded Theory in Software Engineering Research: A Critical Review and Guidelines. In Proceedings of the 38th International Conference on Software Engineering (ICSE 2016) pages 120\u2013131 Austin 2016. Texas.","DOI":"10.1145\/2884781.2884833"},{"key":"e_1_3_3_1_55_2","doi-asserted-by":"crossref","unstructured":"C.\u00a0Strasser K.\u00a0Hertweck J.\u00a0Greenberg D.\u00a0Taraborelli and E.\u00a0Vu. Ten Simple Rules for Funding Scientific Open Source Software. PLoS Computational Biology 18(11):e1010627 2022.","DOI":"10.1371\/journal.pcbi.1010627"},{"key":"e_1_3_3_1_56_2","doi-asserted-by":"crossref","unstructured":"G.\u00a0Terry N.\u00a0Hayfield V.\u00a0Clarke and V.\u00a0Braun. Thematic Analysis. In C.\u00a0Willing and W.\u00a0Stainton-Rogers editors The SAGE Handbook of Qualitative Research in Psychology pages 17\u201337. SAGE London second edition 2017.","DOI":"10.4135\/9781526405555.n2"},{"key":"e_1_3_3_1_57_2","doi-asserted-by":"crossref","unstructured":"A.\u00a0Tsakpinis and A.\u00a0Pretschner. Analyzing the Usage of Donation Platforms for PyPI Libraries. Archived manuscript available online in April 2025: https:\/\/arxiv.org\/abs\/2503.08263 2025.","DOI":"10.1145\/3756681.3757018"},{"key":"e_1_3_3_1_58_2","doi-asserted-by":"crossref","unstructured":"T.\u00a0R. Tulili A.\u00a0Rastogi and A.\u00a0Capiluppi. Exploring Turnover Retention and Growth in an OSS Ecosystem. In Proceedings of the International Conference on Evaluation and Assessment in Software Engineering (EASE 2025) pages 1\u201310 Istanbul 2025. ACM.","DOI":"10.1145\/3756681.3757050"},{"key":"e_1_3_3_1_59_2","doi-asserted-by":"crossref","unstructured":"M.\u00a0Vaismoradi H.\u00a0Turunen and T.\u00a0Bondas. Content Analysis and Thematic Analysis: Implications for Conducting a Qualitative Descriptive Study. Nursing and Health Sciences 15:398\u2013405 2013.","DOI":"10.1111\/nhs.12048"},{"key":"e_1_3_3_1_60_2","doi-asserted-by":"crossref","unstructured":"N.\u00a0Vandezande. Cybersecurity in the EU: How the NIS2-Directive Stacks Up Against Its Predecessor. Computer Law & Security Review 52:105890 2024.","DOI":"10.1016\/j.clsr.2023.105890"},{"key":"e_1_3_3_1_61_2","doi-asserted-by":"crossref","unstructured":"M.\u00a0Veigurs T.\u00a0Lasmanis and A.\u00a0Romanovs. IT Governance in Critical Sectors: Towards the NIS2 Implementation. In Proceedings of the IEEE 65th International Scientific Conference on Information Technology and Management Science of Riga Technical University (ITMS 2024) pages 1\u20137 Riga 2024. IEEE.","DOI":"10.1109\/ITMS64072.2024.10741938"},{"key":"e_1_3_3_1_62_2","doi-asserted-by":"crossref","unstructured":"R.\u00a0Verdecchia P.\u00a0Kruchten P.\u00a0Lago and I.\u00a0Malavolta. Building and Evaluating a Theory of Architectural Technical Debt in Software-Intensive Systems. Journal of Systems and Software 176:110925 2021.","DOI":"10.1016\/j.jss.2021.110925"},{"key":"e_1_3_3_1_63_2","doi-asserted-by":"crossref","unstructured":"R.\u00a0von Solms and J.\u00a0van Niekerk. From Information Security to Cyber Security. Computers & Security 38:97\u2013102 2013.","DOI":"10.1016\/j.cose.2013.04.004"},{"key":"e_1_3_3_1_64_2","doi-asserted-by":"crossref","unstructured":"C.\u00a0Weir I.\u00a0Becker and L.\u00a0Blair. Incorporating Software Security: Using Developer Workshops to Engage Product Managers. Empirical Software Engineering 28:1\u201333 2023.","DOI":"10.1007\/s10664-022-10252-0"},{"key":"e_1_3_3_1_65_2","unstructured":"M.\u00a0Williams and T.\u00a0Moser. The Art of Coding and Thematic Exploration in Qualitative Research. International Management Review 15(1):45\u201355 2019."},{"key":"e_1_3_3_1_66_2","doi-asserted-by":"crossref","unstructured":"C.\u00a0Wohlin P.\u00a0Runeson M.\u00a0H\u00f6st M.\u00a0C. Ohlsson B.\u00a0Regnell and A.\u00a0Wessl\u00e9n. Experimentation in Software Engineering. Springer Heidelberg second edition 2024.","DOI":"10.1007\/978-3-662-69306-3"},{"key":"e_1_3_3_1_67_2","doi-asserted-by":"crossref","unstructured":"J.\u00a0Wu. Cyber Resilience System Engineering Empowered by Endogenous Security and Safety. Science Press & Springer Singapore 2024.","DOI":"10.1007\/978-981-97-0116-2"},{"key":"e_1_3_3_1_68_2","doi-asserted-by":"crossref","unstructured":"C.\u00a0Zebrowski and D.\u00a0Sage. Resilience and Critical Infrastructure: Origins Theories and Critiques. In R.\u00a0Dover H.\u00a0Dylan and M.\u00a0S. Goodman editors The Palgrave Handbook of Security Risk and Intelligence pages 117\u2013135. Palgrave Macmillan London 2017.","DOI":"10.1057\/978-1-137-53675-4_7"}],"event":{"name":"EnCyCriS '26: ACM\/IEEE 7th International Workshop on Engineering and Cybersecurity of Critical Systems","location":"Rio de Janeiro Brazil","acronym":"EnCyCriS '26","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS","Faculty of Engineering of University of Porto"]},"container-title":["Proceedings of the 2026 ACM\/IEEE 7th International Workshop on Engineering and Cybersecurity of Critical Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3786160.3788466","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T07:46:52Z","timestamp":1778831212000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3786160.3788466"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,12]]},"references-count":67,"alternative-id":["10.1145\/3786160.3788466","10.1145\/3786160"],"URL":"https:\/\/doi.org\/10.1145\/3786160.3788466","relation":{},"subject":[],"published":{"date-parts":[[2026,4,12]]},"assertion":[{"value":"2026-05-15","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}