-
Notifications
You must be signed in to change notification settings - Fork 0
/
references.bib
1682 lines (1481 loc) · 59.4 KB
/
references.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
@book{dirksen2015design,
title={Design for how people learn},
author={Dirksen, Julie},
year={2015},
publisher={New Riders}
}
@inproceedings{xie2011programmers, title={Why do programmers make security errors?}, author={Xie, Jing and Lipford, Heather Richter and Chu, Bill}, booktitle={Visual Languages and Human-Centric Computing (VL/HCC), 2011 IEEE Symposium on}, pages={161--164}, year={2011}, organization={IEEE}}
@inproceedings{zhu2013, title={Interactive support for secure programming education}, author={Zhu, Jun and Lipford, Heather Richter and Chu, Bill}, booktitle={Proceeding of the 44th ACM technical symposium on Computer science education}, pages={687--692}, year={2013}, organization={ACM}}
@inproceedings{whitney2015embedding, title={Embedding secure coding instruction into the IDE: A field study in an advanced CS course}, author={Whitney, Michael and Lipford-Richter, Heather and Chu, Bill and Zhu, Jun}, booktitle={Proceedings of the 46th ACM Technical Symposium on Computer Science Education}, pages={60--65}, year={2015}, organization={ACM}}
@inproceedings{zhu2015mitigating, title={Mitigating access control vulnerabilities through interactive static analysis}, author={Zhu, Jun and Chu, Bill and Lipford, Heather and Thomas, Tyler}, booktitle={Proceedings of the 20th ACM Symposium on Access Control Models and Technologies}, pages={199--209}, year={2015}, organization={ACM}}
@article{zhu2014supporting, title={Supporting secure programming in web applications through interactive static analysis}, author={Zhu, Jun and Xie, Jing and Lipford, Heather Richter and Chu, Bill}, journal={Journal of advanced research}, volume={5}, number={4}, pages={449--462}, year={2014}, publisher={Elsevier}}
@inproceedings{xie2011, title={Idea: Interactive Support for Secure Software Development.}, author={Xie, Jing and Chu, Bill and Lipford, Heather Richter}, booktitle={ESSoS}, pages={248--255}, year={2011}, organization={Springer}}
@inproceedings{xie2011aside, title={{ASIDE}: {IDE} support for web application security}, author={Xie, Jing and Chu, Bill and Lipford, Heather Richter and Melton, John T}, booktitle={Proceedings of the 27th Annual Computer Security Applications Conference}, pages={267--276}, year={2011}, organization={ACM}}
@inproceedings{xie2012, title={Evaluating interactive support for secure programming}, author={Xie, Jing and Lipford, Heather and Chu, Bei-Tseng}, booktitle={Proceedings of the SIGCHI Conference on Human Factors in Computing Systems}, pages={2707--2716}, year={2012}, organization={ACM}}
@inproceedings{baset2017ide,
title={Ide plugins for detecting input-validation vulnerabilities},
author={Baset, Aniqua Z and Denning, Tamara},
booktitle={2017 IEEE Security and Privacy Workshops (SPW)},
pages={143--146},
year={2017},
organization={IEEE}
}
@inproceedings{cruzes2017security, title={How is Security Testing Done in Agile Teams? A Cross-Case Analysis of Four Software Teams}, author={Cruzes, Daniela Soares and Felderer, Michael and Oyetoyan, Tosin Daniel and Gander, Matthias and Pekaric, Irdin}, booktitle={Int'l Conf.\ on Agile Software Development}, pages={201--216}, year={2017}, organization={Springer}}
@inproceedings{morrison2017surveying, title={Surveying Security Practice Adherence in Software Development}, author={Morrison, Patrick and Smith, Benjamin H and Williams, Laurie}, booktitle={Proceedings of the Hot Topics in Science of Security: Symposium and Bootcamp}, pages={85--94}, year={2017}, organization={ACM}}
@article{sharma2017, title={Aspects of Enhancing Security in Software Development Life Cycle}, author={Sharma, Anuradha and Misra, Praveen Kumar}, journal={Advances in Computational Sciences and Technology}, volume={10}, number={2}, pages={203--210}, year={2017}}
@article{banerjee2009software, title={Software Security Rules, SDLC Perspective}, author={Banerjee, C and Pandey, SK}, journal={arXiv preprint arXiv:0911.0494}, year={2009}}
@inproceedings{poller2017can, title={Can Security Become a Routine?: A Study of Organizational Change in an Agile Software Development Group.}, author={Poller, Andreas and Kocksch, Laura and T{\"u}rpe, Sven and Epp, Felix Anand and Kinder-Kurlanda, Katharina}, booktitle={CSCW}, pages={2489--2503}, year={2017}}
@inproceedings{lipfordimpact,
title={The Impact of a Structured Application Development Framework on Web Application Security},
author={Lipford, Heather Richter and Xie, Jing and Stranathan, Will and Oakley, Daniel and Chu, Bei-Tseng},
booktitle={Proceedings of the 14th Colloquium for Information Systems Security Education},
pages={212--219},
year={2010},
organization={Baltimore Marriott Inner Harbor}
}
@inproceedings{tabassum2017comparing, title={Comparing Educational Approaches to Secure Programming: Tool vs. TA}, author={Tabassum, Madiha and Watson, Stacey and Lipford, Heather Richter}, booktitle={Symposium on Usable Privacy and Security (SOUPS)}, year={2017}}
@inproceedings{zhioua2017formal, title={Formal Specification and Verification of Security Guidelines}, author={Zhioua, Zeineb and Roudier, Yves and Ameur, Rabea Boulifa}, booktitle={Dependable Computing (PRDC), 2017 IEEE 22nd Pacific Rim International Symposium on}, pages={267--273}, year={2017}, organization={IEEE}}
@article{hodge2003comparison,
title={A comparison of standard spell checking algorithms and a novel binary neural approach},
author={Hodge, Victoria J and Austin, Jim},
journal={IEEE transactions on knowledge and data engineering},
volume={15},
number={5},
pages={1073--1081},
year={2003},
publisher={IEEE}
}
@inproceedings{chen2002mops,
title={MOPS: an infrastructure for examining security properties of software},
author={Chen, Hao and Wagner, David},
booktitle={Proceedings of the 9th ACM conference on Computer and communications security},
pages={235--244},
year={2002},
organization={ACM}
}
@ARTICLE{findbugs2008,
author={N. Ayewah and D. Hovemeyer and J. D. Morgenthaler and J. Penix and W. Pugh},
journal={IEEE Software},
title={Using Static Analysis to Find Bugs},
year={2008},
volume={25},
number={5},
pages={22-29},
keywords={Java;SQL;public domain software;security of data;software engineering;FindBugs;Java;SQL injection;open source static-analysis tool;runtime errors;security violations;software development;Computer bugs;Educational institutions;Java;Open source software;Production;Programming;Security;Software quality;Software tools;Testing;FindBugs;bug patterns;code quality;software defects;software quality;static analysis},
doi={10.1109/MS.2008.130},
ISSN={0740-7459},
month={Sept},}
@inproceedings{ayewah2007evaluating,
title={Evaluating static analysis defect warnings on production software},
author={Ayewah, Nathaniel and Pugh, William and Morgenthaler, J David and Penix, John and Zhou, YuQian},
booktitle={Proc.\ 7th workshop on Program analysis for software tools and engineering},
pages={1--8},
year={2007},
OPTorganization={ACM}
}
@article{damm2006faults,
title={Faults-slip-through—a concept for measuring the efficiency of the test process},
author={Damm, Lars-Ola and Lundberg, Lars and Wohlin, Claes},
journal={Software Process: Improvement and Practice},
volume={11},
number={1},
pages={47--59},
year={2006},
publisher={Wiley Online Library}
}
@article{briand2000comprehensive,
title={A comprehensive evaluation of capture-recapture models for estimating software defect content},
author={Briand, Lionel C and El Emam, Khaled and Freimut, Bernd G and Laitenberger, Oliver},
journal={IEEE Transactions on Software Engineering},
volume={26},
number={6},
pages={518--540},
year={2000},
publisher={IEEE}
}
@inproceedings{baca2008evaluating,
title={Evaluating the cost reduction of static code analysis for software security},
author={Baca, Dejan and Carlsson, Bengt and Lundberg, Lars},
booktitle={Proc.\ 3rd ACM SIGPLAN workshop on Programming languages and analysis for security},
pages={79--88},
year={2008},
organization={ACM}
}
@book{chess2007secure,
title={Secure programming with static analysis},
author={Chess, Brian and West, Jacob},
year={2007},
publisher={Pearson Education}
}
@inproceedings{livshits2005finding,
title={Finding Security Vulnerabilities in Java Applications with Static Analysis.},
author={Livshits, V Benjamin and Lam, Monica S},
booktitle={USENIX Security Symposium},
volume={14},
pages={18--18},
year={2005}
}
@inproceedings{turpe2016penetration,
title={Penetration Tests a Turning Point in Security Practices? Organizational Challenges and Implications in a Software Development Team.},
author={T{\"u}rpe, Sven and Kocksch, Laura and Poller, Andreas},
booktitle={WSIW@ SOUPS},
year={2016}
}
@article{li2017static,
title={Static analysis of android apps: A systematic literature review},
author={Li, Li and Bissyand{\'e}, Tegawend{\'e} F and Papadakis, Mike and Rasthofer, Siegfried and Bartel, Alexandre and Octeau, Damien and Klein, Jacques and Traon, Le},
journal={Information and Software Technology},
volume={88},
pages={67--95},
year={2017},
publisher={Elsevier}
}
@inproceedings{jovanovic2006pixy,
title={Pixy: A static analysis tool for detecting web application vulnerabilities},
author={Jovanovic, Nenad and Kruegel, Christopher and Kirda, Engin},
booktitle={Security and Privacy, 2006 IEEE Symposium on},
pages={6--pp},
year={2006},
organization={IEEE}
}
@article{chess2004static,
title={Static analysis for security},
author={Chess, Brian and McGraw, Gary},
journal={IEEE Security \& Privacy},
volume={2},
number={6},
pages={76--79},
year={2004},
publisher={IEEE}
}
@INPROCEEDINGS{Scandariato2013,
author={R. Scandariato and J. Walden and W. Joosen},
booktitle={24th Int'l Symp.\ on Software Reliability Engineering (ISSRE)},
title={Static analysis versus penetration testing: A controlled experiment},
year={2013},
volume={},
number={},
pages={451-460},
keywords={program diagnostics;program testing;public domain software;automated static analysis;black box penetration testing;open source blogging applications;Context;Databases;Manuals;Productivity;Security;Software;Testing},
doi={10.1109/ISSRE.2013.6698898},
ISSN={1071-9458},
month={Nov},}
@book{armsrace,
editor = {Larsen, Per and Sadeghi, Ahmad-Reza},
title = {The Continuing Arms Race: Code-Reuse Attacks and Defenses},
year = {2018},
isbn = {978-1-97000-183-9},
publisher = {Association for Computing Machinery and Morgan \&\#38; Claypool},
address = {New York, NY, USA},
}
@InProceedings{securitytestingagile,
author="Cruzes, Daniela Soares
and Felderer, Michael
and Oyetoyan, Tosin Daniel
and Gander, Matthias
and Pekaric, Irdin",
editor="Baumeister, Hubert
and Lichter, Horst
and Riebisch, Matthias",
title="How is Security Testing Done in Agile Teams? A Cross-Case Analysis of Four Software Teams",
booktitle="Agile Processes in Software Engineering and Extreme Programming",
year="2017",
publisher="Springer International Publishing",
address="Cham",
pages="201--216",
isbn="978-3-319-57633-6"
}
@inproceedings{futcher2008guidelines,
title={Guidelines for secure software development},
author={Futcher, Lynn and von Solms, Rossouw},
booktitle={Proceedings of the 2008 annual research conference of the South African Institute of Computer Scientists and Information Technologists on IT research in developing countries: riding the wave of technology},
pages={56--65},
year={2008},
organization={ACM}
}
@misc{ESAPI,
title={{OWASP Enterprise Security API Toolkits - Datasheet}},
key={OWASP},
howpublished={\url{https://www.owasp.org/images/8/81/Esapi-datasheet.pdf}}
}
@inproceedings{taintdroid,
author = {Enck, William and Gilbert, Peter and Chun, Byung-Gon and Cox, Landon P. and Jung, Jaeyeon and McDaniel, Patrick and Sheth, Anmol N.},
title = {TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones},
booktitle = {Proc.\ 9th USENIX Conf.\ on Operating Systems Design and Implementation},
OPTseries = {OSDI'10},
year = {2010},
OPTlocation = {Vancouver, BC, Canada},
pages = {393--407},
OPTnumpages = {15},
OPTurl = {http://dl.acm.org/citation.cfm?id=1924943.1924971},
OPTacmid = {1924971},
OPTpublisher = {USENIX Association},
OPTaddress = {Berkeley, CA, USA},
}
@book{schumacher2013security,
title={Security Patterns: Integrating security and systems engineering},
author={Schumacher, Markus and Fernandez-Buglioni, Eduardo and Hybertson, Duane and Buschmann, Frank and Sommerlad, Peter},
year={2013},
publisher={John Wiley \& Sons}
}
@inproceedings{witteman2008secure,
title={Secure application programming in the presence of side channel attacks},
author={Witteman, Marc and Oostdijk, Martijn},
booktitle={RSA conference},
volume={2008},
year={2008}
}
@misc{RSAvideo,
title={{How to Transform Developers into Security People}},
key={RSQ},
author={Christopher Romeo},
howpublished={\url{https://www.rsaconference.com/videos/how-to-transform-developers-into-security-people}}
}
@inproceedings{sadowski2015tricorder,
title={Tricorder: Building a program analysis ecosystem},
author={Sadowski, Caitlin and Van Gogh, Jeffrey and Jaspan, Ciera and S{\"o}derberg, Emma and Winter, Collin},
booktitle={Proceedings of the 37th International Conference on Software Engineering-Volume 1},
pages={598--608},
year={2015},
organization={IEEE Press}
}
@book{syed2015black,
title={Black Box Thinking: Why Most People Never Learn from Their Mistakes--But Some Do},
author={Syed, Matthew},
year={2015},
publisher={Penguin}
}
@article{bessey2010few,
title={A few billion lines of code later: using static analysis to find bugs in the real world},
author={Bessey, Al and Block, Ken and Chelf, Ben and Chou, Andy and Fulton, Bryan and Hallem, Seth and Henri-Gros, Charles and Kamsky, Asya and McPeak, Scott and Engler, Dawson},
journal={Communications of the ACM},
volume={53},
number={2},
pages={66--75},
year={2010},
publisher={ACM}
}
@book{johnson1977lint,
title={Lint, a C program checker},
author={Johnson, Stephen C},
year={1977},
publisher={Citeseer}
}
@inproceedings{paletov2018inferring,
title={Inferring crypto API rules from code changes},
author={Paletov, Rumen and Tsankov, Petar and Raychev, Veselin and Vechev, Martin},
booktitle={Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation},
pages={450--464},
year={2018},
organization={ACM}
}
@article{brown2016build,
title={How to build static checking systems using orders of magnitude less code},
author={Brown, Fraser and N{\"o}tzli, Andres and Engler, Dawson},
journal={ACM SIGPLAN Notices},
volume={51},
number={4},
pages={143--157},
year={2016},
publisher={ACM}
}
@inproceedings{johnson2013don,
title={Why don't software developers use static analysis tools to find bugs?},
author={Johnson, Brittany and Song, Yoonki and Murphy-Hill, Emerson and Bowdidge, Robert},
booktitle={Proceedings of the 2013 International Conference on Software Engineering},
pages={672--681},
year={2013},
organization={IEEE Press}
}
@inproceedings{layman2007toward,
title={Toward reducing fault fix time: Understanding developer behavior for the design of automated fault detection tools},
author={Layman, Lucas and Williams, Laurie and Amant, Robert St},
booktitle={Empirical Software Engineering and Measurement, 2007. ESEM 2007. First International Symposium on},
pages={176--185},
year={2007},
organization={IEEE}
}
@article{whitney2018embedding,
title={Embedding Secure Coding Instruction Into the IDE: Complementing Early and Intermediate CS Courses With ESIDE},
author={Whitney, Michael and Lipford, Heather Richter and Chu, Bill and Thomas, Tyler},
journal={Journal of Educational Computing Research},
volume={56},
number={3},
pages={415--438},
year={2018},
publisher={SAGE Publications Sage CA: Los Angeles, CA}
}
@inproceedings{ayewah2010google,
title={The google findbugs fixit},
author={Ayewah, Nathaniel and Pugh, William},
booktitle={Proc.\ 19th Int'l Symp.\ on Software testing and analysis},
pages={241--252},
year={2010},
OPTorganization={ACM}
}
@inproceedings{ayewah2007using,
title={Using findbugs on production software},
author={Ayewah, Nathaniel and Pugh, William and Morgenthaler, J David and Penix, John and Zhou, YuQian},
booktitle={Companion to the 22nd Conf.\ on Object-oriented programming systems and applications},
pages={805--806},
year={2007},
OPTorganization={ACM}
}
@inproceedings{weimer2009automatically,
title={Automatically finding patches using genetic programming},
author={Weimer, Westley and Nguyen, ThanhVu and Le Goues, Claire and Forrest, Stephanie},
booktitle={Proc.\ 31st Int'l Conf.\ on Software Engineering},
pages={364--374},
year={2009},
organization={IEEE Computer Society}
}
@inproceedings{kim2013automatic,
title={Automatic patch generation learned from human-written patches},
author={Kim, Dongsun and Nam, Jaechang and Song, Jaewoo and Kim, Sunghun},
booktitle={Proceedings of the 2013 International Conference on Software Engineering},
pages={802--811},
year={2013},
organization={IEEE Press}
}
@article{long2016automatic,
title={Automatic patch generation by learning correct code},
author={Long, Fan and Rinard, Martin},
journal={ACM SIGPLAN Notices},
volume={51},
number={1},
pages={298--312},
year={2016},
publisher={ACM}
}
@misc{fsca,
author = "{Micro Focus}",
title = "{Fortify Static Code Analyzer: Static Application Security Testing}",
howpublished = "\url{https://www.microfocus.com/en-us/products/static-code-analysis-sast/overview}",
note = "Last accessed 2019-10-14",
}
@misc{netflixprizeforum,
author = "{Netflix}",
title = "{Netflix Prize: Forum / Grand Prize awarded to team BellKor’s Pragmatic Chaos}",
howpublished = "\url{https://web.archive.org/web/20090924184639/http://www.netflixprize.com/community/viewtopic.php?id=1537}",
note = "(Archived) Last accessed 2021-09-23",
}
@misc{netflixprizeleaderboard,
author = "{Netflix}",
title = "{Netflix Prize: View Leaderboard}",
howpublished = "\url{https://web.archive.org/web/20091227111134/http://www.netflixprize.com/leaderboard}",
note = "(Archived) Last accessed 2021-09-23",
}
https://web.archive.org/web/20091227111134/http://www.netflixprize.com/leaderboard
@misc{fsca-curstom-rules,
author = "{Micro Focus}",
title = "{Fortify SCA Custom Rules Reference}",
howpublished = "\url{http://bigsec.net/b52/Fortify/rules-schema/}",
note = "Last accessed 2019-10-15"
}
@misc{fod,
author = "{Micro Focus}",
title = "{Fortify on Demand: Application Security as a Service}",
howpublished = "\url{https://www.microfocus.com/en-us/products/application-security-testing/overview}",
note = "Last accessed 2019-10-15",
}
@misc{fsa,
author = "{Micro Focus}",
title = "{Secure SDLC - IDEs}",
howpublished = "\url{https://www.microfocus.com/en-us/marketing/secure-sdlc-and-devops#section3}",
note = "Last accessed 2019-10-15"
}
@misc{shipshape,
author = "{Google}",
title = "{Github: Shipshape}",
howpublished = "\url{https://github.com/google/shipshape}",
note = "Last accessed 2019-10-15"
}
@misc{spotbugs,
author = "{SpotBugs}",
title = "{SpotBugs: Find bugs in Java Programs}",
howpublished = "\url{https://spotbugs.github.io/}",
note = "Last accessed 2019-10-15"
}
@misc{findbugs,
author = "{University of Maryland}",
title = "{FindBugs™ - Find Bugs in Java Programs}",
howpublished = "\url{http://findbugs.sourceforge.net/}",
note = "Last accessed 2019-10-15"
}
@misc{spotbugsdescriptions,
author = "{SpotBugs}",
title = "{Bug descriptions}",
howpublished = "\url{https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#security-security}",
note = "Last accessed 2019-10-15"
}
@misc{spotbugsapi,
author = "{SpotBugs}",
title = "{SpotBugs API Documentation}",
howpublished = "\url{https://javadoc.io/doc/com.github.spotbugs/spotbugs/3.1.10}", note = "Last accessed 2019-10-15"
}
@misc{findsecbugs,
author = "{FindSecBugs}",
title = "{Find Security Bugs: The SpotBugs plugin for security audits of Java web applications}",
howpublished = "\url{https://find-sec-bugs.github.io/}",
note = "Last accessed 2019-10-15"
}
@misc{veracode,
author = "{Veracode}",
title = "{Veracode Static Analysis: Don't Just Find Security Defects in Your Code - Fix Them Fast}",
howpublished = "\url{https://www.veracode.com/products/binary-static-analysis-sast}",
note = "Last accessed 2019-10-15"
}
@misc{cxaudit,
author = "{Checkmarx}",
title = "{CxAudit Overview}",
howpublished = "\url{https://checkmarx.atlassian.net/wiki/spaces/KC/pages/5406733/CxAudit+Overview}",
note = "Last accessed 2019-10-15"
}
@misc{aside,
author = "{OWASP}",
title = "{ASIDE Project}",
howpublished = "\url{https://www.owasp.org/index.php/OWASP\_ASIDE\_Project}",
note = "Last accessed 2019-10-16"
}
@misc{eside,
author = "{UNC Charlotte College of Computing and Informatics}",
title = "{Educational Security in the IDE (ESIDE)}",
howpublished = "\url{https://eside.uncc.edu/}",
note = "Last accessed 2019-10-16"
}
@misc{snyk,
author = "{Snyk}",
title = "{Open Source Security Platform}",
howpublished = "\url{https://snyk.io/}",
note = "Last accessed 2019-10-22"
}
@misc{secureassist,
author = "{Synopsys}",
title = "{SecureAssist Overview}",
howpublished = "\url{https://community.synopsys.com/s/article/SecureAssist-Overview}",
note = "Last accessed 2019-10-25"
}
@misc{secureassistide,
author = "{Synopsys}",
title = "{How to use SecureAssist IntelliJ Plugin}",
howpublished = "\url{https://community.synopsys.com/s/article/How-to-Use-SecureAssist-IntelliJ-Plug-in}",
note = "Last accessed 2019-10-25"
}
@misc{sastinide,
author = "{Synopsys}",
title = "{SAST in IDE
(SecureAssist)}",
howpublished = "\url{https://www.synopsys.com/content/dam/synopsys/sig-assets/datasheets/secureassist-datasheet.pdf}",
note = "Last accessed 2019-10-25"
}
@misc{secureassistruletutorial,
author = "{Synopsys}",
title = "{SecureAssist Custom Rule Tutorial}",
howpublished = "\url{http://download.asteriskresearch.com/2.4/SecureAssist%20Custom%20Rule%20Tutorial%2010-2014.pdf}",
note = "Last accessed 2019-10-25"
}
@book{wohlin2012experimentation,
title={Experimentation in software engineering},
author={Wohlin, Claes and Runeson, Per and H{\"o}st, Martin and Ohlsson, Magnus C and Regnell, Bj{\"o}rn and Wessl{\'e}n, Anders},
year={2012},
publisher={Springer Science \& Business Media}
}
@article{hadi2016driving,
title={Driving learner engagement and completion within MOOCs: a case for structured learning support},
author={HADI, Syed Munib and RAWSON, Rebecca},
journal={Proceedings of the European Stakeholder Summit on experiences and best practices in and around MOOCs (EMOOCS 2016)},
pages={81},
year={2016},
publisher={BoD--Books on Demand}
}
@article{hamari2016challenging,
title={Challenging games help students learn: An empirical study on engagement, flow and immersion in game-based learning},
author={Hamari, Juho and Shernoff, David J and Rowe, Elizabeth and Coller, Brianno and Asbell-Clarke, Jodi and Edwards, Teon},
journal={Computers in human behavior},
volume={54},
pages={170--179},
year={2016},
publisher={Elsevier}
}
@inproceedings{van2008difficulty,
title={Difficulty Scaling through Incongruity},
author={Van Lankveld, Giel and Spronck, Pieter and Rauterberg, Matthias},
booktitle={Proceedings of the Fourth Artificial Intelligence and Interactive Digital Entertainment Conference},
pages={228--229},
year={2008},
organization={AIIDE}
}
@misc{shiftleftsurvey,
title = "Developer Productivity \& Security Survey",
author = "ShiftLeft",
howpublished = "\url{https://go.shiftleft.io/developer-productivity-and-security-survey}",
note = "Last accessed 2020-12-22"
}
@misc{gitlabsurvey,
title = "Mapping the DevSecOps Landscape: 2020 Survey Results",
author = "GitLab",
howpublished = "\url{https://about.gitlab.com/resources/downloads/2020-devsecops-report.pdf}",
note = "Last accessed 2021-01-26"
}
@misc{owasptop10data,
title = "OWASP Top 10 Datacall submissions",
author = "OWASP",
howpublished = "\url{https://github.com/OWASP/Top10/tree/master/2017/datacall/submissions}",
note = "Last accessed 2020-12-19"
}
@misc{trustwave,
title = "Global Security Report",
author = "Trustwave",
howpublished = "\url{https://www2.trustwave.com/rs/815-RFM-693/images/Trustwave_2018-GSR_20180329_Interactive.pdf}",
note = "Last accessed 2018-05-22"
}
@misc{softwareassurance,
author = "{U.S. Department of Homeland Security}",
title = "{Infosheet Software Assurance}",
howpublished = "\url{https://www.us-cert.gov/sites/default/files/publications/infosheet_SoftwareAssurance.pdf}",
note = "Last accessed 2018-05-22",
}
@misc{stackoverflow2020,
author = "{StackOverflow}",
title = "{2020 Developer Survey}",
howpublished = "\url{https://insights.stackoverflow.com/survey/2020}",
note = "Last accessed 2021-06-09",
}
@misc{bsimm9,
title={Building Security in Maturity Model 9(BSIMM)},
author={McGraw, Gary and Migues, Sammy and West, Jacob},
howpublished = "\url{https://www.bsimm.com/}",
note={Last accessed 2018-05-22}
}
@misc{bsimm11,
title={Building Security in Maturity Model 11(BSIMM)},
author={McGraw, Gary and Migues, Sammy and West, Jacob},
howpublished = "\url{https://www.bsimm.com/}",
note={Last accessed 2020-12-22}
}
@article{kern2014securing,
title={Securing the tangled web},
author={Kern, Christoph},
journal={Queue},
volume={12},
number={7},
pages={40--55},
year={2014},
publisher={ACM New York, NY, USA}
}
@book{magis2017computerized,
title={Computerized adaptive and multistage testing with R: Using packages catr and mstr},
author={Magis, David and Yan, Duanli and Von Davier, Alina A},
year={2017},
publisher={Springer}
}
@article{weiss1984application,
title={Application of computerized adaptive testing to educational problems},
author={Weiss, David J and Kingsbury, G Gage},
journal={Journal of Educational Measurement},
volume={21},
number={4},
pages={361--375},
year={1984},
publisher={Wiley Online Library}
}
@article{ling2017computerized,
title={Is a computerized adaptive test more motivating than a fixed-item test?},
author={Ling, Guangming and Attali, Yigal and Finn, Bridgid and Stone, Elizabeth A},
journal={Applied psychological measurement},
volume={41},
number={7},
pages={495--511},
year={2017},
publisher={Sage Publications Sage CA: Los Angeles, CA}
}
@article{rasch1960probabilistic,
title={Probabilistic models for some intelligence and attainment tests: Danish institute for Educational Research},
author={Rasch, George},
journal={Denmark Paedogiska, Copenhagen},
year={1960}
}
@article{dodd1995computerized,
title={Computerized adaptive testing with polytomous items},
author={Dodd, Barbara G and De Ayala, RJ and Koch, William R},
journal={Applied psychological measurement},
volume={19},
number={1},
pages={5--22},
year={1995},
publisher={Sage Publications Sage CA: Thousand Oaks, CA}
}
@misc{doddevsecops,
title={Department of Defense (DoD) Enterprise DevSecOps Reference Design, Department of Defense (DoD) Chief Information Officer},
author={Lam, Thomas and Chaillan, Nicolas},
howpublished = "\url{https://dodcio.defense.gov/Portals/0/Documents/DoD\%20Enterprise\%20DevSecOps\%20Reference\%20Design\%20v1.0_Public\%20Release.pdf}",
note={Last accessed 2021-07-05}
}
@misc{snyk2020,
title={The State of Open Source Security Report 2020},
author={Snyk},
howpublished = "\url{https://go.snyk.io/SoOSS-Report-2020.html}",
note={Last accessed 2021-09-28}
}
@inproceedings{nielsen1993mathematical,
title={A mathematical model of the finding of usability problems},
author={Nielsen, Jakob and Landauer, Thomas K},
booktitle={Proceedings of the INTERACT'93 and CHI'93 conference on Human factors in computing systems},
pages={206--213},
year={1993}
}
@book{liu2015comparing,
title={Comparing Welch ANOVA, a Kruskal-Wallis test, and traditional ANOVA in case of heterogeneity of variance},
author={Liu, Hangcheng},
year={2015},
publisher={Virginia Commonwealth University}
}
@article{games1976pairwise,
title={Pairwise multiple comparison procedures with unequal n’s and/or variances: a Monte Carlo study},
author={Games, Paul A and Howell, John F},
journal={Journal of Educational Statistics},
volume={1},
number={2},
pages={113--125},
year={1976},
publisher={Sage Publications Sage CA: Thousand Oaks, CA}
}
@misc{nondot,
title={Chris Lattner's Homepage},
author={Chris Lattner},
howpublished = "\url{http://nondot.org/sabre/}",
note={Last accessed 2021-08-18}
}
@misc{jssec,
author = "Japan Smartphone Security Association",
note = "Last accessed 2021-07-25",
title = "{Android Application Secure Design/Secure Coding Guidebook}",
howpublished = "\url{http://www.jssec.org/dl/android_securecoding_en.pdf}",
}
@misc{cxsast,
author = "{Checkmarx}",
title = "{Static Application Security Testing: Secure Your Code from the Very Beginning}",
howpublished = "\url{https://www.checkmarx.com/products/static-application-security-testing/}",
note = "Last accessed 2019-10-15"
}
@inproceedings{johnson2015bespoke,
title={Bespoke tools: adapted to the concepts developers know},
author={Johnson, Brittany and Pandita, Rahul and Murphy-Hill, Emerson and Heckman, Sarah},
booktitle={Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering},
pages={878--881},
year={2015}
}
@article{cockburn2014supporting,
title={Supporting novice to expert transitions in user interfaces},
author={Cockburn, Andy and Gutwin, Carl and Scarr, Joey and Malacria, Sylvain},
journal={ACM Computing Surveys (CSUR)},
volume={47},
number={2},
pages={1--36},
year={2014},
publisher={ACM New York, NY, USA}
}
@inproceedings{sharma2017collaborative,
title={Collaborative filtering-based recommender system: Approaches and research challenges},
author={Sharma, Ritu and Gopalani, Dinesh and Meena, Yogesh},
booktitle={2017 3rd international conference on computational intelligence \& communication technology (CICT)},
pages={1--6},
year={2017},
organization={IEEE}
}
@article{yu2004probabilistic,
title={Probabilistic memory-based collaborative filtering},
author={Yu, Kai and Schwaighofer, Anton and Tresp, Volker and Xu, Xiaowei and Kriegel, H-P},
journal={IEEE Transactions on Knowledge and Data Engineering},
volume={16},
number={1},
pages={56--69},
year={2004},
publisher={IEEE}
}
@inproceedings{sarwar2001item,
title={Item-based collaborative filtering recommendation algorithms},
author={Sarwar, Badrul and Karypis, George and Konstan, Joseph and Riedl, John},
booktitle={Proceedings of the 10th international conference on World Wide Web},
pages={285--295},
year={2001}
}
@inproceedings{sarwar2002recommender,
title={Recommender systems for large-scale e-commerce: Scalable neighborhood formation using clustering},
author={Sarwar, Badrul M and Karypis, George and Konstan, Joseph and Riedl, John},
booktitle={Proceedings of the fifth international conference on computer and information technology},
volume={1},
pages={291--324},
year={2002},
organization={Citeseer}
}
@article{su2009survey,
title={A survey of collaborative filtering techniques},
author={Su, Xiaoyuan and Khoshgoftaar, Taghi M},
journal={Advances in artificial intelligence},
year={2009},
publisher={Hindawi}
}
@inproceedings{hu2008collaborative,
title={Collaborative filtering for implicit feedback datasets},
author={Hu, Yifan and Koren, Yehuda and Volinsky, Chris},
booktitle={2008 Eighth IEEE International Conference on Data Mining},
pages={263--272},
year={2008},
organization={Ieee}
}
@article{Hug2020,
doi = {10.21105/joss.02174},
url = {https://doi.org/10.21105/joss.02174},
year = {2020},
publisher = {The Open Journal},
volume = {5},
number = {52},
pages = {2174},
author = {Nicolas Hug},
title = {Surprise: A Python library for recommender systems},
journal = {Journal of Open Source Software}
}
@article{Koren2010,
title={Factor in the neighbors: Scalable and accurate collaborative filtering},
author={Koren, Yehuda},
journal={ACM Transactions on Knowledge Discovery from Data (TKDD)},
volume={4},
number={1},
pages={1--24},
year={2010},
publisher={ACM New York, NY, USA}
}
@inproceedings{zhou2008large,
title={Large-scale parallel collaborative filtering for the netflix prize},
author={Zhou, Yunhong and Wilkinson, Dennis and Schreiber, Robert and Pan, Rong},
booktitle={International conference on algorithmic applications in management},
pages={337--348},
year={2008},
organization={Springer}
}
@inproceedings{bennett2007netflix,
title={The netflix prize},
author={Bennett, James and Lanning, Stan and others},
booktitle={Proceedings of KDD cup and workshop},
volume={2007},
pages={35},
year={2007},
organization={New York, NY, USA.}
}
@inproceedings{koren2013collaborative,
title={Collaborative filtering on ordinal user feedback},
author={Koren, Yehuda and Sill, Joseph},
booktitle={Twenty-third international joint conference on artificial intelligence},
year={2013}
}
@inproceedings{lemire2005slope,
title={Slope one predictors for online rating-based collaborative filtering},
author={Lemire, Daniel and Maclachlan, Anna},
booktitle={Proceedings of the 2005 SIAM International Conference on Data Mining},
pages={471--475},
year={2005},
organization={SIAM}
}
@inproceedings{george2005scalable,
title={A scalable collaborative filtering framework based on co-clustering},
author={George, Thomas and Merugu, Srujana},
booktitle={Fifth IEEE International Conference on Data Mining (ICDM'05)},
pages={4--pp},
year={2005},
organization={IEEE}
}
@article{tanay2005biclustering,
title={Biclustering algorithms: A survey},
author={Tanay, Amos and Sharan, Roded and Shamir, Ron},
journal={Handbook of computational molecular biology},
volume={9},
number={1-20},
pages={122--124},
year={2005},
publisher={Citeseer}
}
@article{li2021novel,
title={A novel Collaborative Filtering recommendation approach based on Soft Co-Clustering},
author={Li, Man and Wen, Luosheng and Chen, Feiyu},
journal={Physica A: Statistical Mechanics and its Applications},
volume={561},
pages={125140},
year={2021},
publisher={Elsevier}
}
@article{breese2013empirical,
title={Empirical analysis of predictive algorithms for collaborative filtering},
author={Breese, John S and Heckerman, David and Kadie, Carl},
journal={arXiv preprint arXiv:1301.7363},
year={2013}
}
@inproceedings{o1999clustering,
title={Clustering items for collaborative filtering},
author={O’Connor, Mark and Herlocker, Jon},
booktitle={Proceedings of the ACM SIGIR workshop on recommender systems},
volume={128},
year={1999},
organization={Citeseer}
}
@article{heckerman2000dependency,
title={Dependency networks for inference, collaborative filtering, and data visualization},
author={Heckerman, David and Chickering, David Maxwell and Meek, Christopher and Rounthwaite, Robert and Kadie, Carl},
journal={Journal of Machine Learning Research},
volume={1},
number={Oct},
pages={49--75},
year={2000}
}
@article{moreno2016web,
title={Web mining based framework for solving usual problems in recommender systems. A case study for movies׳ recommendation},
author={Moreno, Mar{\'\i}a N and Segrera, Saddys and L{\'o}pez, Vivian F and Mu{\~n}oz, Mar{\'\i}a Dolores and S{\'a}nchez, {\'A}ngel Luis},
journal={Neurocomputing},
volume={176},
pages={72--80},
year={2016},
publisher={Elsevier}
}
@inproceedings{mnih2008probabilistic,
title={Probabilistic matrix factorization},
author={Mnih, Andriy and Salakhutdinov, Russ R},
booktitle={Advances in neural information processing systems},
pages={1257--1264},
year={2008}
}
@article{hoyer2004non,
title={Non-negative matrix factorization with sparseness constraints.},
author={Hoyer, Patrik O},
journal={Journal of machine learning research},
volume={5},
number={9},
year={2004}
}
@article{wang2012nonnegative,
title={Nonnegative matrix factorization: A comprehensive review},
author={Wang, Yu-Xiong and Zhang, Yu-Jin},
journal={IEEE Transactions on knowledge and data engineering},
volume={25},
number={6},
pages={1336--1353},
year={2012},
publisher={IEEE}
}
@techreport{sarwar2000application,
title={Application of dimensionality reduction in recommender system-a case study},
author={Sarwar, Badrul and Karypis, George and Konstan, Joseph and Riedl, John},
year={2000},
institution={Minnesota Univ Minneapolis Dept of Computer Science}
}
@inproceedings{polat2005svd,
title={SVD-based collaborative filtering with privacy},
author={Polat, Huseyin and Du, Wenliang},
booktitle={Proceedings of the 2005 ACM symposium on Applied computing},
pages={791--795},
year={2005}
}