{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T13:36:13Z","timestamp":1773840973591,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":28,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,10,10]],"date-time":"2022-10-10T00:00:00Z","timestamp":1665360000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"FCT","award":["UIDB\/50021\/2020"],"award-info":[{"award-number":["UIDB\/50021\/2020"]}]},{"name":"Feder \/ FCT","award":["ANI 045917"],"award-info":[{"award-number":["ANI 045917"]}]},{"name":"EuroHPC","award":["951732"],"award-info":[{"award-number":["951732"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,10,10]]},"DOI":"10.1145\/3551349.3556945","type":"proceedings-article","created":{"date-parts":[[2023,1,5]],"date-time":"2023-01-05T20:43:54Z","timestamp":1672951434000},"page":"1-12","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":24,"title":["GLITCH: Automated Polyglot Security Smell Detection in Infrastructure as Code"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6612-9013","authenticated-orcid":false,"given":"Nuno","family":"Saavedra","sequence":"first","affiliation":[{"name":"INESC-ID and IST, University of Lisbon, Portugal"}]},{"given":"Jo\u00e3o F.","family":"Ferreira","sequence":"additional","affiliation":[{"name":"INESC-ID and IST, University of Lisbon, Portugal"}]}],"member":"320","published-online":{"date-parts":[[2023,1,5]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"crossref","unstructured":"Ahmad Alnafessah Alim\u00a0Ul Gias Runan Wang Lulai Zhu Giuliano Casale and Antonio Filieri. 2021. Quality-Aware DevOps Research: Where Do We Stand?IEEE Access 9(2021) 44476\u201344489.","DOI":"10.1109\/ACCESS.2021.3064867"},{"key":"e_1_3_2_1_2_1","volume-title":"DNS outage post mortem. https:\/\/github.blog\/2014-01-18-dns-outage-post-mortem\/ Accessed","author":"Fryman James","year":"2022","unstructured":"James Fryman. 2014. DNS outage post mortem. https:\/\/github.blog\/2014-01-18-dns-outage-post-mortem\/ Accessed: 3 May 2022."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2019.00092"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2983990.2984000"},{"key":"e_1_3_2_1_5_1","volume-title":"Amazon and the $150 Million typo. https:\/\/www.npr.org\/sections\/thetwo-way\/2017\/03\/03\/518322734\/amazon-and-the-150-million-typo?t=1651588365675 Accessed","author":"Hersher Rebecca","year":"2022","unstructured":"Rebecca Hersher. 2017. Amazon and the $150 Million typo. https:\/\/www.npr.org\/sections\/thetwo-way\/2017\/03\/03\/518322734\/amazon-and-the-150-million-typo?t=1651588365675 Accessed: 3 May 2022."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-61467-0_6"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2015.12"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00031"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/0164-1212(92)90089-3"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Julien Lepiller Ruzica Piskac Martin Sch\u00e4f and Mark Santolucito. 2021. Analyzing Infrastructure as Code to Prevent Intra-update Sniping Vulnerabilities.. In TACAS (2). 105\u2013123.","DOI":"10.1007\/978-3-030-72013-1_6"},{"key":"e_1_3_2_1_11_1","unstructured":"MITRE. 2022. CWE-Common Weakness Enumeration. https:\/\/cwe.mitre.org\/index.html."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9512-6"},{"key":"e_1_3_2_1_13_1","unstructured":"Pars Mutaf. 1999. Defending against a Denial-of-Service Attack on TCP.. In Recent Advances in Intrusion Detection."},{"key":"e_1_3_2_1_14_1","unstructured":"National Institute of Standards and Technology. 2014. Security and Privacy Controls for Federal Information Systems and Organizations. https:\/\/www.nist.gov\/publications\/security-and-privacy-controls-federal-information-systems-and-organizations-including-0."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380409"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09841-8"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2018.12.004"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00033"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3408897"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2018.00014"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2019.04.013"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","unstructured":"Eric Rescorla 2000. HTTP over TLS. RFC 2818 May.","DOI":"10.17487\/rfc2818"},{"key":"e_1_3_2_1_23_1","unstructured":"Johnny Salda\u00f1a. 2021. The coding manual for qualitative researchers. sage."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/QUATIC.2018.00040"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2908080.2908083"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2901761"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380384"},{"key":"e_1_3_2_1_28_1","volume-title":"2018 IEEE 25th international conference on software analysis, evolution and reengineering (SANER). IEEE, 164\u2013174","author":"Bent Eduard Van\u00a0der","year":"2018","unstructured":"Eduard Van\u00a0der Bent, Jurriaan Hage, Joost Visser, and Georgios Gousios. 2018. How good is your puppet? an empirically defined and validated quality model for puppet. In 2018 IEEE 25th international conference on software analysis, evolution and reengineering (SANER). IEEE, 164\u2013174."}],"event":{"name":"ASE '22: 37th IEEE\/ACM International Conference on Automated Software Engineering","location":"Rochester MI USA","acronym":"ASE '22"},"container-title":["Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3551349.3556945","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3551349.3556945","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T08:29:50Z","timestamp":1755851390000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3551349.3556945"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,10]]},"references-count":28,"alternative-id":["10.1145\/3551349.3556945","10.1145\/3551349"],"URL":"https:\/\/doi.org\/10.1145\/3551349.3556945","relation":{},"subject":[],"published":{"date-parts":[[2022,10,10]]},"assertion":[{"value":"2023-01-05","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}