{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,5]],"date-time":"2026-01-05T02:50:55Z","timestamp":1767581455202,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":33,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,12,23]],"date-time":"2022-12-23T00:00:00Z","timestamp":1671753600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,12,23]]},"DOI":"10.1145\/3590837.3590860","type":"proceedings-article","created":{"date-parts":[[2023,5,30]],"date-time":"2023-05-30T18:36:51Z","timestamp":1685471811000},"page":"1-12","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Benchmark for Investigating the Security in Software Development Phases"],"prefix":"10.1145","author":[{"given":"Jameel A.","family":"Qurashi","sequence":"first","affiliation":[{"name":"University Institute of Computing, Chandigarh University, India"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6865-7493","authenticated-orcid":false,"given":"Sapandeep Singh","family":"Sandhu","sequence":"additional","affiliation":[{"name":"CSE, University Institute of Computing Chandigarh University, India"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5417-4004","authenticated-orcid":false,"given":"Purushottam Lal","family":"Bhari","sequence":"additional","affiliation":[{"name":"CSE, PIET, India"}]}],"member":"320","published-online":{"date-parts":[[2023,5,30]]},"reference":[{"issue":"6","key":"e_1_3_2_1_1_1","first-page":"75","article-title":"Taxonomy of security considerations and software quality","volume":"12","year":"2003","unstructured":"WANG, HUAIQING, AND CHEN WANG. Taxonomy of security considerations and software quality. Communications of the ACM 12.6 (2003): 75-78.","journal-title":"Communications of the ACM"},{"volume-title":"Proceedings of the conference on the future of Software engineering. ACM","year":"2000","key":"e_1_3_2_1_2_1","unstructured":"DEVANBU, PREMKUMAR T., AND STUART STUBBLEBINE. Software engineering for security: a roadmap. Proceedings of the conference on the future of Software engineering. ACM, 2000."},{"key":"e_1_3_2_1_3_1","unstructured":"C. Mann \u201cWhy Software is so Bad\u201d Technology Review (July\/August 2002)"},{"issue":"3","key":"e_1_3_2_1_4_1","first-page":"12","volume":"2","year":"2009","unstructured":"SHIRAZI H. M., A New Model for Secure Software Development. International Journal of Intelligent Information Technology Application, 2009, 2(3):12-19","journal-title":"International Journal of Intelligent Information Technology Application"},{"volume-title":"Industrial software metrics top 10 list","year":"1987","key":"e_1_3_2_1_5_1","unstructured":"BOEHM, BARRY W. Industrial software metrics top 10 list. IEEE software 4.5 (1987): 84-85."},{"key":"e_1_3_2_1_6_1","unstructured":"KHAN MUHAMMAD UMAIR AHMED AND MOHAMMAD ZULKERNINE. A Survey on Requirements and Design Methods for Secure Software Development. No. 2009- 222. Technical Report 2009."},{"key":"e_1_3_2_1_7_1","volume-title":"Computational Science and Engineering, 2009. CSE'09. International Conference on.","volume":"3","year":"2009","unstructured":"KHAN, MUHAMMAD UMAIR AHMED, AND MOHAMMAD ZULKERNINE. Activity and Artifact Views of a Secure Software Development Process. Computational Science and Engineering, 2009. CSE'09. International Conference on. Vol. 3. IEEE. 2009."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5815\/ijcnis.2012.11.03"},{"issue":"10","key":"e_1_3_2_1_9_1","first-page":"1122","article-title":"Understanding and controlling software costs. Software Engineering","volume":"14","year":"1988","unstructured":"BOEHM, BARRY W., AND PHILIP N. PAPACCIO. Understanding and controlling software costs. Software Engineering, IEEE Transactions on 14.10 (1988): 1122-1137.","journal-title":"IEEE Transactions on"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5381\/jot.2004.3.1.c3"},{"volume-title":"ACM","year":"2002","key":"e_1_3_2_1_11_1","unstructured":"J\u00dcRJENS, JAN. Using UMLsec and goal trees for secure systems development.\"Proceedings of the 2002 ACM symposium on applied computing. ACM, 2002"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.84"},{"volume-title":"Software requirements","year":"2009","key":"e_1_3_2_1_13_1","unstructured":"WIEGERS, KARL E. Software requirements. Microsoft press, 2009."},{"volume-title":"The Capability Maturity Model: Guidelines for Improving the Software Process","year":"1995","key":"e_1_3_2_1_14_1","unstructured":"PAULK, M. C., The Capability Maturity Model: Guidelines for Improving the Software Process. Addison Wesley. 1995."},{"volume-title":"Secure systems development with UML","year":"2004","key":"e_1_3_2_1_15_1","unstructured":"J\u00dcRJENS, JAN. Secure systems development with UML. Springer, 2004."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","unstructured":"LODDERSTEDT TORSTEN DAVID BASIN AND J\u00dcRGEN DOSER. SecureUML: A UML- based modeling language for model-driven security. \u00abUML\u00bb 2002\u2014The Unified Modeling Language (2002): 86-13.","DOI":"10.1007\/3-540-45800-X_33"},{"volume-title":"Security use cases. Journal of object technology 2.3","year":"2003","key":"e_1_3_2_1_17_1","unstructured":"FIRESMITH, DONALD G. Security use cases. Journal of object technology 2.3 (2003)."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-004-0194-4"},{"volume-title":"Computer Security Applications Conference, 1999.(ACSAC'99) Proceedings. 15th Annual. IEEE","year":"1999","key":"e_1_3_2_1_19_1","unstructured":"MCDERMOTT, JOHN, AND CHRIS FOX. Using abuse case models for security requirements analysis. Computer Security Applications Conference, 1999.(ACSAC'99) Proceedings. 15th Annual. IEEE, 1999."},{"volume-title":"ECBS 2006. 13th Annual IEEE International Symposium and Workshop on. IEEE","year":"2006","key":"e_1_3_2_1_20_1","unstructured":"HUSSEIN, MOHAMMED, AND MOHAMMAD ZULKERNINE. UMLintr: a UML profile for specifying intrusions.\" Engineering of Computer Based Systems, 2006. ECBS 2006. 13th Annual IEEE International Symposium and Workshop on. IEEE, 2006."},{"volume-title":"Reliability and Security, 2007. ARES 2007. The Second International Conference on. IEEE","year":"2007","key":"e_1_3_2_1_21_1","unstructured":"RAIHAN, MOHAMMAD, AND MOHAMMAD ZULKERNINE. AsmLSec: an extension of abstract state machine language for attack scenario specification. Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on. IEEE, 2007."},{"key":"e_1_3_2_1_22_1","volume-title":"AND UML FOR SECURE SOFTWARE DESIGN. Workshop on Formal Methods in Security Engineering: Proceedings of the 2004 ACM workshop on Formal methods in security engineering.","volume":"29","year":"2004","unstructured":"DOAN, THUONG, ET AL. \"MAC AND UML FOR SECURE SOFTWARE DESIGN. Workshop on Formal Methods in Security Engineering: Proceedings of the 2004 ACM workshop on Formal methods in security engineering. Vol. 29. No. 29. 2004."},{"issue":"9","key":"e_1_3_2_1_23_1","first-page":"1278","article-title":"The protection of information in computer systems","volume":"29","year":"1975","unstructured":"SALTZER, JEROME H., AND MICHAEL D. SCHROEDER. The protection of information in computer systems.\" Proceedings of the IEEE 29.9 (1975): 1278-1308.","journal-title":"Proceedings of the IEEE"},{"volume-title":"Introduction to computer security","year":"2004","key":"e_1_3_2_1_24_1","unstructured":"BISHOP, MATT. Introduction to computer security. Addison-Wesley Professional, 2004."},{"volume-title":"Writing secure code","year":"2009","key":"e_1_3_2_1_25_1","unstructured":"HOWARD, MICHAEL, AND DAVID LEBLANC. Writing secure code. Microsoft press, 2009."},{"volume-title":"Reliability and Security, 2008. ARES 08. Third International Conference on. IEEE","year":"2008","key":"e_1_3_2_1_26_1","unstructured":"PEINE, HOLGER. Rules of thumb for developing secure software: Analyzing and consolidating two proposed sets of rules. Availability, Reliability and Security, 2008. ARES 08. Third International Conference on. IEEE, 2008."},{"volume-title":"Agent UML: A formalism for specifying multiagent interaction. Agent-oriented software engineering","year":"2001","key":"e_1_3_2_1_27_1","unstructured":"BAUER, BERNHARD, J\u00d6RG P. M\u00dcLLER, AND JAMES ODELL. Agent UML: A formalism for specifying multiagent interaction. Agent-oriented software engineering. Vol. 1923. Springer, Berlin, 2001."},{"volume-title":"AND KENNETH VAN WYK. Secure coding: principles and practices","year":"2003","key":"e_1_3_2_1_28_1","unstructured":"GRAFF, MARK, AND KENNETH VAN WYK. Secure coding: principles and practices. O'Reilly Media, Incorporated, 2003."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"crossref","unstructured":"HOLZMANN GERARD J. The power of 10: rules for developing safety-critical code.\"Computer 5.6 (2006): 95-99.","DOI":"10.1109\/MC.2006.212"},{"volume-title":"Automated security test generation with formal threat models. Dependable and Secure Computing","year":"2012","key":"e_1_3_2_1_30_1","unstructured":"Xu, D., Tu, M., Sanford, M., Thomas, L., Woodraska, D., & Xu, W. (2012). Automated security test generation with formal threat models. Dependable and Secure Computing, IEEE Transactions on, 9(4), 186-22."},{"issue":"3","key":"e_1_3_2_1_31_1","first-page":"12","volume":"2","year":"2009","unstructured":"SHIRAZI H. M., A New Model for Secure Software Development. International Journal of Intelligent Information Technology Application, 2009, 2(3):12-19","journal-title":"International Journal of Intelligent Information Technology Application"},{"volume-title":"copyright \u00a9 2019-2020 [modified","year":"2020","key":"e_1_3_2_1_32_1","unstructured":"Carnegie mellon university, copyright \u00a9 2019-2020 [modified: March 12, 2020], cert, http:\/\/www.cert.org\/stats\/"},{"key":"e_1_3_2_1_33_1","first-page":"17","volume-title":"Proceedings of the international MultiConference of Engineers and Computer Scientists (Vol. 1","year":"2010","unstructured":"DAUD, M. I. (2010, March). Secure software development model: A guide for secure software life cycle. In Proceedings of the international MultiConference of Engineers and Computer Scientists (Vol. 1, pp. 17-19)"}],"event":{"name":"ICIMMI 2022: International Conference on Information Management & Machine Intelligence","acronym":"ICIMMI 2022","location":"Jaipur India"},"container-title":["Proceedings of the 4th International Conference on Information Management & Machine Intelligence"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3590837.3590860","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3590837.3590860","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,5]],"date-time":"2026-01-05T02:47:38Z","timestamp":1767581258000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3590837.3590860"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,12,23]]},"references-count":33,"alternative-id":["10.1145\/3590837.3590860","10.1145\/3590837"],"URL":"https:\/\/doi.org\/10.1145\/3590837.3590860","relation":{},"subject":[],"published":{"date-parts":[[2022,12,23]]},"assertion":[{"value":"2023-05-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}