{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T23:28:35Z","timestamp":1743031715896,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":31,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642001987"},{"type":"electronic","value":"9783642001994"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-00199-4_12","type":"book-chapter","created":{"date-parts":[[2009,3,26]],"date-time":"2009-03-26T13:26:36Z","timestamp":1238073996000},"page":"135-149","source":"Crossref","is-referenced-by-count":15,"title":["Toward Non-security Failures as a Predictor of Security Faults and Failures"],"prefix":"10.1007","author":[{"given":"Michael","family":"Gegick","sequence":"first","affiliation":[]},{"given":"Pete","family":"Rotella","sequence":"additional","affiliation":[]},{"given":"Laurie","family":"Williams","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"issue":"3","key":"12_CR1","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1016\/j.cose.2006.10.002","volume":"26","author":"O.H. Alhazmi","year":"2006","unstructured":"Alhazmi, O.H., Malaiya, Y.K., Ray, I.: Measuring, analyzing and predicting vulnerabilities in software systems. Computers & Security\u00a026(3), 219\u2013228 (2006)","journal-title":"Computers & Security"},{"issue":"1","key":"12_CR2","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1109\/2.962984","volume":"34","author":"B. Boehm","year":"2001","unstructured":"Boehm, B., Basili, V.: Software Defect Reduction Top 10 List. IEEE Computer\u00a034(1), 135\u2013137 (2001)","journal-title":"IEEE Computer"},{"key":"12_CR3","doi-asserted-by":"crossref","unstructured":"Codon, E., Cukier, M., He, T.: Applying Software Reliability Models on Security Incidents. In: International Symposium on Software Reliability Engineering, Trollhattan, Sweden (2007)","DOI":"10.1109\/ISSRE.2007.2"},{"key":"12_CR4","doi-asserted-by":"crossref","unstructured":"Denaro, G.: Estimating software fault-proneness for tuning testing activities. In: International Conference on Software Engineering, St. Malo, France, pp. 269\u2013280 (2000)","DOI":"10.1145\/337180.337592"},{"key":"12_CR5","unstructured":"Dijkstra, E.: Structured Programming, Brussels, Belgium (1970)"},{"key":"12_CR6","volume-title":"A Handbook of Software and Systems Engineering","author":"A. Endres","year":"2003","unstructured":"Endres, A., Rombach, R.D.: A Handbook of Software and Systems Engineering, Harlow, England. Pearson Education, Limited, London (2003)"},{"key":"12_CR7","unstructured":"Freund, R., Littell, R., Creighton, L.: Regression Using JMP, Cary, NC. SAS Institute, Inc. (2003)"},{"key":"12_CR8","doi-asserted-by":"crossref","unstructured":"Gegick, M., Williams, L.: Toward the Use of Static Analysis Alerts for Early Identification of Vulnerability- and Attack-prone Components. In: First International Workshop on Systems Vulnerabilities (SYVUL 2007), Santa Clara, CA, July 1-6 (2007)","DOI":"10.1109\/ICIMP.2007.46"},{"key":"12_CR9","doi-asserted-by":"crossref","unstructured":"Gegick, M.: Failure-prone Components are also Attack-prone Components. In: OOPSLA - ACM student research competition, Nashville, Tennessee, October 2008, pp. 917\u2013918 (2008)","DOI":"10.1145\/1449814.1449907"},{"key":"12_CR10","doi-asserted-by":"crossref","unstructured":"Gegick, M., Williams, L.: STUDENT PAPER: Ranking Attack-prone Components with a Predictive Model. In: International Symposium on Software Reliability Engineering, Redmond, WA, November 2008, pp. 315\u2013316 (2008)","DOI":"10.1109\/ISSRE.2008.24"},{"key":"12_CR11","doi-asserted-by":"crossref","unstructured":"Gegick, M., Williams, L., Osborne, J., Vouk, M.: Prioritizing Software Security Fortification through Code-Level Security Metrics. In: Workshop on Quality of Protection, Alexandria, VA, pp. 31\u201337 (2008)","DOI":"10.1145\/1456362.1456370"},{"key":"12_CR12","unstructured":"Gegick, M., Williams, L., Vouk, M.: Predictive Models for Identifying Software Components Prone to Failure During Security Attacks (2008) Build Securit In, https:\/\/buildsecurityin.us-cert.gov\/daisy\/bsi\/home.html"},{"key":"12_CR13","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-21606-5","volume-title":"The Elements of Statistical Learning","author":"T. Hastie","year":"2001","unstructured":"Hastie, T., Tibshirani, R., Friedman, J.H.: The Elements of Statistical Learning. Springer, New York (2001)"},{"key":"12_CR14","unstructured":"ISO, ISO\/IEC DIS 14598-1 Information Technology - Software Product Evaluation - Part 1: General Overview (October 28, 1996)"},{"key":"12_CR15","unstructured":"ISO\/IEC 24765 Software and Systems Engineering Vocabulary (2006)"},{"issue":"2","key":"12_CR16","doi-asserted-by":"publisher","first-page":"212","DOI":"10.1142\/S0218194099000140","volume":"9","author":"T.M. Khoshgoftaar","year":"1999","unstructured":"Khoshgoftaar, T.M., Allen, E.B., Naik, A., Jones, W., Hudepohl, J.P.: Using Classification Trees for Software Quality Models: Lessons Learned. International Journal on Software Engineering and Knowledge Engineering\u00a09(2), 212\u2013231 (1999)","journal-title":"International Journal on Software Engineering and Knowledge Engineering"},{"key":"12_CR17","unstructured":"Krsul, I.: Software Vulnerability Analysis, PhD Thesis in Computer Science at Purdue University, West Lafayette (1998)"},{"key":"12_CR18","unstructured":"Mullen, R., Gokhale, S.: A Discrete Lognormal Model for Software Defects Affecting QoP. Quality of Protection, Milan, Italy, September 15 (2005)"},{"key":"12_CR19","unstructured":"Musa, J.D.: Software reliability engineering: More reliable software faster and cheaper, 2nd edn., Bloomington, Indiana, AuthorHouse (2004)"},{"key":"12_CR20","unstructured":"Nagappan, N., Ball, T.: Use of Relative Code Churn Measures to Predict Defect Density. In: International Conference on Software Engineering, St. Louis, MO, May 15-21, 2005, pp. 284\u2013292 (2005)"},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"Neuhaus, S., Zimmermann, T., Holler, C., Zeller, A.: Predicting Vulnerable Software Components. In: Computer and Communications Security, Alexandria, VA, 29 October-2 November 2007, pp. 529\u2013540 (2007)","DOI":"10.1145\/1315245.1315311"},{"key":"12_CR22","doi-asserted-by":"crossref","unstructured":"Ostrand, T.J., Weyuker, E.J., Bell, R.M.: Where the bugs are. In: International Symposium on Software Testing and Analysis, Boston, Massachusetts, pp. 86\u201396 (2004)","DOI":"10.1145\/1007512.1007524"},{"key":"12_CR23","unstructured":"Ozment, A., Schechter, S.: Milk or wine: does software security improve with age? In: 15th Conference on USENIX Security Symposium, July 2006, pp. 93\u2013104 (2006)"},{"issue":"9","key":"12_CR24","doi-asserted-by":"publisher","first-page":"1278","DOI":"10.1109\/PROC.1975.9939","volume":"63","author":"J. Saltzer","year":"1975","unstructured":"Saltzer, J., Schroeder, M.: The Protection of Information in Computer Systems. Proceedings of the IEEE\u00a063(9), 1278\u20131308 (1975)","journal-title":"Proceedings of the IEEE"},{"key":"12_CR25","volume-title":"The Partition Platform","author":"S.A.S. Institute Inc","year":"2003","unstructured":"Institute Inc, S.A.S.: The Partition Platform. SAS Institute, Inc., Cary (2003)"},{"key":"12_CR26","unstructured":"Schroter, A., Zimmermann, T., Zeller, A.: Predicting Component Failures at Design Time. In: International Symposium on Empirical Software Engineering, Rio de Janeiro, Brazil, September 21-22, 2006, pp. 18\u201327 (2006)"},{"key":"12_CR27","doi-asserted-by":"crossref","unstructured":"Shin, Y., Williams, L.: Is Complexity Really the Enemy of Software Security? In: Workshop on Quality of Protection, Alexandria, VA, pp. 47\u201350 (2008)","DOI":"10.1145\/1456362.1456372"},{"key":"12_CR28","volume-title":"Building Secure Software How to Avoid Security Problems the Right Way","author":"J. Viega","year":"2002","unstructured":"Viega, J., McGraw, G.: Building Secure Software How to Avoid Security Problems the Right Way. Addison-Wesley, Boston (2002)"},{"key":"12_CR29","unstructured":"Vouk, M., Tai, K.C.: Some Issues in Multi-Phase Software Reliability Modeling. In: Center for Advanced Studies Conference (CASCON), Toronto, October 1993, pp. 512\u2013523 (1993)"},{"key":"12_CR30","series-title":"San Francisco","volume-title":"Data Mining","author":"I. Witten","year":"2005","unstructured":"Witten, I., Frank, E.: Data Mining, 4th edn. San Francisco. Elsevier, Amsterdam (2005)","edition":"4"},{"issue":"4","key":"12_CR31","doi-asserted-by":"publisher","first-page":"240","DOI":"10.1109\/TSE.2006.38","volume":"32","author":"J. Zheng","year":"2006","unstructured":"Zheng, J., Williams, L., Snipes, W., Nagappan, N., Hudepohl, J., Vouk, M.: On the Value of Static Analysis Tools for Fault Detection. IEEE Transactions on Software Engineering\u00a032(4), 240\u2013253 (2006)","journal-title":"IEEE Transactions on Software Engineering"}],"container-title":["Lecture Notes in Computer Science","Engineering Secure Software and Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-00199-4_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,24]],"date-time":"2023-05-24T16:32:11Z","timestamp":1684945931000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-00199-4_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642001987","9783642001994"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-00199-4_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2009]]}}}