{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T16:57:49Z","timestamp":1775321869001,"version":"3.50.1"},"reference-count":41,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2013,10,18]],"date-time":"2013-10-18T00:00:00Z","timestamp":1382054400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Software Qual J"],"published-print":{"date-parts":[[2015,3]]},"DOI":"10.1007\/s11219-013-9223-1","type":"journal-article","created":{"date-parts":[[2013,10,17]],"date-time":"2013-10-17T00:38:14Z","timestamp":1381970294000},"page":"29-54","source":"Crossref","is-referenced-by-count":6,"title":["Security quality model: an extension of Dromey\u2019s model"],"prefix":"10.1007","volume":"23","author":[{"given":"Saad","family":"Zafar","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Misbah","family":"Mehboob","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Asma","family":"Naveed","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bushra","family":"Malik","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2013,10,18]]},"reference":[{"issue":"3","key":"9223_CR1","first-page":"166","volume":"6","author":"RE Al-Qutaish","year":"2010","unstructured":"Al-Qutaish, R. E. (2010). Quality models in software engineering literature: An analytical and comparative study. Journal of American Science, 6(3), 166\u2013175.","journal-title":"Journal of American Science"},{"key":"9223_CR2","volume-title":"Security engineering: A guide to building dependable distributed systems","author":"R Anderson","year":"2008","unstructured":"Anderson, R. (2008). Security engineering: A guide to building dependable distributed systems (2nd ed.). London: Wiley.","edition":"2"},{"key":"9223_CR3","unstructured":"Avizienis, A., Laprie, J.-C., & Randell, B. (2000). Fundamental concepts of dependability. In Proceedings of 3rd information survivability workshop, pp. 7\u201312."},{"key":"9223_CR4","unstructured":"Balfanz, D., & Simon, D. R. (2000). WindowBox: A simple security model for the connected desktop. Paper presented at the proceedings of the 4th conference on USENIX windows systems symposium, Vol. 4, Seattle."},{"key":"9223_CR5","doi-asserted-by":"crossref","unstructured":"Barbacci, M., Klein, M. H., Longstaff, T. A., & Weinstock, C. B. (1995). Quality attributes. Technical report CMU\/SEI-95-TR-021, ESC-TR-95-021.","DOI":"10.21236\/ADA307888"},{"key":"9223_CR6","unstructured":"Bell, D., & Lapadula, L. (1976). Secure computer system: Unified exposition and MULTICS interpretation. http:\/\/csrc.nist.gov\/publications\/history\/bell76.pdf ."},{"key":"9223_CR7","unstructured":"Biba (1977). Integrity Considerations for secure computer systems. MITRE Co., technical report ESD-TR 76-372."},{"key":"9223_CR8","volume-title":"Characteristics of software quality","author":"BW Boehm","year":"1978","unstructured":"Boehm, B. W. (1978). Characteristics of software quality. Amsterdam: North-Holland Pub Co."},{"key":"9223_CR9","doi-asserted-by":"crossref","unstructured":"Brewer, D. F. C., & Nash, M. J. (1989). The Chinese Wall security policy. In Security and privacy, Proceedings of IEEE symposium on, 1\u20133 May 1989, pp. 206\u2013214. doi: 10.1109\/secpri.1989.36295 .","DOI":"10.1109\/SECPRI.1989.36295"},{"key":"9223_CR10","unstructured":"Brito, I., Moreira, A., & Ara\u00fajo, J. (2002). A requirements model for quality attributes. In Proceedings of early aspects: Aspect-oriented requirements engineering and architecture design, Amsterdam."},{"key":"9223_CR11","doi-asserted-by":"crossref","unstructured":"Buehrer, G., Weide, B. W., & Sivilotti, P. A. G. (2005). Using parse tree validation to prevent SQL injection attacks. Paper presented at the proceedings of the 5th international workshop on software engineering and middleware, Lisbon.","DOI":"10.1145\/1108473.1108496"},{"issue":"2","key":"9223_CR12","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1109\/32.345830","volume":"21","author":"RG Dromey","year":"1995","unstructured":"Dromey, R. G. (1995). A model for software product quality. Software Engineering, IEEE Transactions on, 21(2), 146\u2013162. doi: 10.1109\/32.345830 .","journal-title":"Software Engineering, IEEE Transactions on"},{"issue":"1","key":"9223_CR13","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1109\/52.476284","volume":"13","author":"RG Dromey","year":"1996","unstructured":"Dromey, R. G. (1996). Cornering the Chimera [software quality]. Software, IEEE, 13(1), 33\u201343. doi: 10.1109\/52.476284 .","journal-title":"Software, IEEE"},{"issue":"3","key":"9223_CR14","doi-asserted-by":"crossref","first-page":"224","DOI":"10.1145\/501978.501980","volume":"4","author":"DF Ferraiolo","year":"2001","unstructured":"Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., & Chandramouli, R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 4(3), 224\u2013274. doi: 10.1145\/501978.501980 .","journal-title":"ACM Transactions on Information and System Security"},{"key":"9223_CR15","doi-asserted-by":"crossref","DOI":"10.21236\/ADA421683","volume-title":"Common concepts underlying safety, security, and survivability engineering","author":"DG Firesmith","year":"2003","unstructured":"Firesmith, D. G. (2003). Common concepts underlying safety, security, and survivability engineering. Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University."},{"issue":"1","key":"9223_CR16","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1109\/MS.2003.1159027","volume":"20","author":"X Franch","year":"2003","unstructured":"Franch, X., & Carvallo, J. P. (2003). Using quality models in software package selection. Software, IEEE, 20(1), 34\u201341. doi: 10.1109\/ms.2003.1159027 .","journal-title":"Software, IEEE"},{"issue":"3","key":"9223_CR17","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1145\/636772.636774","volume":"46","author":"LA Gordon","year":"2003","unstructured":"Gordon, L. A., Loeb, M. P., & Sohail, T. (2003). A framework for using insurance for cyber-risk management. Communications of the ACM, 46(3), 81\u201385. doi: 10.1145\/636772.636774 .","journal-title":"Communications of the ACM"},{"key":"9223_CR18","volume-title":"Software metrics: Establishing a company-wide program","author":"RB Grady","year":"1987","unstructured":"Grady, R. B., & Caswell, D. L. (1987). Software metrics: Establishing a company-wide program. New York: Prentice-Hall Inc."},{"key":"9223_CR19","doi-asserted-by":"crossref","unstructured":"Hofheinz, D., & Unruh, D. (2008). Towards key-dependent message security in the standard model. Paper presented at the proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology, Istanbul.","DOI":"10.1007\/978-3-540-78967-3_7"},{"key":"9223_CR20","volume-title":"19 Deadly sins of software security","author":"M Howard","year":"2006","unstructured":"Howard, M., LeBlanc, D., & Viega, J. (2006). 19 Deadly sins of software security. New York City: McGraw-Hill Inc."},{"key":"9223_CR21","unstructured":"ISO-9126, I. I. S. (1991). Software product evaluation\u2013quality characteristics and guidelines for their use."},{"key":"9223_CR22","unstructured":"Jamwal, D. (2010). Analysis of software quality models for organizations. International Journal of Latest Trends in Computing, 1(2)."},{"key":"9223_CR23","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1007\/0-306-47374-7_7","volume-title":"Advances in digital government, advances in database systems","author":"JD Joshi","year":"2002","unstructured":"Joshi, J. D., Ghafoor, A., Aref, W., & Spafford, E. (2002). Security and privacy challenges of a digital government. In W. McIver Jr & A. Elmagarmid (Eds.), Advances in digital government, advances in database systems (Vol. 26, pp. 121\u2013136). Berlin: Springer."},{"issue":"4","key":"9223_CR24","doi-asserted-by":"crossref","first-page":"105","DOI":"10.1049\/sej.1987.0014","volume":"2","author":"B Kitchenham","year":"1987","unstructured":"Kitchenham, B. (1987). Towards a constructive quality model. Part 1: Software quality modelling, measurement and prediction. Software Engineering Journal, 2(4), 105\u2013126. doi: 10.1049\/sej:19870014 .","journal-title":"Software Engineering Journal"},{"key":"9223_CR25","doi-asserted-by":"crossref","unstructured":"Kraemer, S., & Carayon, P. (2007). Human errors and violations in computer and information security: The viewpoint of network administrators and security specialists. Applied Ergonomics, 38(2), 143\u2013154. doi: http:\/\/dx.doi.org\/10.1016\/j.apergo.2006.03.010 .","DOI":"10.1016\/j.apergo.2006.03.010"},{"issue":"1","key":"9223_CR26","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1109\/MSP.2006.27","volume":"4","author":"N Kshetri","year":"2006","unstructured":"Kshetri, N. (2006). The simple economics of cybercrimes. Security & Privacy, IEEE, 4(1), 33\u201339. doi: 10.1109\/msp.2006.27 .","journal-title":"Security & Privacy, IEEE"},{"key":"9223_CR27","doi-asserted-by":"crossref","unstructured":"Landwehr, C. E., Heitmeyer, C. L., & McLean, J. D. (2001). A security model for military message systems: retrospective. In Computer security applications conference, 2001. ACSAC 2001. Proceedings 17th annual, 10\u201314 Dec. 2001, pp. 174\u2013190. doi: 10.1109\/acsac.2001.991535 .","DOI":"10.1109\/ACSAC.2001.991535"},{"key":"9223_CR28","doi-asserted-by":"crossref","unstructured":"Lodderstedt, T., Basin, D. A., & Doser, J. (2002). SecureUML: A UML-based modeling language for model-driven security. Paper presented at the proceedings of the 5th international conference on the unified modeling language.","DOI":"10.1007\/3-540-45800-X_33"},{"key":"9223_CR29","unstructured":"McCall, J. A., Richards, P. G., & Walters, G. F. (1977). Factors in software quality. AD-A049-014, 015, 055 (Vol. 1\u20133). Springfield, VA: NTIS."},{"key":"9223_CR30","unstructured":"McGraw, G. (2006). Software security. In Building security in. Boston: IEEE security and Privacy."},{"key":"9223_CR31","doi-asserted-by":"crossref","DOI":"10.4018\/978-1-59904-147-6","volume-title":"Integrating security and software engineering: Advances and future visions","author":"H Mouratidis","year":"2007","unstructured":"Mouratidis, H., & Giorgini, P. (2007). Integrating security and software engineering: Advances and future visions. Hershey, PA: Idea Group Pub."},{"key":"9223_CR32","doi-asserted-by":"crossref","unstructured":"Mouratidis, H., Giorgini, P., & Manson, G. (2005). When security meets software engineering: A case of modelling secure information systems. Information Systems, 30(8), 609\u2013629. doi: http:\/\/dx.doi.org\/10.1016\/j.is.2004.06.002 .","DOI":"10.1016\/j.is.2004.06.002"},{"key":"9223_CR33","unstructured":"Nagaratnam, N., Janson, P., Dayka, J., Nadalin, A., Siebenlist, F., Welch, V., et al. (2004). The security architecture for open grid services. Paper presented at the global grid forum recommendation draft."},{"key":"9223_CR34","unstructured":"Ortega, M., P\u00e9rez, M., & Rojas, T. (2000). A model for software product quality with a systemic focus. In Proceedings of 4th world multi conference on systemic, cybernetics and informatics SCI 2000 and In proceedings of 6th international conference on information systems, analysis and synthesis ISAS 2000, Orlando, FL, pp. 395\u2013401."},{"issue":"3","key":"9223_CR35","doi-asserted-by":"crossref","first-page":"219","DOI":"10.1023\/A:1025166710988","volume":"11","author":"M Ortega","year":"2003","unstructured":"Ortega, M., P\u00e9rez, M., & Rojas, T. (2003). Construction of a systemic quality model for evaluating a software product. Software Quality Control, 11(3), 219\u2013242. doi: 10.1023\/a:1025166710988 .","journal-title":"Software Quality Control"},{"issue":"4","key":"9223_CR36","doi-asserted-by":"crossref","first-page":"373","DOI":"10.3844\/jcssp.2006.373.381","volume":"2","author":"A Rawashdeh","year":"2006","unstructured":"Rawashdeh, A., & Matalkah, B. (2006). A new software quality model for evaluating COTS components. Journal of Computer Science, 2(4), 373\u2013381.","journal-title":"Journal of Computer Science"},{"key":"9223_CR37","doi-asserted-by":"crossref","unstructured":"Sidiroglou, S., Giovanidis, G., & Keromytis, A. D. (2005). A dynamic mechanism for recovering from buffer overflow attacks. Paper presented at the Proceedings of the 8th international conference on Information Security, Singapore.","DOI":"10.1007\/11556992_1"},{"key":"9223_CR38","unstructured":"Tawfik, S. M., Abd-Elghany, M. M., & Green, S. (2007). A software cost estimation model based on quality characteristics. Paper presented at the proceedings of workshop on measuring requirements for project and product success (MeReP \u201807), Palma de Mallorca."},{"issue":"4","key":"9223_CR39","doi-asserted-by":"crossref","first-page":"1","DOI":"10.5121\/ijsea.2011.2406","volume":"2","author":"AB Tomar","year":"2011","unstructured":"Tomar, A. B., & Thakare, V. M. (2011). A systematic study of software quality models. International Journal of Software Engineering & Applications, 2(4), 1\u201361.","journal-title":"International Journal of Software Engineering & Applications"},{"key":"9223_CR40","unstructured":"Wang, C., & Wulf, W. A. (1997). A framework for security measurement. In Proceedings of the national information systems security conference (NISSC), Baltimore, MD, pp. 522\u2013533."},{"key":"9223_CR41","volume-title":"An overview of common programming security vulnerabilities and possible solutions","author":"Y Younan","year":"2003","unstructured":"Younan, Y. (2003). An overview of common programming security vulnerabilities and possible solutions. Belgium: Vrije Universiteit Brussel."}],"container-title":["Software Quality Journal"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11219-013-9223-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11219-013-9223-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11219-013-9223-1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,7,30]],"date-time":"2019-07-30T18:37:56Z","timestamp":1564511876000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11219-013-9223-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,10,18]]},"references-count":41,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2015,3]]}},"alternative-id":["9223"],"URL":"https:\/\/doi.org\/10.1007\/s11219-013-9223-1","relation":{},"ISSN":["0963-9314","1573-1367"],"issn-type":[{"value":"0963-9314","type":"print"},{"value":"1573-1367","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,10,18]]}}}