{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,16]],"date-time":"2026-03-16T14:09:31Z","timestamp":1773670171321,"version":"3.50.1"},"reference-count":41,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2016,9,27]],"date-time":"2016-09-27T00:00:00Z","timestamp":1474934400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"BMBF"},{"name":"Fraunhofer Attract"},{"name":"LOEWE"},{"name":"SAP SE"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Data Sci. Eng."],"published-print":{"date-parts":[[2017,6]]},"DOI":"10.1007\/s41019-016-0019-8","type":"journal-article","created":{"date-parts":[[2016,9,27]],"date-time":"2016-09-27T02:15:54Z","timestamp":1474942554000},"page":"107-124","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":24,"title":["Time for Addressing Software Security Issues: Prediction Models and Impacting Factors"],"prefix":"10.1007","volume":"2","author":[{"given":"Lotfi","family":"Ben Othmane","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Golriz","family":"Chehrazi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eric","family":"Bodden","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Petar","family":"Tsalovski","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Achim D.","family":"Brucker","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,9,27]]},"reference":[{"key":"19_CR1","doi-asserted-by":"crossref","unstructured":"McGraw, G.: Software security: building security. In: Addison-Wesley software security series. Pearson Education Inc, Boston (2006)","DOI":"10.1109\/ISSRE.2006.43"},{"key":"19_CR2","doi-asserted-by":"crossref","first-page":"257","DOI":"10.1007\/s11623-014-0102-0","volume":"38","author":"R Bachmann","year":"2014","unstructured":"Bachmann R, Brucker AD (2014) Developing secure software: a holistic approach to security testing. Datenschutz und Datensicherheit (DuD) 38:257\u2013261","journal-title":"Datenschutz und Datensicherheit (DuD)"},{"key":"19_CR3","unstructured":"Howard M, Lipner S (2006) The security development lifecycle: SDL\u2014a process for developing demonstrably more secure software. Microsoft Press"},{"key":"19_CR4","doi-asserted-by":"crossref","unstructured":"ben Othmane L, Chehrazi G, Bodden E, Tsalovski P, Brucker A, Miseldine P (2015) Factors impacting the effort required to fix security vulnerabilities. In: Proceedings of information security conference (ISC 2015), Trondheim, Norway, pp 102\u2013119","DOI":"10.1007\/978-3-319-23318-5_6"},{"key":"19_CR5","doi-asserted-by":"crossref","unstructured":"Zimmermann T, Nagappan N, Williams L (2010) Searching for a needle in a haystack: predicting security vulnerabilities for windows vista. In: Proceedings of the 2010 third international conference on software testing, verification and validation, Washington, DC, pp 421\u2013428","DOI":"10.1109\/ICST.2010.32"},{"key":"19_CR6","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1007\/s10664-011-9190-8","volume":"18","author":"Y Shin","year":"2013","unstructured":"Shin Y, Williams L (2013) Can traditional fault prediction models be used for vulnerability prediction? Empir Softw Eng 18:25\u201359","journal-title":"Empir Softw Eng"},{"key":"19_CR7","doi-asserted-by":"crossref","unstructured":"Morrison P, Herzig K, Murphy B, Williams L (2015) Challenges with applying vulnerability prediction models. In: Proceedings of the 2015 symposium and bootcamp on the science of security, pp 4:1\u20134:9","DOI":"10.1145\/2746194.2746198"},{"key":"19_CR8","unstructured":"Keller H, Kr\u00fcger S (2007) ABAP objects. SAP Press"},{"key":"19_CR9","unstructured":"Chehrazi G, Schmitz C, Hinz O (2015) QUANTSEC\u2014ein modell zur nutzenquantifizierung von it-sicherheitsma\u00dfnahmen. In: Smart enterprise engineering: 12. Internationale Tagung Wirtschaftsinformatik, WI 2015, Osnabr\u00fcck, Germany, March 4\u20136, 2015. pp 1131\u20131145"},{"key":"19_CR10","doi-asserted-by":"crossref","unstructured":"Cornell D (2012) Remediation statistics: what does fixing application vulnerabilities cost? In: RSAConference, San Fransisco, CA","DOI":"10.4016\/48527.01"},{"key":"19_CR11","doi-asserted-by":"crossref","unstructured":"Zeng H, Rine D (2004) Estimation of software defects fix effort using neural networks. In: Proceedings of the 28th annual international computer software and applications conference (COMPSAC 2004), vol 2, Hong Kong, China, pp 20\u201321","DOI":"10.1109\/CMPSAC.2004.1342658"},{"key":"19_CR12","doi-asserted-by":"crossref","unstructured":"Weiss C, Premraj R, Zimmermann T, Zeller A (2007) How long will it take to fix this bug? In: Proceedings of the fourth international workshop on mining software repositories. MSR \u201907, Washington, DC, p 1","DOI":"10.1109\/MSR.2007.13"},{"key":"19_CR13","doi-asserted-by":"crossref","unstructured":"Panjer LD (2007) Predicting eclipse bug lifetimes. In: Proceedings of the fourth international workshop on mining software repositories. MSR \u201907, Washington, DC, IEEE Computer Society, p 29","DOI":"10.1109\/MSR.2007.25"},{"key":"19_CR14","doi-asserted-by":"crossref","unstructured":"Bhattacharya P, Neamtiu I (2011) Bug-fix time prediction models: can we do better? In: Proceedings of the 8th working conference on mining software repositories. MSR \u201911, ACM, New York, NY, pp 207\u2013210","DOI":"10.1145\/1985441.1985472"},{"key":"19_CR15","doi-asserted-by":"crossref","unstructured":"Giger E, Pinzger M, Gall H (2010) Predicting the fix time of bugs. In: Proceedings of the 2nd international workshop on recommendation systems for software engineering. RSSE \u201910, ACM, New York, NY, pp 52\u201356","DOI":"10.1145\/1808920.1808933"},{"key":"19_CR16","unstructured":"Hamill M, Goseva-Popstojanova K (2014) Software faults fixing effort: analysis and prediction. Technical Report 20150001332, NASA Goddard Space Flight Center, Greenbelt, MD USA"},{"key":"19_CR17","doi-asserted-by":"crossref","first-page":"165","DOI":"10.1007\/s10664-008-9064-x","volume":"14","author":"R Hewett","year":"2009","unstructured":"Hewett R, Kijsanayothin P (2009) On modeling software defect repair time. Empir Softw Eng 14:165\u2013186","journal-title":"Empir Softw Eng"},{"key":"19_CR18","doi-asserted-by":"crossref","unstructured":"Zhang F, Khomh F, Zou Y, Hassan A (2012) An empirical study on factors impacting bug fixing time. In: 19th Working conference on reverse engineering (WCRE), Kingston, Canada, pp 225\u2013234","DOI":"10.1109\/WCRE.2012.32"},{"key":"19_CR19","doi-asserted-by":"crossref","unstructured":"Menzies T, Butcher A, Marcus A, Zimmermann T, Cok D (2011) Local versus global models for effort estimation and defect prediction. In: Proceedings of the 2011 26th IEEE\/ACM international conference on automated software engineering. ASE \u201911, Washington, DC, pp 343\u2013351","DOI":"10.1109\/ASE.2011.6100072"},{"key":"19_CR20","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1109\/TSE.2007.256941","volume":"33","author":"T Menzies","year":"2007","unstructured":"Menzies T, Greenwald J, Frank A (2007) Data mining static code attributes to learn defect predictors. IEEE Trans Softw Eng 33:2\u201313","journal-title":"IEEE Trans Softw Eng"},{"key":"19_CR21","doi-asserted-by":"crossref","first-page":"772","DOI":"10.1109\/TSE.2010.81","volume":"37","author":"Y Shin","year":"2011","unstructured":"Shin Y, Meneely A, Williams L, Osborne J (2011) Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. IEEE Trans Softw Eng 37:772\u2013787","journal-title":"IEEE Trans Softw Eng"},{"key":"19_CR22","unstructured":"Brucker AD, Sodan U (2014) Deploying static application security testing on a large scale. In: GI Sicherheit 2014, vol 228 of lecture notes in informatics, pp 91\u2013101"},{"key":"19_CR23","doi-asserted-by":"crossref","unstructured":"James G, Witten D, Hastie T, Tibshirani R (2013) An introduction to statistical learning with applications in R. Springer, New York","DOI":"10.1007\/978-1-4614-7138-7"},{"key":"19_CR24","doi-asserted-by":"crossref","first-page":"425","DOI":"10.1016\/S0950-5849(96)00006-7","volume":"39","author":"AR Gray","year":"1997","unstructured":"Gray AR, MacDonell SG (1997) A comparison of techniques for developing predictive models of software metrics. Inf Softw Technol 39:425\u2013437","journal-title":"Inf Softw Technol"},{"key":"19_CR25","volume-title":"The elements of statistical learning","author":"T Hastie","year":"2013","unstructured":"Hastie T, Tibshirani R, Friedman J (2013) The elements of statistical learning, 2nd edn. Springer, Berlin","edition":"2"},{"key":"19_CR26","first-page":"39","volume-title":"Recommendation systems in software engineering","author":"T Menzies","year":"2013","unstructured":"Menzies T (2013) Data mining: a tutorial. In: Robillard MP, Maalej W, Walker RJ, Zimmermann T (eds) Recommendation systems in software engineering. Springer, Berlin, pp 39\u201375"},{"key":"19_CR27","volume-title":"Classiffication and regression trees","author":"L Breiman","year":"1984","unstructured":"Breiman L, Friedman J, Stone CJ, Olshen R (1984) Classiffication and regression trees. Chapman and Hall\/CRC, Belmont"},{"key":"19_CR28","doi-asserted-by":"crossref","first-page":"568","DOI":"10.1109\/72.97934","volume":"2","author":"DF Specht","year":"1991","unstructured":"Specht DF (1991) A general regression neural network. IEEE Trans Neural Netw 2:568\u2013576","journal-title":"IEEE Trans Neural Netw"},{"key":"19_CR29","unstructured":"Hyndman R, Athanasopoulos G (2014) Forecasting: principles and practice. Otexts"},{"key":"19_CR30","doi-asserted-by":"crossref","first-page":"813","DOI":"10.1007\/s10664-014-9300-5","volume":"20","author":"EKT Menzies","year":"2015","unstructured":"Menzies EKT, Mendes E (2015) Transfer learning in effort estimation, empirical software engineering. Empir Softw Eng 20:813\u2013843","journal-title":"Empir Softw Eng"},{"key":"19_CR31","doi-asserted-by":"crossref","first-page":"985","DOI":"10.1109\/TSE.2003.1245300","volume":"29","author":"T Foss","year":"2003","unstructured":"Foss T, Stensrud E, Kitchenham B, Myrtveit I (2003) A simulation study of the model evaluation criterion mmre. IEEE Trans Softw Eng 29:985\u2013995","journal-title":"IEEE Trans Softw Eng"},{"key":"19_CR32","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1186\/1471-2210-10-6","volume":"10","author":"ANN Spiess","year":"2010","unstructured":"Spiess ANN, Neumeyer N (2010) An evaluation of R2 as an inadequate measure for nonlinear models in pharmacological and biochemical research: a Monte Carlo approach. BMC Pharmacol 10:6","journal-title":"BMC Pharmacol"},{"key":"19_CR33","doi-asserted-by":"crossref","first-page":"1403","DOI":"10.1109\/TSE.2011.111","volume":"38","author":"E Kocaguneli","year":"2012","unstructured":"Kocaguneli E, Menzies T, Keung J (2012) On the value of ensemble effort estimation. IEEE Trans Softw Eng 38:1403\u20131416","journal-title":"IEEE Trans Softw Eng"},{"key":"19_CR34","unstructured":"Louppe G, Wehenkel L, Sutera A, Geurts P (2013) Understanding variable importances in forests of randomized trees. In: Burges C, Bottou L, Welling M, Ghahramani Z, Weinberger K (eds) Advances in neural information processing systems, vol 26, pp 431\u2013439"},{"key":"19_CR35","doi-asserted-by":"crossref","first-page":"532","DOI":"10.5465\/amr.1989.4308385","volume":"14","author":"KM Eisenhardt","year":"1989","unstructured":"Eisenhardt KM (1989) Building theories from case study research. Acad Manag Rev 14:532\u2013550","journal-title":"Acad Manag Rev"},{"key":"19_CR36","doi-asserted-by":"crossref","unstructured":"Bener A, Misirli A, Caglayan B, Kocaguneli E, Calikli G (2015) Lessons Learned from software analytics in practice. In: The art and science of analyzing software data, 1st edn. Elsevier, Waltham, pp 453\u2013489","DOI":"10.1016\/B978-0-12-411519-4.00016-1"},{"key":"19_CR37","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1016\/j.infsof.2011.09.002","volume":"54","author":"J Wen","year":"2012","unstructured":"Wen J, Li S, Lin Z, Hu Y, Huang C (2012) Systematic literature review of machine learning based software development effort estimation models. Inf Softw Technol 54:41\u201359","journal-title":"Inf Softw Technol"},{"key":"19_CR38","unstructured":"Therneau TM, Atkinson EJ (2011) An introduction to recursive partitioning using the rpart routines. Technical Report 61, Mayo Foundation for Medical Education and Research; Mayo Clinic; and Regents of the University of Minnesota, Minneapolis, USA"},{"key":"19_CR39","doi-asserted-by":"crossref","unstructured":"Hooimeijer P, Weimer W (2007) Modeling bug report quality. In: Proceedings of the twenty-second IEEE\/ACM international conference on automated software engineering. ASE \u201907, ACM, New York, NY, pp 34\u201343","DOI":"10.1145\/1321631.1321639"},{"key":"19_CR40","doi-asserted-by":"crossref","unstructured":"Guo PJ, Zimmermann T, Nagappan N, Murphy B (2011) \u201cnot my bug!\u201d and other reasons for software bug report reassignments. In: Proceedings of the ACM 2011 conference on computer supported cooperative work. CSCW \u201911, ACM, New York, NY, pp 395\u2013404","DOI":"10.1145\/1958824.1958887"},{"key":"19_CR41","volume-title":"Secure programming with static analysis","author":"B Chess","year":"2007","unstructured":"Chess B, West J (2007) Secure programming with static analysis, 1st edn. Addison-Wesley, Reading","edition":"1"}],"container-title":["Data Science and Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s41019-016-0019-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s41019-016-0019-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s41019-016-0019-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,9,26]],"date-time":"2020-09-26T08:01:37Z","timestamp":1601107297000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s41019-016-0019-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,9,27]]},"references-count":41,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2017,6]]}},"alternative-id":["19"],"URL":"https:\/\/doi.org\/10.1007\/s41019-016-0019-8","relation":{},"ISSN":["2364-1185","2364-1541"],"issn-type":[{"value":"2364-1185","type":"print"},{"value":"2364-1541","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,9,27]]}}}