{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T14:47:16Z","timestamp":1776782836142,"version":"3.51.2"},"publisher-location":"Cham","reference-count":14,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031297854","type":"print"},{"value":"9783031297861","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-29786-1_25","type":"book-chapter","created":{"date-parts":[[2023,4,3]],"date-time":"2023-04-03T12:31:25Z","timestamp":1680525085000},"page":"351-365","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Eliciting Security Requirements \u2013 An Experience Report"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9728-4991","authenticated-orcid":false,"given":"Roman","family":"Trentinaglia","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9133-3350","authenticated-orcid":false,"given":"Sven","family":"Merschjohann","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1269-0702","authenticated-orcid":false,"given":"Markus","family":"Fockel","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9007-9896","authenticated-orcid":false,"given":"Hendrik","family":"Eikerling","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,4,4]]},"reference":[{"key":"25_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"355","DOI":"10.1007\/978-3-030-03673-7_25","volume-title":"Product-Focused Software Process Improvement","author":"M Fockel","year":"2018","unstructured":"Fockel, M., Merschjohann, S., Fazal-Baqaie, M.: Threat analysis in practice \u2013 systematically deriving security requirements. In: Kuhrmann, M., et al. (eds.) PROFES 2018. LNCS, vol. 11271, pp. 355\u2013358. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03673-7_25"},{"key":"25_CR2","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/978-3-030-28005-5_5","volume-title":"Systems, Software and Services Process Improvement","author":"M Fockel","year":"2019","unstructured":"Fockel, M., Merschjohann, S., Fazal-Baqaie, M., F\u00f6rder, T., Hausmann, S., Waldeck, B.: Designing and integrating IEC 62443 compliant threat analysis. In: Walker, A., O\u2019Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 57\u201369. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-28005-5_5"},{"key":"25_CR3","doi-asserted-by":"crossref","unstructured":"Fockel., M., Schubert., D., Trentinaglia., R., Schulz., H., Kirmair., W.: Semi-automatic integrated safety and security analysis for automotive systems. In: Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development - MODELSWARD 2022, pp. 147\u2013154. INSTICC, SciTePress (2022)","DOI":"10.5220\/0010778500003119"},{"key":"25_CR4","unstructured":"ISO\/SAE: ISO\/SAE DIS 21434 Road vehicles - Cybersecurity engineering. Standard 2020. Automotive Security Standard (2020)"},{"key":"25_CR5","doi-asserted-by":"crossref","unstructured":"Scandariato, R., Wuyts, K., Joosen, W.: A descriptive study of microsoft\u2019s threat modeling technique. Requir. Eng. 20(2), 163\u2013180 (2015)","DOI":"10.1007\/s00766-013-0195-2"},{"issue":"4","key":"25_CR6","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1109\/MSEC.2021.3125229","volume":"20","author":"Z Shi","year":"2022","unstructured":"Shi, Z., Graffi, K., Starobinski, D., Matyunin, N.: Threat modeling tools: a taxonomy. IEEE Secur. Priv. 20(4), 29\u201339 (2022)","journal-title":"IEEE Secur. Priv."},{"key":"25_CR7","unstructured":"Shostack, A.: Threat Modeling: Designing for Security. Wiley (2014)"},{"key":"25_CR8","doi-asserted-by":"crossref","unstructured":"Trentinaglia, R.: Deriving model-based safety and security assurance cases from design rationale of countermeasure patterns. In: Proceedings of the 25th International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings, pp. 164\u2013169 (2022)","DOI":"10.1145\/3550356.3558508"},{"key":"25_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"347","DOI":"10.1007\/978-3-030-00761-4_23","volume-title":"Software Architecture","author":"K Tuma","year":"2018","unstructured":"Tuma, K., Scandariato, R.: Two architectural threat analysis techniques compared. In: Cuesta, C.E., Garlan, D., P\u00e9rez, J. (eds.) ECSA 2018. LNCS, vol. 11048, pp. 347\u2013363. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-00761-4_23"},{"key":"25_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1007\/978-3-319-72817-9_4","volume-title":"Computer Security","author":"K Tuma","year":"2018","unstructured":"Tuma, K., Scandariato, R., Widman, M., Sandberg, C.: Towards security threats that matter. In: Katsikas, S.K., et al. (eds.) CyberICPS\/SECPRE -2017. LNCS, vol. 10683, pp. 47\u201362. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-72817-9_4"},{"key":"25_CR11","doi-asserted-by":"crossref","unstructured":"Williams, L., Meneely, A., Shipley, G.: Protection poker: the new software security \u201cgame\u201d. IEEE Secur. Priv. 8(3), 14\u201320 (2010)","DOI":"10.1109\/MSP.2010.58"},{"key":"25_CR12","doi-asserted-by":"publisher","unstructured":"Wohlin, C., Runeson, P., H\u00f6st, M., Ohlsson, M.C., Regnell, B., Wessl\u00e9n, A.: Experimentation in Software Engineering. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29044-2","DOI":"10.1007\/978-3-642-29044-2"},{"key":"25_CR13","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1016\/j.cose.2019.03.010","volume":"84","author":"W Xiong","year":"2019","unstructured":"Xiong, W., Lagerstr\u00f6m, R.: Threat modeling - a systematic literature review. Comput. Secur. 84, 53\u201369 (2019)","journal-title":"Comput. Secur."},{"key":"25_CR14","doi-asserted-by":"crossref","unstructured":"Yskout, K., Heyman, T., Van Landuyt, D., Sion, L., Wuyts, K., Joosen, W.: Threat modeling: from infancy to maturity. In: Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2020, pp. 9\u201312. Association for Computing Machinery, New York, NY, USA (2020)","DOI":"10.1145\/3377816.3381741"}],"container-title":["Lecture Notes in Computer Science","Requirements Engineering: Foundation for Software Quality"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-29786-1_25","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T19:40:35Z","timestamp":1710358835000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-29786-1_25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031297854","9783031297861"],"references-count":14,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-29786-1_25","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"4 April 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"REFSQ","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Working Conference on Requirements Engineering: Foundation for Software Quality","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Barcelona","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 April 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 April 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"refsq2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2023.refsq.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"78","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}