{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,27]],"date-time":"2025-11-27T10:08:37Z","timestamp":1764238117281,"version":"3.40.3"},"publisher-location":"Cham","reference-count":17,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319233178"},{"type":"electronic","value":"9783319233185"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-23318-5_6","type":"book-chapter","created":{"date-parts":[[2015,8,26]],"date-time":"2015-08-26T17:50:33Z","timestamp":1440611433000},"page":"102-119","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["Factors Impacting the Effort Required to Fix Security Vulnerabilities"],"prefix":"10.1007","author":[{"given":"Lotfi","family":"ben Othmane","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Golriz","family":"Chehrazi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eric","family":"Bodden","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Petar","family":"Tsalovski","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Achim D.","family":"Brucker","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Philip","family":"Miseldine","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,8,27]]},"reference":[{"key":"6_CR1","unstructured":"Katzeff, P.: Hacking epidemic spurs security software stocks, February 2015. Investor\u2019s business daily of 02\/19\/2015. http:\/\/news.investors.com\/investing-mutual-funds\/021915-740082-revenues-are-up-for-security-software-firms.htm"},{"key":"6_CR2","series-title":"Addison-Wesley Software Security Series","volume-title":"Software Security: Building Security In","author":"G McGraw","year":"2006","unstructured":"McGraw, G.: Software Security: Building Security In. Addison-Wesley Software Security Series. Pearson Education Inc., Boston (2006)"},{"issue":"4","key":"6_CR3","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/s11623-014-0102-0","volume":"38","author":"R Bachmann","year":"2014","unstructured":"Bachmann, R., Brucker, A.D.: Developing secure software: a holistic approach to security testing. Datenschutz und Datensicherheit (DuD) 38(4), 257\u2013261 (2014)","journal-title":"Datenschutz und Datensicherheit (DuD)"},{"key":"6_CR4","volume-title":"The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software","author":"M Howard","year":"2006","unstructured":"Howard, M., Lipner, S.: The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software. Microsoft Press, CA (2006)"},{"key":"6_CR5","unstructured":"Hamill, M., Goseva-Popstojanova, K.: Software faults fixing effort: Analysis and prediction. Technical report 20150001332, NASA Goddard Space Flight Center, Greenbelt, MD United States, January 2014"},{"issue":"2","key":"6_CR6","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/s10664-008-9064-x","volume":"14","author":"R Hewett","year":"2009","unstructured":"Hewett, R., Kijsanayothin, P.: On modeling software defect repair time. Empirical Softw. Eng. 14(2), 165\u2013186 (2009)","journal-title":"Empirical Softw. Eng."},{"key":"6_CR7","unstructured":"Cornell, D.: Remediation statistics: what does fixing application vulnerabilities cost? In: Proceedings of the RSAConference, San Fransisco, CA, USA, February 2012"},{"issue":"1","key":"6_CR8","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1109\/52.476287","volume":"13","author":"TM Khoshgoftaar","year":"1996","unstructured":"Khoshgoftaar, T.M., Allen, E.B., Kalaichelvan, K.S., Goel, N.: Early quality prediction: a case study in telecommunications. IEEE Softw. 13(1), 65\u201371 (1996)","journal-title":"IEEE Softw."},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"Shin, Y., Williams, L.: Is complexity really the enemy of software security? In: Proceedings of the 4th ACM Workshop on Quality of Protection. QoP 2008, Alexandria, VA, USA, pp. 47\u201350, October 2008","DOI":"10.1145\/1456362.1456372"},{"issue":"3","key":"6_CR10","doi-asserted-by":"publisher","first-page":"294","DOI":"10.1016\/j.sysarc.2010.06.003","volume":"57","author":"I Chowdhury","year":"2011","unstructured":"Chowdhury, I., Zulkernine, M.: Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities. J. Syst. Archit. 57(3), 294\u2013313 (2011). Special Issue on Security and Dependability Assurance of Software Architectures","journal-title":"J. Syst. Archit."},{"key":"6_CR11","unstructured":"Brucker, A.D., Sodan, U.: Deploying static application security testing on a large scale. In: GI Sicherheit 2014. Lecture Notes in Informatics, vol. 228, pp. 91\u2013101, March 2014"},{"key":"6_CR12","volume-title":"Case Study Research: Design and Methods","author":"RK Yin","year":"1984","unstructured":"Yin, R.K.: Case Study Research: Design and Methods. Sage Publications, Beverly Hills (1984)"},{"key":"6_CR13","unstructured":"Jacob, S.A., Furgerson, S.P.: Writing interview protocols and conducting interviews: tips for students new to the field of qualitative research. Qual. Rep. 17(42), Article no. 6, 1\u201310, October 2012"},{"key":"6_CR14","unstructured":"Brikci, N., Green, J.: A guide to using qualitative research methodology, February 2007. http:\/\/www.alnap.org\/resource\/13024"},{"key":"6_CR15","volume-title":"The Coding Manual for Qualitative Researchers","author":"J Saldana","year":"2009","unstructured":"Saldana, J.: The Coding Manual for Qualitative Researchers. SAGE Publications Ltd, London (2009)"},{"key":"6_CR16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29044-2","volume-title":"Experimentation in Software Engineering","author":"C Wohlin","year":"2012","unstructured":"Wohlin, C., Runeson, P., Host, M., Ohlsson, M., Regnell, B., Wesslen, A.: Experimentation in Software Engineering. Springer, Berlin (2012)"},{"issue":"4","key":"6_CR17","doi-asserted-by":"publisher","first-page":"557","DOI":"10.1109\/32.799955","volume":"25","author":"C Seaman","year":"1999","unstructured":"Seaman, C.: Qualitative methods in empirical studies of software engineering. IEEE Trans. Softw. Eng. 25(4), 557\u2013572 (1999)","journal-title":"IEEE Trans. Softw. Eng."}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-23318-5_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,2,21]],"date-time":"2023-02-21T08:09:32Z","timestamp":1676966972000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-23318-5_6"}},"subtitle":["An Industrial Case Study"],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319233178","9783319233185"],"references-count":17,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-23318-5_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"27 August 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}