{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T05:53:53Z","timestamp":1774418033839,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2006,5,20]],"date-time":"2006-05-20T00:00:00Z","timestamp":1148083200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2006,5,20]]},"DOI":"10.1145\/1137627.1137631","type":"proceedings-article","created":{"date-parts":[[2006,7,24]],"date-time":"2006-07-24T16:53:01Z","timestamp":1153759981000},"page":"11-18","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":64,"title":["Extending XP practices to support security requirements engineering"],"prefix":"10.1145","author":[{"given":"Gustav","family":"Bostr\u00f6m","sequence":"first","affiliation":[{"name":"SICS\/KTH, Sweden"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jaana","family":"W\u00e4yrynen","sequence":"additional","affiliation":[{"name":"Stockholm University\/DSV, Sweden"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marine","family":"Bod\u00e9n","sequence":"additional","affiliation":[{"name":"Ericsson R&D, Sweden"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Konstantin","family":"Beznosov","sequence":"additional","affiliation":[{"name":"University of British Columbia, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Philippe","family":"Kruchten","sequence":"additional","affiliation":[{"name":"University of British Columbia, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2006,5,20]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/310889.310902"},{"key":"e_1_3_2_1_2_1","volume-title":"Some Thoughts, Questions and Issues","author":"Aizuddin A.","year":"2001","unstructured":"Aizuddin , A. , The Common Criteria ISO\/IEC 15408 The insight , Some Thoughts, Questions and Issues Oct. 1, 2001 . http:\/\/www.sans.org\/rr\/whitepapers\/standards\/545.php accessed June 17, 2005. Aizuddin, A., The Common Criteria ISO\/IEC 15408 The insight, Some Thoughts, Questions and Issues Oct. 1, 2001. http:\/\/www.sans.org\/rr\/whitepapers\/standards\/545.php accessed June 17, 2005."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/958420.958422"},{"key":"e_1_3_2_1_4_1","volume-title":"Extreme Programming Explained: Embrace Change","author":"Beck K.","year":"2004","unstructured":"Beck K. , Extreme Programming Explained: Embrace Change 2 nd Edition. Addison-Wesley , 2004 . Beck K., Extreme Programming Explained: Embrace Change 2nd Edition. Addison-Wesley, 2004.","edition":"2"},{"key":"e_1_3_2_1_5_1","volume-title":"Proc. of First ACM Workshop on Business Driven Security Engineering (BizSec)","author":"Beznosov K.","year":"2003","unstructured":"Beznosov , K. , e Xtreme Security Engineering : On Employing XP Practices to Achieve \"Good Enough Security\" without Defining It , in Proc. of First ACM Workshop on Business Driven Security Engineering (BizSec) , Fairfax, VA, USA , Oct. 31, 2003 . Beznosov, K., eXtreme Security Engineering: On Employing XP Practices to Achieve \"Good Enough Security\" without Defining It, in Proc. of First ACM Workshop on Business Driven Security Engineering (BizSec), Fairfax, VA, USA, Oct. 31, 2003."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065907.1066034"},{"key":"e_1_3_2_1_7_1","volume-title":"Security Design Patterns","author":"Blakley B.","year":"2004","unstructured":"Blakley B. , Heath C. and members of The Open Group Security Forum , Security Design Patterns , The Open Group , 2004 . Blakley B., Heath C. and members of The Open Group Security Forum, Security Design Patterns, The Open Group, 2004."},{"key":"e_1_3_2_1_8_1","volume-title":"16th International Conference on Software & System Engineering & Their Applications (ICSSEA)","author":"Breu R.","year":"2003","unstructured":"Breu R. , Burger K. , Hafner M. , J\u00fcrens J. , Popp G. , Wimmel G. and Lotz V ., Key Issues of a Formally Based Process Model for Security Engineering , 16th International Conference on Software & System Engineering & Their Applications (ICSSEA) , 2003 . Breu R., Burger K., Hafner M., J\u00fcrens J., Popp G., Wimmel G. and Lotz V., Key Issues of a Formally Based Process Model for Security Engineering, 16th International Conference on Software & System Engineering & Their Applications (ICSSEA), 2003."},{"key":"e_1_3_2_1_9_1","volume-title":"August","author":"CC","year":"1999","unstructured":"CC , ISO 15408 Common Criteria for Information Technology Sec. Evaluation Version 2.1 , August 1999 . CC, ISO 15408 Common Criteria for Information Technology Sec. Evaluation Version 2.1, August 1999."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/11499053_7"},{"key":"e_1_3_2_1_11_1","volume-title":"http:\/\/www2.nr.no\/coras\/, accessed","author":"CORAS","year":"2006","unstructured":"CORAS , http:\/\/www2.nr.no\/coras\/, accessed in Jan. 2006 . CORAS, http:\/\/www2.nr.no\/coras\/, accessed in Jan. 2006."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/986655.986664"},{"key":"e_1_3_2_1_13_1","unstructured":"Fowler M. and Foemmel M. Continuous Integration. http:\/\/www.martinfowler.com\/articles\/continuousIntegration.html. Accessed in January 2006.  Fowler M. and Foemmel M. Continuous Integration. http:\/\/www.martinfowler.com\/articles\/continuousIntegration.html. Accessed in January 2006."},{"key":"e_1_3_2_1_14_1","volume-title":"Adaptive Software Development: A Collaborative Approach to Managing Complex Systems","author":"Highsmith J. A.","year":"2000","unstructured":"Highsmith J. A. , Adaptive Software Development: A Collaborative Approach to Managing Complex Systems , New York : Dorset House , 2000 . Highsmith J. A., Adaptive Software Development: A Collaborative Approach to Managing Complex Systems, New York: Dorset House, 2000."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2004.1264857"},{"key":"e_1_3_2_1_16_1","volume-title":"Exploiting Software: How to Break Code","author":"H\u00f6glund G.","year":"2004","unstructured":"H\u00f6glund , G. , McGraw , G. , Exploiting Software: How to Break Code , Addison-Wesley Professional , 2004 . H\u00f6glund, G., McGraw, G., Exploiting Software: How to Break Code, Addison-Wesley Professional, 2004."},{"key":"e_1_3_2_1_17_1","volume-title":"Misuse and Abuse Cases","author":"Hope P.","year":"2004","unstructured":"Hope P. , McGraw G. , Anton A. , Misuse and Abuse Cases , IEEE Security and Privacy , 2004 Hope P., McGraw G., Anton A., Misuse and Abuse Cases, IEEE Security and Privacy, 2004"},{"key":"e_1_3_2_1_18_1","unstructured":"ISO\/IEC 4th WD 13335-2- Information Technology - Security Techniques - Management of information and communications technology security - Part 2: Techniques for information and communications technology security risk management.  ISO\/IEC 4th WD 13335-2- Information Technology - Security Techniques - Management of information and communications technology security - Part 2: Techniques for information and communications technology security risk management."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/784590.784691"},{"key":"e_1_3_2_1_20_1","volume-title":"Proceedings of the 17ths Annual Computer Security Applications Conferences","author":"McDermott J.","year":"2003","unstructured":"McDermott J. Abuse-case-based assurance arguments. Using abuse case models for security requirements , Proceedings of the 17ths Annual Computer Security Applications Conferences , 2003 . McDermott J. Abuse-case-based assurance arguments. Using abuse case models for security requirements, Proceedings of the 17ths Annual Computer Security Applications Conferences, 2003."},{"key":"e_1_3_2_1_21_1","volume-title":"Building Secure Software: How to Avoid Security Problems the Right Way","author":"McGraw G.","year":"2002","unstructured":"McGraw G. and Viega J. , Building Secure Software: How to Avoid Security Problems the Right Way , Addison-Wesley , 2002 . McGraw G. and Viega J., Building Secure Software: How to Avoid Security Problems the Right Way, Addison-Wesley, 2002."},{"key":"e_1_3_2_1_22_1","volume-title":"Symposium on Requirements Engineering for Information Security","author":"Peeters J.","year":"2005","unstructured":"Peeters J. Agile Security Requirements Engineering . Presented at the Symposium on Requirements Engineering for Information Security , 2005 . Peeters J. Agile Security Requirements Engineering. Presented at the Symposium on Requirements Engineering for Information Security, 2005."},{"issue":"9","key":"e_1_3_2_1_23_1","first-page":"12","volume":"15","author":"Poppendieck M.","year":"2002","unstructured":"Poppendieck M. and Morsicato R , Using XP for Safety-Critical Software , Cutter IT Journal , 15 ( 9 ), 2002 , 12 -- 16 . Poppendieck M. and Morsicato R, Using XP for Safety-Critical Software, Cutter IT Journal, 15 (9), 2002, 12--16.","journal-title":"Cutter IT Journal"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2005.329"},{"key":"e_1_3_2_1_25_1","volume-title":"Model Description Document Version 3.0. www.sse-cmm.org\/model\/ssecmmv2final.pdf. Accessed in January","year":"2004","unstructured":"SSE-CMM , Systems Security Engineering Capability Maturity Model , Model Description Document Version 3.0. www.sse-cmm.org\/model\/ssecmmv2final.pdf. Accessed in January 2004 . SSE-CMM, Systems Security Engineering Capability Maturity Model, Model Description Document Version 3.0. www.sse-cmm.org\/model\/ssecmmv2final.pdf. Accessed in January 2004."},{"key":"e_1_3_2_1_26_1","volume-title":"The Chaos Report: Extreme Chaos","author":"Standish Group","year":"2001","unstructured":"Standish Group , The Chaos Report: Extreme Chaos , West Yarmouth, MA : The Standish Group , 2001 . Standish Group, The Chaos Report: Extreme Chaos, West Yarmouth, MA: The Standish Group, 2001."},{"key":"e_1_3_2_1_27_1","unstructured":"ST-Lite V 1.1 July 2002 http:\/\/www.commoncriteriaportal.org\/public\/expert\/index.php?menu=6 accessed 2006-02-01  ST-Lite V 1.1 July 2002 http:\/\/www.commoncriteriaportal.org\/public\/expert\/index.php?menu=6 accessed 2006-02-01"},{"key":"e_1_3_2_1_28_1","volume-title":"CESG","author":"Fast Track","unstructured":"Fast Track , Fast Track Assessment Methodology, Information Assurance and Certification Services (IACS) , CESG . http:\/\/www.cesg.gov.uk\/site\/iacs\/index.cfm?menuSelected=3&displayPage=31 Accessed August 25 2005. Fast Track, Fast Track Assessment Methodology, Information Assurance and Certification Services (IACS), CESG. http:\/\/www.cesg.gov.uk\/site\/iacs\/index.cfm?menuSelected=3&displayPage=31 Accessed August 25 2005."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/587051.587071"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.55"},{"key":"e_1_3_2_1_31_1","first-page":"117","volume-title":"XP\/Agile Universe","author":"W\u00e4yrynen J.","year":"2004","unstructured":"W\u00e4yrynen J. , Bod\u00e9n M. and Bostr\u00f6m G. , Security Engineering and eXtreme Programming: an Impossible marriage? , XP\/Agile Universe 2004 , C. Zannier, H. Erdogmus, and L. Lindstrom, Eds. LNSC 3134, Berlin : Springer-Verlag , 2004, pp. 117 -- 128 . W\u00e4yrynen J., Bod\u00e9n M. and Bostr\u00f6m G., Security Engineering and eXtreme Programming: an Impossible marriage?, XP\/Agile Universe 2004, C. Zannier, H. Erdogmus, and L. Lindstrom, Eds. LNSC3134, Berlin: Springer-Verlag, 2004, pp. 117--128."},{"key":"e_1_3_2_1_32_1","volume-title":"Accessed in September","author":"XP","year":"2005","unstructured":"XP , Extreme Programming: A Gentle Introduction. URL: http:\/\/www.extremeprogramming.org , Accessed in September 2005 . XP, Extreme Programming: A Gentle Introduction. URL: http:\/\/www.extremeprogramming.org, Accessed in September 2005."}],"event":{"name":"ICSE06: International Conference on Software Engineering","location":"Shanghai China","acronym":"ICSE06","sponsor":["ACM Association for Computing Machinery","SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 2006 international workshop on Software engineering for secure systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1137627.1137631","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1137627.1137631","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T15:14:29Z","timestamp":1750259669000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1137627.1137631"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006,5,20]]},"references-count":32,"alternative-id":["10.1145\/1137627.1137631","10.1145\/1137627"],"URL":"https:\/\/doi.org\/10.1145\/1137627.1137631","relation":{},"subject":[],"published":{"date-parts":[[2006,5,20]]},"assertion":[{"value":"2006-05-20","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}