{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:49:55Z","timestamp":1750308595725,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":85,"publisher":"ACM","license":[{"start":{"date-parts":[[2016,9,26]],"date-time":"2016-09-26T00:00:00Z","timestamp":1474848000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,9,26]]},"DOI":"10.1145\/3011883.3011884","type":"proceedings-article","created":{"date-parts":[[2016,12,15]],"date-time":"2016-12-15T18:03:54Z","timestamp":1481825034000},"page":"92-105","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["A case for the economics of secure software development"],"prefix":"10.1145","author":[{"given":"Chad","family":"Heitzenrater","sequence":"first","affiliation":[{"name":"U.S. Air Force Research Laboratory"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andrew","family":"Simpson","sequence":"additional","affiliation":[{"name":"University of Oxford Wolfson Building, Parks Road Oxford, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2016,9,26]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/MWSCAS.2003.1562323"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Anderson R. and Moore T. The economics of information security. Science 314 5799 (October 2006) 610--613.  Anderson R. and Moore T. The economics of information security. Science 314 5799 (October 2006) 610--613.","DOI":"10.1126\/science.1130992"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1539-6924.2006.00787.x"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.103"},{"volume-title":"PDF","year":"2014","author":"Arce I.","key":"e_1_3_2_1_5_1"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2011.18"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1375696.1375707"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2009.163"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/NOMSW.2010.5486590"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.962984"},{"key":"e_1_3_2_1_12_1","unstructured":"Boehm B. W. Software Engineering Economics. Prentice-Hall Advances in Computing Science and Technology Series. Prentice Hall Englewood Cliffs N.J 1981.   Boehm B. W. Software Engineering Economics. Prentice-Hall Advances in Computing Science and Technology Series. Prentice Hall Englewood Cliffs N.J 1981."},{"volume-title":"Proceedings of the 8th Workshop on the Economics of Information Security (WEIS)","year":"2009","author":"B\u00f6hme R.","key":"e_1_3_2_1_13_1"},{"key":"e_1_3_2_1_14_1","first-page":"176","volume-title":"Springer Berlin Heidelberg","author":"B\u00f6hme R.","year":"2008"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/581339.581370"},{"key":"e_1_3_2_1_16_1","first-page":"31","volume-title":"Proceedings of the CERT Information Survivability Workshop","author":"Camp L. J.","year":"2000"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1005817.1005828"},{"volume-title":"Proceedings of the 4th Workshop on the Economics of Information Security (WEIS)","year":"2005","author":"Cremonini M.","key":"e_1_3_2_1_18_1"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2008.01.010"},{"volume-title":"Springer Berlin Heidelberg","year":"2013","author":"Demetz L.","key":"e_1_3_2_1_20_1"},{"key":"e_1_3_2_1_21_1","unstructured":"Department for business innovation and skills. Cyber essentials scheme: Overview. https:\/\/www.gov.uk\/government\/publications\/cyber-essentials-scheme-overview June 2014.  Department for business innovation and skills. Cyber essentials scheme: Overview. https:\/\/www.gov.uk\/government\/publications\/cyber-essentials-scheme-overview June 2014."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/336512.336559"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36563-8_14"},{"volume-title":"University of Oxford","year":"2011","author":"Faily S.","key":"e_1_3_2_1_24_1"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","unstructured":"Geer D. For good measure: The undiscovered. ;login: 40 2 (April 2015) 50--52.  Geer D. For good measure: The undiscovered. ;login: 40 2 (April 2015) 50--52.","DOI":"10.1177\/1037969X1504000112"},{"volume-title":"Software Assurance Forum for Excellence in Code (SAFECode)","year":"2015","author":"Gilmore S.","key":"e_1_3_2_1_26_1"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/581271.581274"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2015.08.002"},{"volume-title":"Microsoft IT Information Security and Risk Management","year":"2015","author":"Grimes R. A.","key":"e_1_3_2_1_29_1"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1367497.1367526"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1080\/19393550802623206"},{"volume-title":"Proceedings of the 15th Workshop on the Economics of Information Security (WEIS)","year":"2016","author":"Heitzenrater C.","key":"e_1_3_2_1_32_1"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/QRS-C.2016.54"},{"volume-title":"Proceedings of the 14th Workshop on the Economics of Information Security (WEIS)","year":"2015","author":"Heitzenrater C.","key":"e_1_3_2_1_34_1"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2016.90"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-25594-1_14"},{"volume-title":"Pearson Higher Education","year":"2004","author":"Hoglund G.","key":"e_1_3_2_1_37_1"},{"volume-title":"Stanford University","year":"2000","author":"Hoo K. J. S.","key":"e_1_3_2_1_38_1"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1219053"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32498-7_7"},{"volume-title":"USA","year":"2013","author":"James J. A.","key":"e_1_3_2_1_41_1"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2015.02.040"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2009.27"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2014.07.001"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2004.41"},{"volume-title":"PDF","year":"2014","author":"Manico J.","key":"e_1_3_2_1_46_1"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2014.2354037"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.5555\/784590.784691"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2004.1281254"},{"volume-title":"Website","year":"2006","author":"Mcgraw G.","key":"e_1_3_2_1_50_1"},{"volume-title":"Addison-Wesley Professional","year":"2006","author":"Mcgraw G.","key":"e_1_3_2_1_51_1"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1080\/01402390.2012.742013"},{"key":"e_1_3_2_1_53_1","unstructured":"Mcgraw G. E-mail July 2017. Personal communication with the author.  Mcgraw G. E-mail July 2017. Personal communication with the author."},{"volume-title":"PDF","year":"2015","author":"Mcgraw G.","key":"e_1_3_2_1_54_1"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/777313.777327"},{"key":"e_1_3_2_1_56_1","first-page":"1","volume":"10","author":"Mizzi A.","year":"2010","journal-title":"International Journal of Network Security"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314257.1314267"},{"volume-title":"International Journal of Critical Infrastructure Protection (IJCIP) 3, 3--4 (December","year":"2010","author":"Moore T.","key":"e_1_3_2_1_58_1"},{"key":"e_1_3_2_1_59_1","unstructured":"National Institute of Standards and Technology (NIST). Framework for improving critical infrastructure cybersecurity. Tech. rep. February 2014. http:\/\/www.nist.gov\/cyberframework\/ last accessed 20 Oct 2016.  National Institute of Standards and Technology (NIST). Framework for improving critical infrastructure cybersecurity. Tech. rep. February 2014. http:\/\/www.nist.gov\/cyberframework\/ last accessed 20 Oct 2016."},{"volume-title":"Proceedings of the 11th Workshop on the Economics of Information Security (WEIS)","year":"2012","author":"Neuhaus S.","key":"e_1_3_2_1_60_1"},{"volume-title":"PDF","year":"2004","author":"Nist","key":"e_1_3_2_1_61_1"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-12601-2_15"},{"volume-title":"International Journal of Security, Privacy and Trust Management (IJSPTM) 4, 3\/4 (November","year":"2015","author":"Pandey P.","key":"e_1_3_2_1_63_1"},{"volume-title":"PDF","year":"2008","author":"Pci Security Standards Council","key":"e_1_3_2_1_64_1"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.56"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/2413296.2413299"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2008.4"},{"volume-title":"Proceedings of the 4th Workshop on Economics-Driven Software Engineering Research (EDSER-4)","year":"2002","author":"Poladian V.","key":"e_1_3_2_1_68_1"},{"volume-title":"Addison-Wesley Professional","year":"1999","author":"Robertson S.","key":"e_1_3_2_1_69_1"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2009.98"},{"volume-title":"Proceedings of the 6th Workshop on the Economics of Information Security (WEIS)","year":"2007","author":"Rue R.","key":"e_1_3_2_1_71_1"},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2012.08.008"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2013.6698898"},{"volume-title":"Proceedings of the 1st Workshop on the Economics of Information Security (WEIS)","year":"2002","author":"Schechter S.","key":"e_1_3_2_1_74_1"},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45126-6_9"},{"volume-title":"Inc.","year":"2000","author":"Schneier B.","key":"e_1_3_2_1_76_1"},{"volume-title":"Proceedings of the 14th Norwegian Informatics Conference (NIK)","year":"2001","author":"Sindre G.","key":"e_1_3_2_1_77_1"},{"key":"e_1_3_2_1_78_1","first-page":"4","volume-title":"Proceedings of the 7th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ)","author":"Sindre G.","year":"2001"},{"volume-title":"Proceedings of the 14th Annual International Symposium of the International Council on Systems Engineering (INCOSE)","year":"2004","author":"Stecklein J. M.","key":"e_1_3_2_1_79_1"},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.2233075"},{"key":"e_1_3_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2008.19"},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2005.02.001"},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.55"},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/1719030.1719036"},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.587545"},{"key":"e_1_3_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.3"}],"event":{"name":"NSPW '16: New Security Paradigms Workshop 2016","sponsor":["ACSA Applied Computing Security Assoc","The National Science Foundation","DELL","CISCO"],"location":"Granby Colorado USA","acronym":"NSPW '16"},"container-title":["Proceedings of the 2016 New Security Paradigms Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3011883.3011884","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3011883.3011884","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T19:05:30Z","timestamp":1750273530000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3011883.3011884"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,9,26]]},"references-count":85,"alternative-id":["10.1145\/3011883.3011884","10.1145\/3011883"],"URL":"https:\/\/doi.org\/10.1145\/3011883.3011884","relation":{},"subject":[],"published":{"date-parts":[[2016,9,26]]},"assertion":[{"value":"2016-09-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}