{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:29:15Z","timestamp":1750220955675,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,5,20]],"date-time":"2019-05-20T00:00:00Z","timestamp":1558310400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,5,20]]},"DOI":"10.1145\/3330204.3330257","type":"proceedings-article","created":{"date-parts":[[2019,8,13]],"date-time":"2019-08-13T14:53:19Z","timestamp":1565707999000},"page":"1-8","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Vulnerability detection techniques and tools and their relationship to agile methods and software quality and service models"],"prefix":"10.1145","author":[{"given":"L\u00edgia C\u00e1ssia M. C.","family":"Santos","sequence":"first","affiliation":[{"name":"Universidade de S\u00e3o Paulo, Rua Arlindo Bettio, S\u00e3o Paulo, SP"}]},{"given":"Edmir Parada V.","family":"Prado","sequence":"additional","affiliation":[{"name":"Universidade de S\u00e3o Paulo, Rua Arlindo Bettio, S\u00e3o Paulo, SP"}]},{"given":"Marcos Lordello","family":"Chaim","sequence":"additional","affiliation":[{"name":"Universidade de S\u00e3o Paulo, Rua Arlindo Bettio, S\u00e3o Paulo, SP"}]}],"member":"320","published-online":{"date-parts":[[2019,5,20]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Software Engineering, 9a edition. Pearson Education","author":"Sommerville I.","year":"2011","unstructured":"I. Sommerville . Software Engineering, 9a edition. Pearson Education , Boston, Massachusetts , 2011 . I. Sommerville. Software Engineering, 9a edition. Pearson Education, Boston, Massachusetts, 2011."},{"key":"e_1_3_2_1_2_1","volume-title":"Extreme programming explained: Embrace change, 2a edition","author":"Beck K.","year":"2000","unstructured":"K. Beck . Extreme programming explained: Embrace change, 2a edition . Addison -Wesley, Upper Saddle River, NJ , 2000 . K. Beck. Extreme programming explained: Embrace change, 2a edition. Addison -Wesley, Upper Saddle River, NJ, 2000."},{"key":"e_1_3_2_1_3_1","volume-title":"OWASP Top Ten. Dispon\u00edvel em: <https:\/\/www.owasp.org\/index.php\/Top_10-2017_Top_10>. Acesso em 30\/09\/2017","author":"OWASP.","year":"2017","unstructured":"OWASP. OWASP Top Ten. Dispon\u00edvel em: <https:\/\/www.owasp.org\/index.php\/Top_10-2017_Top_10>. Acesso em 30\/09\/2017 , 2017 . OWASP. OWASP Top Ten. Dispon\u00edvel em: <https:\/\/www.owasp.org\/index.php\/Top_10-2017_Top_10>. Acesso em 30\/09\/2017, 2017."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/1202957"},{"key":"e_1_3_2_1_5_1","volume-title":"Universidade Estadual Paulista-UNESP, Programa de P\u00f3s-Gradua\u00e7\u00e3o em Ci\u00eancia da Informa\u00e7\u00e3o, 9(1), 1--28","author":"Vianna E. W","year":"2015","unstructured":"E. W , Vianna & J. H. C. , Fernandes . O gestor da seguran\u00e7a da informa\u00e7\u00e3o no espa\u00e7o cibern\u00e9tico governamental. Brazilian Journal of Information Science , Universidade Estadual Paulista-UNESP, Programa de P\u00f3s-Gradua\u00e7\u00e3o em Ci\u00eancia da Informa\u00e7\u00e3o, 9(1), 1--28 , 2015 . E. W, Vianna & J. H. C., Fernandes. O gestor da seguran\u00e7a da informa\u00e7\u00e3o no espa\u00e7o cibern\u00e9tico governamental. Brazilian Journal of Information Science, Universidade Estadual Paulista-UNESP, Programa de P\u00f3s-Gradua\u00e7\u00e3o em Ci\u00eancia da Informa\u00e7\u00e3o, 9(1), 1--28, 2015."},{"key":"e_1_3_2_1_6_1","volume-title":"Software security: building security","author":"McGraw G.","year":"2006","unstructured":"G. McGraw . Software security: building security in. Addison-Wesley Professional , 1a edition, 2006 . G. McGraw. Software security: building security in. Addison-Wesley Professional, 1a edition, 2006."},{"key":"e_1_3_2_1_7_1","volume-title":"OWASP CLASP Concepts. Dispon\u00edvel em: <https:\/\/www.owasp.org\/index.php\/CLASP_Concepts>. Acesso em 30\/09\/2017","author":"OWASP.","year":"2016","unstructured":"OWASP. OWASP CLASP Concepts. Dispon\u00edvel em: <https:\/\/www.owasp.org\/index.php\/CLASP_Concepts>. Acesso em 30\/09\/2017 , 2016 . OWASP. OWASP CLASP Concepts. Dispon\u00edvel em: <https:\/\/www.owasp.org\/index.php\/CLASP_Concepts>. Acesso em 30\/09\/2017, 2016."},{"volume-title":"Identifying emerging security concepts using software artifacts through an experimental case","year":"2015","key":"e_1_3_2_1_8_1","unstructured":"G., M\u00e1rquez, P., Silvia, R., Noel., S., Matalonga., & H., Astudillo. Identifying emerging security concepts using software artifacts through an experimental case . In Chilean Computer Science Society (SCCC) , 1--6, 2015 . G., M\u00e1rquez, P., Silvia, R., Noel., S., Matalonga., & H., Astudillo. Identifying emerging security concepts using software artifacts through an experimental case. In Chilean Computer Science Society (SCCC), 1--6, 2015."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2011.82"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2015.45"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-57633-6_13"},{"key":"e_1_3_2_1_12_1","volume-title":"An empirical study on the relationship between software security skills, usage and training needs in agile settings\". Availability, Reliability, and Security in Information Systems","author":"Oyetoyan T. D.","year":"2016","unstructured":"T. D. , Oyetoyan , D. S. , Cruzes , and M. J. Gilje . \" An empirical study on the relationship between software security skills, usage and training needs in agile settings\". Availability, Reliability, and Security in Information Systems , 2016 . T. D., Oyetoyan, D. S., Cruzes, and M. J. Gilje. \"An empirical study on the relationship between software security skills, usage and training needs in agile settings\". Availability, Reliability, and Security in Information Systems, 2016."},{"key":"e_1_3_2_1_13_1","volume-title":"Extending the agile development process to develop acceptably secure software, 11(6), 497--509","author":"Othmane Ben","year":"2014","unstructured":"L., Ben Othmane , P., Angin, H., Weffers, & B., Bhargava. Extending the agile development process to develop acceptably secure software, 11(6), 497--509 , 2014 . L., Ben Othmane, P., Angin, H., Weffers, & B., Bhargava. Extending the agile development process to develop acceptably secure software, 11(6), 497--509, 2014."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SESS.2007.7"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2015.45"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2016.103"},{"issue":"3","key":"e_1_3_2_1_17_1","article-title":"A review of security integration technique in agile software development","volume":"7","author":"Pakistan R.","year":"2016","unstructured":"R, Khaim, S., Naz, F., Abbas, N., Iqbal, M., Hamayun, and R. Pakistan . A review of security integration technique in agile software development . International Journal of Software Engineering & Applications , 7 ( 3 ), 2016 . R, Khaim, S., Naz, F., Abbas, N., Iqbal, M., Hamayun, and R.Pakistan. A review of security integration technique in agile software development. International Journal of Software Engineering & Applications, 7(3), 2016.","journal-title":"International Journal of Software Engineering & Applications"},{"key":"e_1_3_2_1_18_1","volume-title":"A Structured approach to classifying security vulnerabilities. CMU SEI. Dispon\u00edvel em: <https:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?assetid=7377>. Acesso em: 30\/09\/2017","author":"Seacord R. C.","year":"2005","unstructured":"R. C. Seacord and A. D. Householder . A Structured approach to classifying security vulnerabilities. CMU SEI. Dispon\u00edvel em: <https:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?assetid=7377>. Acesso em: 30\/09\/2017 , 2005 . R. C. Seacord and A. D. Householder. A Structured approach to classifying security vulnerabilities. CMU SEI. Dispon\u00edvel em: <https:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?assetid=7377>. Acesso em: 30\/09\/2017, 2005."},{"key":"e_1_3_2_1_19_1","volume-title":"National Vulnerability Database - NVD. Dispon\u00edvel em: <https:\/\/nvd.nist.gov\/vuln>. Acesso: em 30\/09\/2017","author":"NIST. National Institute of Standards and Technology.","year":"2009","unstructured":"NIST. National Institute of Standards and Technology. National Vulnerability Database - NVD. Dispon\u00edvel em: <https:\/\/nvd.nist.gov\/vuln>. Acesso: em 30\/09\/2017 , 2009 . NIST. National Institute of Standards and Technology. National Vulnerability Database - NVD. Dispon\u00edvel em: <https:\/\/nvd.nist.gov\/vuln>. Acesso: em 30\/09\/2017, 2009."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/566171.566190"},{"key":"e_1_3_2_1_21_1","volume-title":"Computer security. Pearson Education","author":"Stallings W.","year":"2012","unstructured":"W. Stallings . Computer security. Pearson Education , Boston, Massachusetts , 2a edition, 2012 . W. Stallings. Computer security. Pearson Education, Boston, Massachusetts, 2a edition, 2012."},{"key":"e_1_3_2_1_22_1","first-page":"1","volume-title":"Cadernos UniFOA","author":"Pinheiro J. M. S.","year":"2011","unstructured":"J. M. S. Pinheiro . Amea\u00e7as e ataques aos sistemas de informa\u00e7\u00e3o: Prevenir e antecipar . In Cadernos UniFOA , pages 1 -- 11 . UniFOA , 2011 . J. M. S. Pinheiro. Amea\u00e7as e ataques aos sistemas de informa\u00e7\u00e3o: Prevenir e antecipar. In Cadernos UniFOA, pages 1--11. UniFOA, 2011."},{"key":"e_1_3_2_1_23_1","volume-title":"Resposta e Tratamento a Incidentes de Seguran\u00e7a no Brasil. Cartilha de seguran\u00e7a para internet: ataques na internet. Dispon\u00edvel em: <https:\/\/cartilha.cert.br\/>. Acesso em: 30\/09\/2017","author":"de Estudos Centro","year":"2012","unstructured":"CERT.br. Centro de Estudos , Resposta e Tratamento a Incidentes de Seguran\u00e7a no Brasil. Cartilha de seguran\u00e7a para internet: ataques na internet. Dispon\u00edvel em: <https:\/\/cartilha.cert.br\/>. Acesso em: 30\/09\/2017 , 2012 . CERT.br. Centro de Estudos, Resposta e Tratamento a Incidentes de Seguran\u00e7a no Brasil. Cartilha de seguran\u00e7a para internet: ataques na internet. Dispon\u00edvel em: <https:\/\/cartilha.cert.br\/>. Acesso em: 30\/09\/2017, 2012."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.36311\/1981-1640.2015.v9n1.05.p65"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.55"},{"key":"e_1_3_2_1_26_1","first-page":"1","volume-title":"IEEE Standard classification for software anomalies","author":"I. Group","year":"2010","unstructured":"I. Group . IEEE Standard classification for software anomalies . In IEEE Standards Associations , pages 1 -- 24 . IEEE, 2010 . I. Group. IEEE Standard classification for software anomalies. In IEEE Standards Associations, pages 1--24. IEEE, 2010."},{"key":"e_1_3_2_1_27_1","first-page":"1","volume-title":"Toler\u00e2ncia a falhas: Conceitos e exemplos","author":"Weber T. S.","year":"2003","unstructured":"T. S. Weber . Toler\u00e2ncia a falhas: Conceitos e exemplos . In : Programa de P\u00f3s-Gradua\u00e7\u00e3o--Instituto de Inform\u00e1tica-UFRGS , pages 1 -- 5 , 2003 . T. S. Weber. Toler\u00e2ncia a falhas: Conceitos e exemplos. In: Programa de P\u00f3s-Gradua\u00e7\u00e3o--Instituto de Inform\u00e1tica-UFRGS, pages 1--5, 2003."},{"key":"e_1_3_2_1_28_1","first-page":"1","volume-title":"Attacking malicious code","year":"2000","unstructured":"McGraw, G., and Morrissett, G . Attacking malicious code . In IEEE Computer Society , pages 1 -- 11 . IEEE, 2000 . McGraw, G., and Morrissett, G. Attacking malicious code. In IEEE Computer Society, pages 1--11. IEEE, 2000."},{"key":"e_1_3_2_1_29_1","volume-title":"Computer security: art and science","author":"M.","year":"2003","unstructured":"Bishop, M. Computer security: art and science . Addison-Wesley Professional , 2003 . Bishop, M. Computer security: art and science. Addison-Wesley Professional, 2003."},{"key":"e_1_3_2_1_30_1","volume-title":"Gest\u00e3o da Terceiriza\u00e7\u00e3o da Tecnologia da Informa\u00e7\u00e3o Baseada nas Pr\u00e1ticas de Governan\u00e7a In International Conference on Information Systems and Technology Management","author":"Cristofoli F.","year":"2012","unstructured":"F. Cristofoli , E. P. V. Prado , and H. Takaoka . Gest\u00e3o da Terceiriza\u00e7\u00e3o da Tecnologia da Informa\u00e7\u00e3o Baseada nas Pr\u00e1ticas de Governan\u00e7a In International Conference on Information Systems and Technology Management . 2012 . F. Cristofoli, E. P. V. Prado, and H. Takaoka. Gest\u00e3o da Terceiriza\u00e7\u00e3o da Tecnologia da Informa\u00e7\u00e3o Baseada nas Pr\u00e1ticas de Governan\u00e7a In International Conference on Information Systems and Technology Management. 2012."},{"volume-title":"IT Service Management. What is ITIL? Dispon\u00edvel em: <https:\/\/www.axelos.com\/best-practice-solutions\/itil\/what-is-it-service-management>. Acesso em 30\/09\/2017","year":"2018","key":"e_1_3_2_1_31_1","unstructured":"Axelos. IT Service Management. What is ITIL? Dispon\u00edvel em: <https:\/\/www.axelos.com\/best-practice-solutions\/itil\/what-is-it-service-management>. Acesso em 30\/09\/2017 , 2018 . Axelos. IT Service Management. What is ITIL? Dispon\u00edvel em: <https:\/\/www.axelos.com\/best-practice-solutions\/itil\/what-is-it-service-management>. Acesso em 30\/09\/2017, 2018."},{"key":"e_1_3_2_1_32_1","volume-title":"IT What Is Capability Maturity Model Integration (CMMI)\u00ae? Dispon\u00edvel:<https:\/\/cmmiinstitute.com\/>. Acesso em 30\/09\/2017","author":"CMMI.","year":"2018","unstructured":"CMMI. IT What Is Capability Maturity Model Integration (CMMI)\u00ae? Dispon\u00edvel:<https:\/\/cmmiinstitute.com\/>. Acesso em 30\/09\/2017 , 2018 . CMMI. IT What Is Capability Maturity Model Integration (CMMI)\u00ae? Dispon\u00edvel:<https:\/\/cmmiinstitute.com\/>. Acesso em 30\/09\/2017, 2018."},{"volume-title":"Guia Geral de Software. Dispon\u00edvel em:<https:\/\/www.softex.br\/mpsbr\/guias\/>. Acesso em 30\/09\/2017","year":"2016","key":"e_1_3_2_1_33_1","unstructured":"Softex. Guia Geral de Software. Dispon\u00edvel em:<https:\/\/www.softex.br\/mpsbr\/guias\/>. Acesso em 30\/09\/2017 , 2016 . Softex. Guia Geral de Software. Dispon\u00edvel em:<https:\/\/www.softex.br\/mpsbr\/guias\/>. Acesso em 30\/09\/2017, 2016."},{"key":"e_1_3_2_1_34_1","volume-title":"Rinehart Winston","author":"Wrightman L. S.","year":"1976","unstructured":"L. S. Wrightman , S. W. Cook , and C. Selltiz . Research Methods in Social Relations, 3a edition. Holt , Rinehart Winston , New York , 1976 . L. S. Wrightman, S. W. Cook, and C. Selltiz. Research Methods in Social Relations, 3a edition. Holt, Rinehart Winston, New York, 1976."},{"key":"e_1_3_2_1_35_1","volume-title":"Marketing research, 7a edition","author":"Aaker D. A.","year":"2004","unstructured":"D. A. Aaker , V. Kumar , G. S. Day . Marketing research, 7a edition . John Wiley's & Sons , New York, USA , 2004 . D. A. Aaker, V. Kumar, G. S. Day. Marketing research, 7a edition. John Wiley's & Sons, New York, USA, 2004."},{"key":"e_1_3_2_1_36_1","volume-title":"International Student Edition","author":"Kinnear T. C.","year":"1979","unstructured":"T. C. Kinnear , and J. R. Taylor . Marketing Research: an applied approach ., International Student Edition , McGraw-Hill , Tokyo , 1979 . T. C. Kinnear, and J. R. Taylor. Marketing Research: an applied approach., International Student Edition, McGraw-Hill, Tokyo, 1979."},{"key":"e_1_3_2_1_37_1","volume-title":"Adventures in Social Research","author":"Babbie E.","year":"2000","unstructured":"E. Babbie , E. Halley , and F. J. Zanino . Adventures in Social Research . California : Sage Publications , 2000 . E. Babbie, E. Halley, and F. J. Zanino. Adventures in Social Research. California: Sage Publications, 2000."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"crossref","DOI":"10.1093\/oso\/9780198522294.001.0001","volume-title":"Statistical methods, experimental design, and scientific inference","author":"Fisher R. A.","year":"1990","unstructured":"R. A. Fisher , J. H. Bennett . Statistical methods, experimental design, and scientific inference , 1990 . R. A. Fisher, J. H. Bennett. Statistical methods, experimental design, and scientific inference, 1990."},{"key":"e_1_3_2_1_39_1","volume-title":"Instrumento do survey. Dispon\u00edvel em:<https:\/\/github.com\/SAEG1\/InstrumentoEstudodeCaso.git\/> Acesso em 08\/03\/2019","author":"Santos L. C. M. C.","year":"2018","unstructured":"L. C. M. C. Santos ., M. L. Chaim ., E. P. V. Prado . Instrumento do survey. Dispon\u00edvel em:<https:\/\/github.com\/SAEG1\/InstrumentoEstudodeCaso.git\/> Acesso em 08\/03\/2019 , 2018 . L. C. M. C. Santos., M. L. Chaim., E. P. V. Prado. Instrumento do survey. Dispon\u00edvel em:<https:\/\/github.com\/SAEG1\/InstrumentoEstudodeCaso.git\/> Acesso em 08\/03\/2019, 2018."}],"event":{"name":"SBSI'19: XV Brazilian Symposium on Information Systems","sponsor":["SBC Brazilian Computer Society"],"location":"Aracaju Brazil","acronym":"SBSI'19"},"container-title":["Proceedings of the XV Brazilian Symposium on Information Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3330204.3330257","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3330204.3330257","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:54:05Z","timestamp":1750204445000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3330204.3330257"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,5,20]]},"references-count":39,"alternative-id":["10.1145\/3330204.3330257","10.1145\/3330204"],"URL":"https:\/\/doi.org\/10.1145\/3330204.3330257","relation":{},"subject":[],"published":{"date-parts":[[2019,5,20]]},"assertion":[{"value":"2019-05-20","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}