Axiom Gateway
Join
Latest
Call for Papers: Vol. 42 closes 30 JuneNew: Quantum Security Summit registration openAxiom Standard 7042-2024 now ratifiedGrant cycle 2025 — $4.2M committedFellows election voting opens 15 JulyCall for Papers: Vol. 42 closes 30 JuneNew: Quantum Security Summit registration openAxiom Standard 7042-2024 now ratifiedGrant cycle 2025 — $4.2M committedFellows election voting opens 15 July
Digital Library

Research Archive

Search across 2.4 million peer-reviewed documents from journals, conferences, and standards.

Showing 2 of 2,418,902 results

Journal Article Open Access Cybersecurity

Security Scanning Integration in DevSecOps Pipelines: Comparative Effectiveness of SAST, DAST, SCA, and Container Image Scanning Across Vulnerability Classes

Automated security scanning has become an integral component of DevSecOps pipelines, yet practitioner selection of scanning tool categories is frequently driven by tool familiarity rather than empirical evidence of coverage effectiveness across vulnerability classes. This paper presents a controlled empirical evaluation of four scanning modalities — Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Container Image Scanning — across a benchmark corpus of 3,600 intentionally introduced vulnerabilities spanning 18 CWE categories in Python, Java, and Node.js applications. We find that no single scanning modality achieves greater than 58% coverage across all CWE categories, and that modality coverage profiles are largely complementary: SAST excels at injection and logic vulnerabilities, DAST at authentication and session management issues, SCA at known CVE-catalogued dependency vulnerabilities, and Container Scanning at OS-layer and configuration vulnerabilities. A pipeline implementing all four modalities achieves 84.3% aggregate vulnerability coverage. We introduce the Security Scanning Coverage Matrix (SSCM) as a decision tool for pipeline architects and evaluate 12 commercial and open-source tools — including Semgrep, SonarQube, OWASP ZAP, Snyk, and Trivy — against the matrix. We also analyze false positive rates and their impact on developer adoption, finding that false positive rates above 18% trigger systematic alert fatigue and scanning suppression.

Funmilayo Oladapo, Erik Strand, Yuki Yoshida, Pedro Neves· Nov 2023· 312 citations
Journal Article Open Access Human-Computer Interaction

Explainable AI Interfaces for Clinical Decision Support: Design Principles, Physician Trust Calibration, and Patient Safety Outcomes in Diagnostic Assistance Systems

Artificial intelligence diagnostic assistance systems are being deployed in clinical settings with the potential to improve diagnostic accuracy, yet poorly designed explanation interfaces risk creating overtrust, undertrust, and automation bias -- cognitive failure modes with direct patient safety consequences. This paper investigates explainable AI interface design for clinical decision support systems (CDSS) through a mixed-methods study combining a randomized controlled experiment (n=187 physicians across radiology, pathology, and emergency medicine specialties), eye-tracking analysis, and think-aloud protocol sessions. We evaluate four explanation modality conditions -- no explanation, confidence score only, feature attribution (SHAP values), and counterfactual explanation -- for their effects on diagnostic accuracy, trust calibration error, and decision time. Counterfactual explanations (presenting alternative diagnoses the AI would have made under modified input conditions) achieve the highest diagnostic accuracy improvement (9.4 percentage points above unaided baseline) and the lowest trust calibration error. Feature attribution (SHAP) explanations are most valued by physicians in think-aloud sessions but do not improve diagnostic accuracy for non-expert AI users due to feature space unfamiliarity. We develop the Clinical XAI Design Principles (CXDP) framework comprising 12 evidence-grounded interface design guidelines, and demonstrate their application in redesigning a commercial CDSS explanation interface with a 14-point improvement in physician trust calibration accuracy.

Adaeze Obi, Maja Bergstrom, Akiko Suzuki, Yasmin Khalil· Nov 2023· 334 citations