{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T04:11:59Z","timestamp":1748664719221,"version":"3.41.0"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319253596"},{"type":"electronic","value":"9783319253602"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-25360-2_8","type":"book-chapter","created":{"date-parts":[[2015,10,7]],"date-time":"2015-10-07T06:23:32Z","timestamp":1444199012000},"page":"91-102","source":"Crossref","is-referenced-by-count":3,"title":["Evidence-Based Trustworthiness of Internet-Based Services Through Controlled Software Development"],"prefix":"10.1007","author":[{"given":"Francesco","family":"Di Cerbo","sequence":"first","affiliation":[]},{"given":"Nazila","family":"Gol Mohammadi","sequence":"additional","affiliation":[]},{"given":"Sachar","family":"Paulus","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,11,6]]},"reference":[{"key":"8_CR1","doi-asserted-by":"crossref","unstructured":"Amoroso, E., Taylor, C., Watson, J., Weiss, J.: A process-oriented methodology for assessing and improving software trustworthiness. In Proceedings of the 2nd ACM Conference on Computer and Communications Security, CCS 1994, pp. 39\u201350. ACM, New York (1994)","DOI":"10.1145\/191177.191188"},{"key":"8_CR2","unstructured":"BSIMM-V. The Building Security In Maturity Model. http:\/\/www.bsimm.com\/"},{"issue":"2","key":"8_CR3","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1109\/MSP.2011.40","volume":"9","author":"B Chess","year":"2011","unstructured":"Chess, B., Arkin, B.: Software security in practice. IEEE Secur. Priv. 9(2), 89\u201392 (2011)","journal-title":"IEEE Secur. Priv."},{"key":"8_CR4","doi-asserted-by":"crossref","unstructured":"G. Chisholm, J. Gannon, R. Kemmerer, and J. McHugh. Peer review of the trusted software methodology. Technical report, Argonne National Laboratory, IL, USA, February 1994","DOI":"10.2172\/10138004"},{"key":"8_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1007\/978-3-642-30241-1_10","volume-title":"The Future Internet","author":"F Cerbo Di","year":"2012","unstructured":"Di Cerbo, F., Bezzi, M., Kaluvuri, S.P., Sabetta, A., Trabelsi, S., Lotz, V.: Towards a trustworthy service marketplace for the future internet. In: \u00c1lvarez, F., Cleary, F., Daras, P., Domingue, J., Galis, A., Garcia, A., Gavras, A., Karnourskos, S., Krco, S., Li, M.-S., Lotz, V., M\u00fcller, H., Salvadori, E., Sassen, A.-M., Schaffers, H., Stiller, B., Tselentis, G., Turkama, P., Zahariadis, T. (eds.) FIA 2012. LNCS, vol. 7281, pp. 105\u2013116. Springer, Heidelberg (2012)"},{"key":"8_CR6","doi-asserted-by":"crossref","unstructured":"Di Cerbo, F., Kaluvuri, S.P., Motte, F., Nasser, B., Chen, W., Short, S.: Towards a linked data vocabulary for the certification of software properties. In: 2014 International Conference on Signal-Image Technology & Internet-Based Systems (SITIS), pp. 721\u2013727. IEEE (2014)","DOI":"10.1109\/SITIS.2014.29"},{"key":"8_CR7","volume-title":"Software Metrics: A Rigorous and Practical Approach","author":"NE Fenton","year":"1998","unstructured":"Fenton, N.E., Pfleeger, S.L.: Software Metrics: A Rigorous and Practical Approach. PWS Publishing Co., Boston (1998)"},{"key":"8_CR8","volume-title":"Software Metrics: Establishing a Company-Wide Program","author":"RB Grady","year":"1987","unstructured":"Grady, R.B., Caswell, D.L.: Software Metrics: Establishing a Company-Wide Program. Prentice Hall, Upper Saddle River (1987)"},{"key":"8_CR9","unstructured":"International Organization for Standardization. ISO\/IEC 15408\u20131:2009 - Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model (SSE-CMM). http:\/\/www.iso.org"},{"key":"8_CR10","unstructured":"International Organization for Standardization. ISO\/IEC 21827 - Information technology - Security techniques - Systems Security Engineering - Capability Maturity Model (SSE-CMM). http:\/\/www.iso.org"},{"key":"8_CR11","unstructured":"International Organization for Standardization. Iso\/iec 27001:2013- information technology - security techniques - information security management systems - requirements. http:\/\/www.iso.org"},{"key":"8_CR12","volume-title":"Design for Trustworthy Software: Tools, Techniques, and Methodology of Developing Robust Software","author":"BK Jayaswal","year":"2006","unstructured":"Jayaswal, B.K., Patton, P.C.: Design for Trustworthy Software: Tools, Techniques, and Methodology of Developing Robust Software. Pearson Education, Upper Saddle River (2006)"},{"key":"8_CR13","unstructured":"Josey, A.: TOGAF Version 9.1 Enterprise Edition. An Introduction. Technical report, The Open Group (2011)"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Lipner, S.: The trustworthy computing security development lifecycle. In Proceedings of the 20th Annual Computer Security Applications Conference, ACSAC 2004, pp. 2\u201313. IEEE Computer Society, Washington (2004)","DOI":"10.1109\/CSAC.2004.41"},{"key":"8_CR15","doi-asserted-by":"crossref","unstructured":"Lotz, V., Kaluvuri, S.P., Di Cerbo, F., Sabetta, A.: Towards security certification schemas for the internet of services. In: 2012 5th International Conference on New Technologies, Mobility and Security (NTMS), pp. 1\u20135. IEEE (2012)","DOI":"10.1109\/NTMS.2012.6208771"},{"key":"8_CR16","volume-title":"Software Security: Building Security In","author":"G McGraw","year":"2006","unstructured":"McGraw, G.: Software Security: Building Security In. Addison-Wesley Professional, New York (2006)"},{"key":"8_CR17","unstructured":"Meland, P., Ardi, S., Jensen, J., Rios, E., Sanchez, T., Shahmehri, N., Tondel, I.: An architectural foundation for security model sharing and reuse. In: International Conference on Availability, Reliability and Security, 2009, ARES 2009, pp. 823\u2013828, March 2009"},{"key":"8_CR18","unstructured":"Microsoft. Security Development Lifecycle. http:\/\/www.microsoft.com\/security\/sdl\/default.aspx"},{"key":"8_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"206","DOI":"10.1007\/978-3-319-08593-7_14","volume-title":"Trust and Trustworthy Computing","author":"NG Mohammadi","year":"2014","unstructured":"Mohammadi, N.G., Bandyszak, T., Paulus, S., Meland, P.H., Weyer, T., Pohl, K.: Extending development methodologies with trustworthiness-by-design for socio-technical systems. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 206\u2013207. Springer, Heidelberg (2014)"},{"key":"8_CR20","series-title":"Communications in Computer and Information Science","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1007\/978-3-319-14224-1_2","volume-title":"Cloud Computing and Services Science","author":"NG Mohammadi","year":"2014","unstructured":"Mohammadi, N.G., Paulus, S., Bishr, M., Metzger, A., K\u00f6nnecke, H., Hartenstein, S., Weyer, T., Pohl, K.: Trustworthiness attributes and metrics for engineering trusted internet-based software systems. In: Helfert, M., Desprez, F., Ferguson, D., Leymann, F. (eds.) CLOSER 2013. CCIS, vol. 453, pp. 19\u201335. Springer, Heidelberg (2014)"},{"key":"8_CR21","doi-asserted-by":"crossref","unstructured":"Neto, A.A., Vieira, M.: Untrustworthiness: a trust-based security metric. In: 2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 123\u2013126. IEEE (2009)","DOI":"10.1109\/CRISIS.2009.5411967"},{"key":"8_CR22","unstructured":"Open Web Application Security Project (OWASP). CLASP Project (Comprehensive, Light-weight Application Security Process). https:\/\/www.owasp.org\/index.php\/Category:OWASP_CLASP_Project"},{"key":"8_CR23","unstructured":"OPTET Consortium. Initial concepts and abstractions to model trustworthiness. Project Deliverable D3.1, OPTET Consortium (2013). http:\/\/www.optet.eu"},{"key":"8_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/978-3-642-40779-6_23","volume-title":"Communications and Multimedia Security","author":"S Paulus","year":"2013","unstructured":"Paulus, S., Mohammadi, N.G., Weyer, T.: Trustworthy software development. In: De Decker, B., Dittmann, J., Kraetzer, C., Vielhauer, C. (eds.) CMS 2013. LNCS, vol. 8099, pp. 233\u2013247. Springer, Heidelberg (2013)"},{"issue":"1","key":"8_CR25","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1016\/S1353-4858(09)70008-X","volume":"2009","author":"B Potter","year":"2009","unstructured":"Potter, B.: Microsoft SDL threat modelling tool. Netw. Secur. 2009(1), 15\u201318 (2009)","journal-title":"Netw. Secur."},{"issue":"2","key":"8_CR26","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1109\/MC.2006.58","volume":"39","author":"D Schmidt","year":"2006","unstructured":"Schmidt, D.: Guest editor\u2019s introduction: model-driven engineering. Computer 39(2), 25\u201331 (2006)","journal-title":"Computer"},{"key":"8_CR27","unstructured":"SHIELDS. Detecting known security vulnerabilities from within design and development tools. http:\/\/www.shields-project.eu\/"},{"key":"8_CR28","volume-title":"Software Engineering","author":"I Sommerville","year":"2010","unstructured":"Sommerville, I.: Software Engineering, 9th edn. Addison-Wesley, Harlow (2010)","edition":"9"},{"key":"8_CR29","series-title":"Human-Computer Interaction Series","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1007\/1-4020-4113-6_5","volume-title":"Human-Centered Software Engineering Integrating Usability in the Software Development Lifecycle","author":"A Sutcliffe","year":"2005","unstructured":"Sutcliffe, A.: Convergence or competition between software engineering and human computer interaction. In: Seffah, A., Gulliksen, J., Desmarais, M. (eds.) Human-Centered Software Engineering Integrating Usability in the Software Development Lifecycle. HCIS, vol. 8, pp. 71\u201384. Springer, Netherlands (2005)"},{"key":"8_CR30","doi-asserted-by":"publisher","unstructured":"Van Solingen, R., Basili, V., Caldiera, G., Rombach, H.D.: Goal Question Metric (GQM) Approach. In: Encyclopedia of Software Engineering, John Wiley & Sons, Inc. (2002). doi: 10.1002\/0471028959.sof142","DOI":"10.1002\/0471028959.sof142"},{"key":"8_CR31","doi-asserted-by":"crossref","unstructured":"Wallnau, K.: Software component certification: 10 useful distinctions. Technical note. Carnegie Mellon University, Software Engineering Institute (2004)","DOI":"10.21236\/ADA430991"},{"key":"8_CR32","doi-asserted-by":"crossref","unstructured":"Weigert, T.: Practical experiences in using model-driven engineering to develop trustworthy computing systems. In: IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC 2006), 5\u20137 June 2006, pp. 208\u2013217, Taichung, Taiwan (2006)","DOI":"10.1109\/SUTC.2006.1636178"},{"key":"8_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"389","DOI":"10.1007\/978-3-642-01680-6_35","volume-title":"Trustworthy Software Development Processes","author":"Y Yang","year":"2009","unstructured":"Yang, Y., Wang, Q., Li, M.: Process trustworthiness as a capability indicator for measuring and improving software trustworthiness. In: Wang, Q., Garousi, V., Madachy, R., Pfahl, D. (eds.) ICSP 2009. LNCS, vol. 5543, pp. 389\u2013401. Springer, Heidelberg (2009)"}],"container-title":["Communications in Computer and Information Science","Cyber Security and Privacy"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-25360-2_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,30]],"date-time":"2025-05-30T22:55:58Z","timestamp":1748645758000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-25360-2_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319253596","9783319253602"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-25360-2_8","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2015]]}}}