{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,23]],"date-time":"2026-01-23T20:06:13Z","timestamp":1769198773616,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":16,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642137914","type":"print"},{"value":"9783642137921","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-13792-1_15","type":"book-chapter","created":{"date-parts":[[2010,6,15]],"date-time":"2010-06-15T03:33:52Z","timestamp":1276572832000},"page":"176-190","source":"Crossref","is-referenced-by-count":11,"title":["Prioritizing Countermeasures through the Countermeasure Method for Software Security (CM-Sec)"],"prefix":"10.1007","author":[{"given":"Dejan","family":"Baca","sequence":"first","affiliation":[]},{"given":"Kai","family":"Petersen","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"15_CR1","doi-asserted-by":"crossref","unstructured":"Fr\u00fchwirth, C.: On business-driven it security management and mismatches between security requirements in firms, industry standards and research work. In: Proceedings of the 10th International Conference on Product-Focused Software Process Improvement (PROFES 2009), pp. 375\u2013385 (2009)","DOI":"10.1007\/978-3-642-02152-7_28"},{"key":"15_CR2","volume-title":"Software security : building security in","author":"G. McGraw","year":"2006","unstructured":"McGraw, G.: Software security: building security in. Addison-Wesley, Upper Saddle River (2006)"},{"key":"15_CR3","doi-asserted-by":"crossref","unstructured":"Baca, D., Carlsson, B., Lundberg, L.: Evaluating the cost reduction of static code analysis for software security. In: Proceedings of the International Workshop on Programming Languages and Analysis for Security (PLAS 2008), pp. 79\u201388 (2008)","DOI":"10.1145\/1375696.1375707"},{"key":"15_CR4","doi-asserted-by":"crossref","unstructured":"Baca, D., Petersen, K., Carlsson, B., Lundberg, L.: Static code analysis to detect software security vulnerabilities - does experience matter? In: Proceedings of the The 4th International Conference on Availability, Reliability and Security (ARES 2009), pp. 804\u2013810 (2009)","DOI":"10.1109\/ARES.2009.163"},{"key":"15_CR5","unstructured":"Howard, M., LeBlanc, D.: Writing Secure Code. Microsoft Press, Redmond, Washington (2003)"},{"key":"15_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1007\/11962977_19","volume-title":"Critical Information Infrastructures Security","author":"A. Buldas","year":"2006","unstructured":"Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational choice of security measures via multi-parameter attack trees. In: L\u00f3pez, J. (ed.) CRITIS 2006. LNCS, vol.\u00a04347, pp. 235\u2013248. Springer, Heidelberg (2006)"},{"key":"15_CR7","doi-asserted-by":"crossref","unstructured":"Moore, A.P., Ellison, R.J., Linger, R.C.: Attack modeling for information security and survivability. Technical Report Technical Report CMU\/SEI-2001-TN-001, Software Engineering Institute (2001)","DOI":"10.21236\/ADA387544"},{"key":"15_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/11734727_17","volume-title":"Information Security and Cryptology - ICISC 2005","author":"S. Mauw","year":"2006","unstructured":"Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol.\u00a03935, pp. 186\u2013198. Springer, Heidelberg (2006)"},{"issue":"1","key":"15_CR9","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1002\/spip.253","volume":"11","author":"L.O. Damm","year":"2006","unstructured":"Damm, L.O., Lundberg, L., Wohlin, C.: Faults-slip-through - a concept for measuring the efficiency of the test process. Software Process: Improvement and Practice\u00a011(1), 47\u201359 (2006)","journal-title":"Software Process: Improvement and Practice"},{"key":"15_CR10","doi-asserted-by":"crossref","DOI":"10.1201\/b12444","volume-title":"Information security risk analysis","author":"T.R. Peltier","year":"2001","unstructured":"Peltier, T.R.: Information security risk analysis. Auerbach, Boca Raton (2001)"},{"issue":"12","key":"15_CR11","first-page":"21","volume":"24","author":"B. Schneier","year":"1999","unstructured":"Schneier, B.: Attack trees. Dr. Dobb\u2019s Journal\u00a024(12), 21\u201329 (1999)","journal-title":"Dr. Dobb\u2019s Journal"},{"key":"15_CR12","volume-title":"Building secure software: how to avoid security problems the right way","author":"J. Viega","year":"2002","unstructured":"Viega, J., McGraw, G.: Building secure software: how to avoid security problems the right way. Addison-Wesley, Reading (2002)"},{"issue":"4","key":"15_CR13","first-page":"124","volume":"23","author":"V. Saini","year":"2008","unstructured":"Saini, V., Duan, Q., Paruchuri, V.: Threat modeling using attack trees. J. Comput. Small Coll.\u00a023(4), 124\u2013131 (2008)","journal-title":"J. Comput. Small Coll."},{"key":"15_CR14","unstructured":"Hederstierna, A.: Decisions Under Uncertainty - The Usefulness of an Indifference Method for Analysis of Dominance. EFI The Economic Research Institute, Stockholm School of Economics (1981)"},{"key":"15_CR15","doi-asserted-by":"crossref","unstructured":"Kontio, J.: Risk management in software development: A technology overview and the riskit method. In: Proceedings of the IEEE International Conference on Software Engineering (ICSE 1999), pp. 679\u2013680 (1999)","DOI":"10.1145\/302405.302954"},{"issue":"5","key":"15_CR16","doi-asserted-by":"publisher","first-page":"836","DOI":"10.1016\/j.jss.2008.11.841","volume":"82","author":"P. Berander","year":"2009","unstructured":"Berander, P., Svahnberg, M.: Evaluating two ways of calculating priorities in requirements hierarchies - an experiment on hierarchical cumulative voting. Journal of Systems and Software\u00a082(5), 836\u2013850 (2009)","journal-title":"Journal of Systems and Software"}],"container-title":["Lecture Notes in Computer Science","Product-Focused Software Process Improvement"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-13792-1_15.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,23]],"date-time":"2020-11-23T21:43:33Z","timestamp":1606167813000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-13792-1_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642137914","9783642137921"],"references-count":16,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-13792-1_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010]]}}}