{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T11:24:55Z","timestamp":1775647495653,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":33,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,25]],"date-time":"2017-10-25T00:00:00Z","timestamp":1508889600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100004410","name":"T\u00fcrkiye Bilimsel ve Teknolojik Ara_tirma Kurumu","doi-asserted-by":"publisher","award":["1059B191600263"],"award-info":[{"award-number":["1059B191600263"]}],"id":[{"id":"10.13039\/501100004410","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","award":["04436"],"award-info":[{"award-number":["04436"]}],"id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,25]]},"DOI":"10.1145\/3143434.3143461","type":"proceedings-article","created":{"date-parts":[[2017,11,15]],"date-time":"2017-11-15T13:36:37Z","timestamp":1510752997000},"page":"64-76","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Using FSM patterns to size security non-functional requirements with COSMIC"],"prefix":"10.1145","author":[{"given":"Erdir","family":"Ungan","sequence":"first","affiliation":[{"name":"Universit\u00e9 du Qu\u00e9bec \u00e0 Montr\u00e9al, Montreal, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sylvie","family":"Trudel","sequence":"additional","affiliation":[{"name":"Universit\u00e9 du Qu\u00e9bec \u00e0 Montr\u00e9al, Montreal, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luc","family":"Poulin","sequence":"additional","affiliation":[{"name":"Application Security Institute, Quebec, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,10,25]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"153","volume-title":"22nd International Conference on Software Engineering and Knowledge Engineering (SEKE 2010)","author":"Abran A.","year":"2010","unstructured":"Abran , A. , Al-Sarayreh , K. T., & Cuadrado-Gallego , J. J. 2010 . Standards-based model for the specification and measurement of maintainability requirements . In 22nd International Conference on Software Engineering and Knowledge Engineering (SEKE 2010) (pp. 153 -- 158 ). Abran, A., Al-Sarayreh, K. T., & Cuadrado-Gallego, J. J. 2010. Standards-based model for the specification and measurement of maintainability requirements. In 22nd International Conference on Software Engineering and Knowledge Engineering (SEKE 2010) (pp. 153--158)."},{"key":"e_1_3_2_1_2_1","volume-title":"et al","author":"Abran A.","year":"2015","unstructured":"Abran , A. et al . 2015 . The COSMIC Functional Size Measurement Method - Measurement Manual, version 4.0.1, The COSMIC group, April 2015, available from: http:\/\/www.cosmic-sizing.org. Abran, A. et al. 2015. The COSMIC Functional Size Measurement Method - Measurement Manual, version 4.0.1, The COSMIC group, April 2015, available from: http:\/\/www.cosmic-sizing.org."},{"key":"e_1_3_2_1_3_1","first-page":"553","volume-title":"9th International Conference on Software Engineering Research and Practice (SERP 2010)","author":"Al-Sarayreh K. T.","year":"2010","unstructured":"Al-Sarayreh , K. T. , Abran , A., & Cuadrado-Gallego , J. J. 2010 . Measurement model of software requirements derived from system portability requirements . In 9th International Conference on Software Engineering Research and Practice (SERP 2010) (pp. 553 -- 559 ). Al-Sarayreh, K. T., Abran, A., & Cuadrado-Gallego, J. J. 2010. Measurement model of software requirements derived from system portability requirements. In 9th International Conference on Software Engineering Research and Practice (SERP 2010) (pp. 553--559)."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1921705.1921706"},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of the 34th Annual Government Electronics and Information Association Conference","author":"Andrew J.","year":"2000","unstructured":"Andrew , J. 2000 . An Approach to Quantitative Non-Functional Requirements in Software Development . In: Proceedings of the 34th Annual Government Electronics and Information Association Conference Andrew, J. 2000. An Approach to Quantitative Non-Functional Requirements in Software Development. In: Proceedings of the 34th Annual Government Electronics and Information Association Conference"},{"key":"e_1_3_2_1_6_1","volume-title":"IEEE Recommended Practice for Software Requirements Specifications","unstructured":"IEEE Std 830:1998 , IEEE Recommended Practice for Software Requirements Specifications . New York, NY : The Institute of Electrical and Electronics Engineers . IEEE Std 830:1998, IEEE Recommended Practice for Software Requirements Specifications. New York, NY: The Institute of Electrical and Electronics Engineers."},{"key":"e_1_3_2_1_7_1","unstructured":"International Organization for Standardization. 2011. ISO\/IEC 27034-1: 2011 - Information technology --- Security techniques --- Application security - Part 1: Overview and concepts. Geneva (Switzerland).  International Organization for Standardization. 2011. ISO\/IEC 27034-1: 2011 - Information technology --- Security techniques --- Application security - Part 1: Overview and concepts. Geneva (Switzerland)."},{"key":"e_1_3_2_1_8_1","unstructured":"International Organization for Standardization. 2003. ISO\/IEC 19761. Software Engineering: COSMIC-FFP - A functional size measurement method - ISO Geneva  International Organization for Standardization. 2003. ISO\/IEC 19761. Software Engineering: COSMIC-FFP - A functional size measurement method - ISO Geneva"},{"key":"e_1_3_2_1_9_1","first-page":"363","volume-title":"Julio Cesar Sampaio do Prado Leite","author":"Lawrence Chung","year":"2009","unstructured":"Lawrence Chung , Julio Cesar Sampaio do Prado Leite . 2009 . On Non-Functional Requirements in Software Engineering 2009. Mylopoulos Festschrift, LNCS 5600, pp. 363 -- 379 , Springer-Verlag Berlin Heidelberg 2009 Lawrence Chung, Julio Cesar Sampaio do Prado Leite. 2009. On Non-Functional Requirements in Software Engineering 2009. Mylopoulos Festschrift, LNCS 5600, pp. 363--379, Springer-Verlag Berlin Heidelberg 2009"},{"key":"e_1_3_2_1_10_1","unstructured":"Lesterhuis Arlan Alain Abran & Charles Symons. 2015. Course Registration ('C-REG') System Case Study Version 2.0. www.cosmic-sizing.org  Lesterhuis Arlan Alain Abran & Charles Symons. 2015. Course Registration ('C-REG') System Case Study Version 2.0. www.cosmic-sizing.org"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-85553-8_14"},{"key":"e_1_3_2_1_12_1","article-title":"A Reference Model of Security Requirements for Early Identification and Measurement of Security Awareness Program","author":"Maqousi Ali","year":"2014","unstructured":"Maqousi , Ali , Tatiana Balikhina , Kenza Meridji , Khalid T . Al-Sarayreh . 2014 . A Reference Model of Security Requirements for Early Identification and Measurement of Security Awareness Program . Journal of Theoretical and Applied Information Technology, 10th May 2014. Vol. 63 No.1. Maqousi, Ali, Tatiana Balikhina, Kenza Meridji, Khalid T. Al-Sarayreh. 2014. A Reference Model of Security Requirements for Early Identification and Measurement of Security Awareness Program. Journal of Theoretical and Applied Information Technology, 10th May 2014. Vol. 63 No.1.","journal-title":"Journal of Theoretical and Applied Information Technology, 10th"},{"issue":"4","key":"e_1_3_2_1_13_1","article-title":"Towards A Requirements Model of System Security Using International Standards","volume":"9","author":"Meridji Kenza","year":"2015","unstructured":"Meridji , Kenza , Khaled AlMakhadmeh , Khalid T. Al-Sarayreh , Anas Abuljadayel , Mohammad Khalaf . 2015 . Towards A Requirements Model of System Security Using International Standards . International Journal of Software Engineering and Its Applications Vol. 9 , No. 4 . Meridji, Kenza, Khaled AlMakhadmeh, Khalid T. Al-Sarayreh, Anas Abuljadayel, Mohammad Khalaf. 2015. Towards A Requirements Model of System Security Using International Standards. International Journal of Software Engineering and Its Applications Vol. 9, No. 4.","journal-title":"International Journal of Software Engineering and Its Applications"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.142871"},{"key":"e_1_3_2_1_15_1","volume-title":"Security and Privacy Controls for Federal Information Systems and Organizations","author":"National Institute of Standards and Technology.","year":"2013","unstructured":"National Institute of Standards and Technology. Security and Privacy Controls for Federal Information Systems and Organizations . 2013 . Special Publication 800-53, Revision 4. National Institute of Standards and Technology. Security and Privacy Controls for Federal Information Systems and Organizations. 2013. Special Publication 800-53, Revision 4."},{"key":"e_1_3_2_1_16_1","volume-title":"REFSQ","author":"Paech B.","unstructured":"Paech , B. , Dutoit , A., Kerkow , D. , & von Knethen , A. 2002. Functional Requirements , Nonfunctional Requirements and Architecture Specification Cannot be Separated - A position paper , REFSQ Paech, B., Dutoit, A., Kerkow, D., & von Knethen, A. 2002. Functional Requirements, Nonfunctional Requirements and Architecture Specification Cannot be Separated - A position paper, REFSQ"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.2753\/MIS0742-1222240302"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/RePa.2012.6359977"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1002\/(SICI)1096-9942(1996)2:1%3C3::AID-TAPO1%3E3.0.CO;2-#"},{"key":"e_1_3_2_1_20_1","volume-title":"Requirements Engineering: A Good Practice Guide","author":"Sommerville Ian","year":"1997","unstructured":"Sommerville , Ian , & Pete Sawyer . 1997 . Requirements Engineering: A Good Practice Guide . John Wiley & Sons . Sommerville, Ian, & Pete Sawyer. 1997. Requirements Engineering: A Good Practice Guide. John Wiley & Sons."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SNPD-SAWN.2006.20"},{"key":"e_1_3_2_1_22_1","unstructured":"Symons Charles et al. 2015 Guideline on Non-Functional & Project Requirements. www.cosmic-sizin.org  Symons Charles et al. 2015 Guideline on Non-Functional & Project Requirements. www.cosmic-sizin.org"},{"key":"e_1_3_2_1_23_1","unstructured":"Symons Charles & Talmon Ben-Cnaan. 2015. COSMIC\/IFPUG Glossary of NFR and Project terms v. 1.0. www.cosmic-sizin.org.  Symons Charles & Talmon Ben-Cnaan. 2015. COSMIC\/IFPUG Glossary of NFR and Project terms v. 1.0. www.cosmic-sizin.org."},{"key":"e_1_3_2_1_24_1","volume-title":"Benchmarking & Estimating. UKSMA\/COSMIC International Conference on Software Metrics & Estimating","author":"Symons Charles","year":"2011","unstructured":"Symons , Charles . 2011 . Accounting for Non-Functional Requirements in Productivity Measurement , Benchmarking & Estimating. UKSMA\/COSMIC International Conference on Software Metrics & Estimating , London. Symons, Charles. 2011. Accounting for Non-Functional Requirements in Productivity Measurement, Benchmarking & Estimating. UKSMA\/COSMIC International Conference on Software Metrics & Estimating, London."},{"key":"e_1_3_2_1_25_1","unstructured":"Symons Charles. 2015. The COSMIC Functional Size Measurement Method Version 4.0.1 Guideline on Non-Functional & Project Requirements. www.cosmic-sizin.org.  Symons Charles. 2015. The COSMIC Functional Size Measurement Method Version 4.0.1 Guideline on Non-Functional & Project Requirements. www.cosmic-sizin.org."},{"key":"e_1_3_2_1_26_1","unstructured":"The Open Web Application Security Project (OWASP) www.owasp.org  The Open Web Application Security Project (OWASP) www.owasp.org"},{"key":"e_1_3_2_1_27_1","unstructured":"The Open Web Application Security Project (OWASP). 2016. Top 10 Proactive Controls -- v 2.0 https:\/\/www.owasp.org\/images\/5\/57\/OWASP_Proactive_Controls_2.pdf  The Open Web Application Security Project (OWASP). 2016. Top 10 Proactive Controls -- v 2.0 https:\/\/www.owasp.org\/images\/5\/57\/OWASP_Proactive_Controls_2.pdf"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/IWSM-Mensura.2016.016"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-05415-0_12"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24285-9_12"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-05415-0_23"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/IWSM.Mensura.2014.8"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-4666-9916-8.ch004"}],"event":{"name":"IWSM\/Mensura '17: 27th International Workshop on Software Measurement and 12th International Conference on Software Process and Product Measurement","location":"Gothenburg Sweden","acronym":"IWSM\/Mensura '17","sponsor":["SWC Software Center, University of Gothenburg, Sweden"]},"container-title":["Proceedings of the 27th International Workshop on Software Measurement and 12th International Conference on Software Process and Product Measurement"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3143434.3143461","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3143434.3143461","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:13:21Z","timestamp":1750212801000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3143434.3143461"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,25]]},"references-count":33,"alternative-id":["10.1145\/3143434.3143461","10.1145\/3143434"],"URL":"https:\/\/doi.org\/10.1145\/3143434.3143461","relation":{},"subject":[],"published":{"date-parts":[[2017,10,25]]},"assertion":[{"value":"2017-10-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}