{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,5]],"date-time":"2025-07-05T13:10:09Z","timestamp":1751721009103,"version":"3.41.0"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319952758"},{"type":"electronic","value":"9783319952765"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-95276-5_5","type":"book-chapter","created":{"date-parts":[[2018,6,29]],"date-time":"2018-06-29T13:30:22Z","timestamp":1530279022000},"page":"58-74","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["CodeTrust"],"prefix":"10.1007","author":[{"given":"Christian Damsgaard","family":"Jensen","sequence":"first","affiliation":[]},{"given":"Michael B\u00f8ndergaard","family":"Nielsen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,6,30]]},"reference":[{"key":"5_CR1","unstructured":"The heartbleed bug. http:\/\/heartbleed.com\/"},{"key":"5_CR2","doi-asserted-by":"crossref","unstructured":"Amoroso, E., Taylor, C., Watson, J., Weiss, J.: A process-oriented methodology for assessing and improving software trustworthiness. In: Proceedings of the 2nd ACM Conference on Computer and Communications Security, pp. 39\u201350 (1994)","DOI":"10.1145\/191177.191188"},{"key":"5_CR3","unstructured":"Avizienis, A., Laprie, J.C., Randell, B.: Fundamental concepts of dependability. In: Proceedings of the 3rd IEEE Information Survivability Workshop (2000)"},{"key":"5_CR4","unstructured":"Black Duck: Open Hub. https:\/\/www.openhub.net\/"},{"key":"5_CR5","unstructured":"Carp, J.: robobrowser. https:\/\/github.com\/jmcarp\/robobrowser"},{"key":"5_CR6","unstructured":"Cerrudo, C.: Why the Shellshock Bug is Worse than Heartbleed. MIT Technology Review, Cambridge (2014)"},{"key":"5_CR7","unstructured":"Commission of the European Communities: Information Technology Security Evaluation Criteria (ITSEC): Preliminary Harmonised Criteria"},{"key":"5_CR8","unstructured":"Common Vulnerability Scoring System SIG: The Common Vulnerability Scoring System (CVSS). https:\/\/www.first.org\/cvss\/"},{"key":"5_CR9","doi-asserted-by":"crossref","unstructured":"Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, The Internet Engineering Task Force (2008)","DOI":"10.17487\/rfc5246"},{"key":"5_CR10","unstructured":"Fitzpatrick, J.: Applying the ABC metric to C, C++, and Java. In: More c++ Gems, pp. 245\u2013264. Cambridge University Press, New York (2000). Originally published in C++ Report, June 1997"},{"key":"5_CR11","volume-title":"Elements of Software Science (Operating and Programming Systems Series)","author":"MH Halstead","year":"1977","unstructured":"Halstead, M.H.: Elements of Software Science (Operating and Programming Systems Series). Elsevier Science Inc., New York (1977)"},{"key":"5_CR12","unstructured":"ISO\/IEC 15408: Common Criteria for Information Technology Security Evaluation"},{"issue":"10","key":"5_CR13","doi-asserted-by":"publisher","first-page":"613","DOI":"10.1145\/362375.362389","volume":"16","author":"BW Lampson","year":"1973","unstructured":"Lampson, B.W.: A note on the confinement problem. Commun. ACM 16(10), 613\u2013615 (1973)","journal-title":"Commun. ACM"},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"Mohammadi, N.G., Sachar Paulus, M.B., Metzger, A., Koennecke, H., Hartenstein, S., Pohl, K.: An analysis of software quality attributes and their contribution to trustworthiness. In: Proceedings of the 3rd International Conference on Cloud Computing and Services Science, Closer 2013, vol. 3, no. 3, pp. 542\u2013552 (2013)","DOI":"10.5220\/0004502705420552"},{"key":"5_CR15","unstructured":"Nielsen, M.B.: Quality and IT security assessment of open source software projects. M.Sc. thesis, DTU Compute, Technical University of Denmark (2017)"},{"key":"5_CR16","unstructured":"NIST: National vulnerability database. https:\/\/nvd.nist.gov\/"},{"key":"5_CR17","unstructured":"Pauli, D.: It\u2019s 2017 and 200,000 services still have unpatched heartbleeds. https:\/\/www.theregister.co.uk\/2017\/01\/23\/heartbleed_2017\/"},{"issue":"6","key":"5_CR18","doi-asserted-by":"publisher","first-page":"437","DOI":"10.1145\/390016.808467","volume":"10","author":"B Randell","year":"1975","unstructured":"Randell, B.: System structure for software fault tolerance. SIGPLAN Not. 10(6), 437\u2013449 (1975)","journal-title":"SIGPLAN Not."},{"key":"5_CR19","doi-asserted-by":"crossref","unstructured":"Seggelmann, R., Tuexen, M., Williams, M.: Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension. RFC 6520, The Internet Engineering Task Force (2012)","DOI":"10.17487\/rfc6520"},{"key":"5_CR20","unstructured":"The Department of Defense (DoD): Trusted Computer System Evaluation Criteria (TCSEC), TCSEC Rainbow Series Library, Orange Book"},{"key":"5_CR21","unstructured":"The MITRE Corporation: Common vulnerabilities and exposures. https:\/\/cve.mitre.org\/"},{"key":"5_CR22","unstructured":"The MITRE Corporation: Common Weakness Enumeration (CWE). http:\/\/cwe.mitre.org\/about\/index.html"},{"issue":"8","key":"5_CR23","doi-asserted-by":"publisher","first-page":"761","DOI":"10.1145\/358198.358210","volume":"27","author":"K Thompson","year":"1984","unstructured":"Thompson, K.: Reflections on trusting trust. Commun. ACM 27(8), 761\u2013763 (1984)","journal-title":"Commun. ACM"},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"Wang, J.A., Wang, H., Guo, M., Xia, M.: Security metrics for software systems. In: Proceedings of the 47th Annual Southeast Regional Conference, no. 47, pp. 1\u20136 (2009)","DOI":"10.1145\/1566445.1566509"}],"container-title":["IFIP Advances in Information and Communication Technology","Trust Management XII"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-95276-5_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,5]],"date-time":"2025-07-05T12:38:56Z","timestamp":1751719136000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-95276-5_5"}},"subtitle":["Trusting Software Systems"],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319952758","9783319952765"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-95276-5_5","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"30 June 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"IFIPTM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on Trust Management","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toronto, ON","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Canada","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 July 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ifiptm2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sites.uoit.ca\/ifiptm2018\/index.php","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}