{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:35:19Z","timestamp":1750221319511,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":42,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,6,23]],"date-time":"2017-06-23T00:00:00Z","timestamp":1498176000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,6,23]]},"DOI":"10.1145\/3134302.3134334","type":"proceedings-article","created":{"date-parts":[[2017,11,17]],"date-time":"2017-11-17T14:02:08Z","timestamp":1510927328000},"page":"179-186","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Measuring Software Security from the Design of Software"],"prefix":"10.1145","author":[{"given":"Marko","family":"Saarela","sequence":"first","affiliation":[{"name":"Department of Future Technologies, University of Turku, Finland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shohreh","family":"Hosseinzadeh","sequence":"additional","affiliation":[{"name":"Department of Future Technologies, University of Turku, Finland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sami","family":"Hyrynsalmi","sequence":"additional","affiliation":[{"name":"Department of Future Technologies, University of Turku, Finland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ville","family":"Lepp\u00e4nen","sequence":"additional","affiliation":[{"name":"Department of Future Technologies, University of Turku, Finland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,6,23]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"MITRE Corporation \"Common Weakness Enumeration (CWE)\". https:\/\/cwe.mitre.org\/about\/index.html. Accessed: 2017-03-29.  MITRE Corporation \"Common Weakness Enumeration (CWE)\". https:\/\/cwe.mitre.org\/about\/index.html. Accessed: 2017-03-29."},{"key":"e_1_3_2_1_2_1","unstructured":"Commission of the European Communities Directorate XIIl\/F SOG-IS \"Information Technology Security Evaluation Criteria (ITSEC)\" 1991.  Commission of the European Communities Directorate XIIl\/F SOG-IS \"Information Technology Security Evaluation Criteria (ITSEC)\" 1991."},{"key":"e_1_3_2_1_3_1","first-page":"2009","volume":"27004","author":"Information","year":"2009","unstructured":"ISO\/IEC, \" Information security management - Measurement ( ISO\/IEC 27004 : 2009 )\", 2009 . ISO\/IEC, \"Information security management - Measurement (ISO\/IEC 27004:2009)\", 2009.","journal-title":"ISO\/IEC"},{"key":"e_1_3_2_1_4_1","volume-title":"versio 3.1 release 4","author":"Common Criteria Recognition Arrangement","year":"2012","unstructured":"Common Criteria Recognition Arrangement , \"Common Criteria for Information Technology Security Evaluation , versio 3.1 release 4 \", 2012 . Common Criteria Recognition Arrangement, \"Common Criteria for Information Technology Security Evaluation, versio 3.1 release 4\", 2012."},{"key":"e_1_3_2_1_5_1","first-page":"2008","volume":"21827","author":"Systems Security Engineering","year":"2014","unstructured":"ISO\/IEC, \" Systems Security Engineering - Capability Maturity Model ( ISO\/IEC 21827 : 2008 )\", 2014 . Accessed: 2017-03-29. ISO\/IEC, \"Systems Security Engineering - Capability Maturity Model (ISO\/IEC 21827:2008)\", 2014. Accessed: 2017-03-29.","journal-title":"ISO\/IEC"},{"key":"e_1_3_2_1_6_1","volume-title":"version 3.0","author":"FIRSTOrg Inc.","year":"2015","unstructured":"FIRSTOrg Inc. , \" Common Vulnerability Scoring System , version 3.0 \", 2015 . FIRSTOrg Inc., \"Common Vulnerability Scoring System, version 3.0\", 2015."},{"key":"e_1_3_2_1_7_1","first-page":"662","volume-title":"Proc. of 2013 International Conference on Software Engineering (2013), ICSE '13, IEEE Press","author":"Almorsy M.","unstructured":"Almorsy , M. , Grundy , J. , and Ibrahim , A. S . Automated software architecture security risk analysis using formalized signatures . In Proc. of 2013 International Conference on Software Engineering (2013), ICSE '13, IEEE Press , pp. 662 -- 671 . Almorsy, M., Grundy, J., and Ibrahim, A. S. Automated software architecture security risk analysis using formalized signatures. In Proc. of 2013 International Conference on Software Engineering (2013), ICSE '13, IEEE Press, pp. 662--671."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/QSIC.2009.11"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASWEC.2010.34"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/QSIC.2011.31"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/1373319"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSMR.2013.37"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSREW.2014.21"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ITNG.2009.157"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/2206269"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1370905.1370913"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/850964.854592"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/APSEC.2013.75"},{"volume-title":"K. National Information Systems Security Conference. http:\/\/csrc.nist.gov\/nissc\/2000\/proceedings\/papers\/916slide.pdf. Accessed 2017-03-29","author":"Ferraiolo","key":"e_1_3_2_1_20_1","unstructured":"Ferraiolo , K. National Information Systems Security Conference. http:\/\/csrc.nist.gov\/nissc\/2000\/proceedings\/papers\/916slide.pdf. Accessed 2017-03-29 . Ferraiolo, K. National Information Systems Security Conference. http:\/\/csrc.nist.gov\/nissc\/2000\/proceedings\/papers\/916slide.pdf. Accessed 2017-03-29."},{"key":"e_1_3_2_1_21_1","first-page":"90","volume-title":"Proc. IEEE Symp. on Computer Software Reliability","author":"Fragola J.","year":"1973","unstructured":"Fragola , J. , and Spahn , J . The software error effects analysis; a qualitative design tool . In Proc. IEEE Symp. on Computer Software Reliability ( 1973 ), pp. 90 -- 93 . Fragola, J., and Spahn, J. The software error effects analysis; a qualitative design tool. In Proc. IEEE Symp. on Computer Software Reliability (1973), pp. 90--93."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2007.70240"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2008.54"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.5555\/2038041"},{"key":"e_1_3_2_1_27_1","volume-title":"US National Institute of Standards and Technology, \"Directions in Security Metrics Research (NIST IR 7564)","author":"Jansen W.","year":"2009","unstructured":"Jansen , W. US National Institute of Standards and Technology, \"Directions in Security Metrics Research (NIST IR 7564) \". Diane Publishing , 2009 . Jansen, W. US National Institute of Standards and Technology, \"Directions in Security Metrics Research (NIST IR 7564)\". Diane Publishing, 2009."},{"key":"e_1_3_2_1_28_1","volume-title":"Upper Saddle River: Pearson Education Inc.","author":"Jaquith A.","year":"2007","unstructured":"Jaquith , A. Security metrics . Upper Saddle River: Pearson Education Inc. , 2007 . Jaquith, A. Security metrics. Upper Saddle River: Pearson Education Inc., 2007."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(14)70513-5"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCSE.2010.104"},{"key":"e_1_3_2_1_31_1","volume-title":"US department of defense, \"Trusted computer system evaluation criteria\". DoD 5200.28-STD","author":"Latham D. C.","year":"1986","unstructured":"Latham , D. C. US department of defense, \"Trusted computer system evaluation criteria\". DoD 5200.28-STD ( 1986 ). Latham, D. C. US department of defense, \"Trusted computer system evaluation criteria\". DoD 5200.28-STD (1986)."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.IR.7864"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/APSCC.2008.17"},{"key":"e_1_3_2_1_34_1","volume-title":"Swedish Def. Res","author":"Lundholm K.","year":"2011","unstructured":"Lundholm , K. , Hallberg , J. , and Granlund , H . Design and use of information security metrics. FOI , Swedish Def. Res . Agency p. ISSN ( 2011 ), 1650--1942. Lundholm, K., Hallberg, J., and Granlund, H. Design and use of information security metrics. FOI, Swedish Def. Res. Agency p. ISSN (2011), 1650--1942."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"crossref","DOI":"10.21236\/ADA476977","volume-title":"An approach to measuring a system's attack surface. Tech. rep","author":"Manadhata P. K.","year":"2007","unstructured":"Manadhata , P. K. , Tan , K. M. , Maxion , R. A. , and Wing , J. M . An approach to measuring a system's attack surface. Tech. rep ., Carnegie Mellon University , 2007 . Manadhata, P. K., Tan, K. M., Maxion, R. A., and Wing, J. M. An approach to measuring a system's attack surface. Tech. rep., Carnegie Mellon University, 2007."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2004.1281254"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1842752.1842797"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2593868.2593880"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1071021.1071046"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.81"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-11747-3_6"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISA.2008.104"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1566445.1566509"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2179298.2179348"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.15439\/2014F490"}],"event":{"name":"CompSysTech'17: 18th International Conference on Computer Systems and Technologies","sponsor":["UORB University of Ruse, Bulgaria","TECHUVB Technical University of Varna, Bulgaria"],"location":"Ruse Bulgaria","acronym":"CompSysTech'17"},"container-title":["Proceedings of the 18th International Conference on Computer Systems and Technologies"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134302.3134334","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3134302.3134334","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:13:51Z","timestamp":1750212831000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134302.3134334"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,6,23]]},"references-count":42,"alternative-id":["10.1145\/3134302.3134334","10.1145\/3134302"],"URL":"https:\/\/doi.org\/10.1145\/3134302.3134334","relation":{},"subject":[],"published":{"date-parts":[[2017,6,23]]},"assertion":[{"value":"2017-06-23","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}