{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:FGGNHRZUZPKOWPDHKFIAHVLHDK","short_pith_number":"pith:FGGNHRZU","schema_version":"1.0","canonical_sha256":"298cd3c734cbd4eb3c67515003d5671a9da76bd882a7aae02124ef498d170410","source":{"kind":"arxiv","id":"2605.13100","version":1},"attestation_state":"computed","paper":{"title":"Security Incentivization: An Empirical Study of how Micropayments Impact Code Security","license":"http://creativecommons.org/licenses/by/4.0/","headline":"Tying team bonuses to improvements in security scanner results reduces code issue density.","cross_cats":["cs.SE"],"primary_cat":"cs.CR","authors_text":"Alexander Lercher, Christoph Wedenig, Fabian Oraze, Georg Sengstbratl, Johann Glock, Martin Pinzger, Rainer W. Alexandrowicz, Stefan Rass","submitted_at":"2026-05-13T07:12:13Z","abstract_excerpt":"Security often receives insufficient developer attention because it does not directly generate visible value, leading to underinvestment in practice. We evaluate a countermeasure by team-level incentives tied to measurable security improvements over time. Our semi-automated mechanism aggregates static analysis findings from Bearer, Detekt, and mobsfscan, computes security issue density, and rewards teams based on the relative improvement ratio across sprints, enabling repeatable, scriptable reporting at scale.\n  In a controlled course experiment with 84 students across 14 teams, we compared a "},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":true,"formal_links_present":false},"canonical_record":{"source":{"id":"2605.13100","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-13T07:12:13Z","cross_cats_sorted":["cs.SE"],"title_canon_sha256":"1ab30c78dc2aacd3e665bd4e0c850d709c39d5bf095745075d9ca62e3f7fda82","abstract_canon_sha256":"66c0c7d10395460ad942b429dd9bc5e193150ea3d23a3f33b436d7677690d5e1"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T03:08:58.302895Z","signature_b64":"8ryQsuCPIT4JI1xQGD/XuQDgovlSr3aSPDjtK0nCPT7RRAfEx0YVMpb7Df7VLEr/OoBtEc34AGNDRVAdF8zEDw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"298cd3c734cbd4eb3c67515003d5671a9da76bd882a7aae02124ef498d170410","last_reissued_at":"2026-05-18T03:08:58.302194Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T03:08:58.302194Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Security Incentivization: An Empirical Study of how Micropayments Impact Code Security","license":"http://creativecommons.org/licenses/by/4.0/","headline":"Tying team bonuses to improvements in security scanner results reduces code issue density.","cross_cats":["cs.SE"],"primary_cat":"cs.CR","authors_text":"Alexander Lercher, Christoph Wedenig, Fabian Oraze, Georg Sengstbratl, Johann Glock, Martin Pinzger, Rainer W. Alexandrowicz, Stefan Rass","submitted_at":"2026-05-13T07:12:13Z","abstract_excerpt":"Security often receives insufficient developer attention because it does not directly generate visible value, leading to underinvestment in practice. We evaluate a countermeasure by team-level incentives tied to measurable security improvements over time. Our semi-automated mechanism aggregates static analysis findings from Bearer, Detekt, and mobsfscan, computes security issue density, and rewards teams based on the relative improvement ratio across sprints, enabling repeatable, scriptable reporting at scale.\n  In a controlled course experiment with 84 students across 14 teams, we compared a "},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"The treatment group achieved significantly lower security issue density overall (beta regression: β = -0.396, p = 0.0342), indicating improved measurable security under incentivization.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"That static analysis findings from the chosen tools (Bearer, Detekt, mobsfscan) accurately capture meaningful security risks and that student team behavior generalizes to professional developers.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"Linking team bonuses to automated security scan results reduced issue density in a controlled experiment with 84 students across 14 teams.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"Tying team bonuses to improvements in security scanner results reduces code issue density.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"3a9318e5252fb7c953f773234d17d3589b062e4403b34bb930c6fed2b007193b"},"source":{"id":"2605.13100","kind":"arxiv","version":1},"verdict":{"id":"ce813dd7-7469-435f-8744-e319c735b1ff","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-14T19:02:38.224927Z","strongest_claim":"The treatment group achieved significantly lower security issue density overall (beta regression: β = -0.396, p = 0.0342), indicating improved measurable security under incentivization.","one_line_summary":"Linking team bonuses to automated security scan results reduced issue density in a controlled experiment with 84 students across 14 teams.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"That static analysis findings from the chosen tools (Bearer, Detekt, mobsfscan) accurately capture meaningful security risks and that student team behavior generalizes to professional developers.","pith_extraction_headline":"Tying team bonuses to improvements in security scanner results reduces code issue density."},"references":{"count":56,"sample":[{"doi":"","year":2018,"title":"Vipindev Adat, Amrita Dahiya, and B. B. Gupta. Economic incentive based solution against distributed denial of service attacks for IoT customers. In2018 IEEE International Conference on Consumer Elect","work_id":"b58051ee-c81e-46fa-8fed-15d2846b0398","ref_index":1,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2025,"title":"Aikido - Unified Security Platform from Code to Runtime, 2025","work_id":"5430583f-7d70-4d44-b912-465f0bceecc5","ref_index":2,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2006,"title":"Ross J. Anderson and T. Moore. The economics of information security.Science, 314:610 – 613, 2006","work_id":"6c74b8c1-7676-4173-9a9f-0ae481505785","ref_index":3,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"10.1007/s10664-023-10380-1","year":2023,"title":"Owura Asare, Meiyappan Nagappan, and N. Asokan. Is GitHub’s Copilot as bad as humans at introducing vulnerabilities in code?Empirical Softw. Engg., 28(6), September 2023. online: https://doi.org/10.10","work_id":"4c9a74f0-da4c-40be-a585-e5629c1e2d2c","ref_index":4,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2014,"title":"Designing user incentives for cybersecurity","work_id":"8ee2cb52-dcbd-4e59-98c0-6669552e34e9","ref_index":5,"cited_arxiv_id":"","is_internal_anchor":false}],"resolved_work":56,"snapshot_sha256":"a73f1713addd2bf8f57ddd95f62b333d08ab4c7b6f9da8319a551cdb8b9946f7","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2605.13100","created_at":"2026-05-18T03:08:58.302284+00:00"},{"alias_kind":"arxiv_version","alias_value":"2605.13100v1","created_at":"2026-05-18T03:08:58.302284+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.13100","created_at":"2026-05-18T03:08:58.302284+00:00"},{"alias_kind":"pith_short_12","alias_value":"FGGNHRZUZPKO","created_at":"2026-05-18T12:33:37.589309+00:00"},{"alias_kind":"pith_short_16","alias_value":"FGGNHRZUZPKOWPDH","created_at":"2026-05-18T12:33:37.589309+00:00"},{"alias_kind":"pith_short_8","alias_value":"FGGNHRZU","created_at":"2026-05-18T12:33:37.589309+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/FGGNHRZUZPKOWPDHKFIAHVLHDK","json":"https://pith.science/pith/FGGNHRZUZPKOWPDHKFIAHVLHDK.json","graph_json":"https://pith.science/api/pith-number/FGGNHRZUZPKOWPDHKFIAHVLHDK/graph.json","events_json":"https://pith.science/api/pith-number/FGGNHRZUZPKOWPDHKFIAHVLHDK/events.json","paper":"https://pith.science/paper/FGGNHRZU"},"agent_actions":{"view_html":"https://pith.science/pith/FGGNHRZUZPKOWPDHKFIAHVLHDK","download_json":"https://pith.science/pith/FGGNHRZUZPKOWPDHKFIAHVLHDK.json","view_paper":"https://pith.science/paper/FGGNHRZU","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2605.13100&json=true","fetch_graph":"https://pith.science/api/pith-number/FGGNHRZUZPKOWPDHKFIAHVLHDK/graph.json","fetch_events":"https://pith.science/api/pith-number/FGGNHRZUZPKOWPDHKFIAHVLHDK/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/FGGNHRZUZPKOWPDHKFIAHVLHDK/action/timestamp_anchor","attest_storage":"https://pith.science/pith/FGGNHRZUZPKOWPDHKFIAHVLHDK/action/storage_attestation","attest_author":"https://pith.science/pith/FGGNHRZUZPKOWPDHKFIAHVLHDK/action/author_attestation","sign_citation":"https://pith.science/pith/FGGNHRZUZPKOWPDHKFIAHVLHDK/action/citation_signature","submit_replication":"https://pith.science/pith/FGGNHRZUZPKOWPDHKFIAHVLHDK/action/replication_record"}},"created_at":"2026-05-18T03:08:58.302284+00:00","updated_at":"2026-05-18T03:08:58.302284+00:00"}