{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,4,24]],"date-time":"2023-04-24T04:32:20Z","timestamp":1682310740355},"reference-count":66,"publisher":"Elsevier BV","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["SSRN Journal"],"DOI":"10.2139\/ssrn.4191447","type":"journal-article","created":{"date-parts":[[2022,8,17]],"date-time":"2022-08-17T06:16:23Z","timestamp":1660716983000},"source":"Crossref","is-referenced-by-count":0,"title":["Trustworthiness Models to Categorize and Prioritize Code for Security Improvement"],"prefix":"10.2139","author":[{"given":"Nadia","family":"Medeiros","sequence":"first","affiliation":[]},{"given":"Naghmeh","family":"Ivaki","sequence":"additional","affiliation":[]},{"given":"Pedro","family":"Costa","sequence":"additional","affiliation":[]},{"given":"Marco","family":"Vieira","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"ref1","author":"M Graff","year":"2003","journal-title":"Designing and implementing secure applications"},{"key":"ref2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.4018\/jdtis.2011040101","article-title":"Selecting secure web applications using trustworthiness benchmarking","volume":"2","author":"A Araujo Neto","year":"2013","journal-title":"International Journal of Dependable and Trustworthy Information Systems"},{"issue":"1","key":"ref3","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1109\/52.976940","article-title":"Improving security using extensible lightweight static analysis","volume":"19","author":"D Evans","year":"2002","journal-title":"IEEE software"},{"issue":"1","key":"ref4","article-title":"Survey on impact of software metrics on software quality","volume":"3","author":"M S Rawat","year":"2012","journal-title":"IJACSA) International Journal of Advanced Computer Science and Applications"},{"key":"ref5","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1109\/EDCC.2016.34","article-title":"Software metrics and security vulnerabilities: Dataset and exploratory study","author":"H Alves","year":"2016","journal-title":"12th European Dependable Computing Conference (EDCC"},{"issue":"4","key":"ref6","article-title":"A comparison of k-means clustering algorithm and clara clustering algorithm on iris dataset","volume":"7","author":"T Gupta","year":"2019","journal-title":"International Journal of Engineering & Technology"},{"key":"ref7","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1109\/PRDC.2018.00019","article-title":"An approach for trustworthiness benchmarking using software metrics","author":"N Medeiros","year":"2018","journal-title":"2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC)"},{"issue":"5","key":"ref8","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1109\/MS.2011.93","article-title":"A survey on open source software trustworthiness","volume":"28","author":"V Del Bianco","year":"2011","journal-title":"IEEE software"},{"issue":"1","key":"ref9","doi-asserted-by":"crossref","DOI":"10.1080\/23311908.2017.1389640","article-title":"Application of the heuristic-systematic model to computer code trustworthiness: The influence of reputation and transparency","volume":"4","author":"G M Alarcon","year":"2017","journal-title":"Cogent Psychology"},{"issue":"2","key":"ref10","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1177\/1555343416657236","article-title":"A descriptive model of computer code trustworthiness","volume":"11","author":"G M Alarcon","year":"2017","journal-title":"Journal of Cognitive Engineering and Decision Making"},{"issue":"10","key":"ref11","article-title":"Software trustworthiness evaluation using structural equation modeling","volume":"15","author":"R Deng","year":"2019","journal-title":"International Journal of Performability Engineering"},{"key":"ref12","doi-asserted-by":"crossref","first-page":"220","DOI":"10.1109\/IEEE.EDGE.2017.39","article-title":"Towards an approach for trustworthiness assessment of software as a service","author":"N Medeiros","year":"2017","journal-title":"2017 IEEE International Conference on Edge Computing (EDGE)"},{"key":"ref13","first-page":"1","author":"A S Horvath","year":"2015","journal-title":"Trust in cloud computing"},{"issue":"2","key":"ref14","doi-asserted-by":"crossref","first-page":"65","DOI":"10.2308\/isys-52626","article-title":"Trust in cloud-based services: A framework for consumer adoption of software as a service","volume":"34","author":"L S Lee","year":"2020","journal-title":"Journal of Information Systems"},{"key":"ref15","author":"L Qiu","year":"1985","journal-title":"Trusted computer system evaluation criteria"},{"key":"ref16","article-title":"Common criteria for information technology security evaluation: Smart card protection profile","volume":"3","year":"2001","journal-title":"SCSUG"},{"key":"ref17","article-title":"A structured approach to classifying security vulnerabilities","author":"R C Seacord","year":"2005","journal-title":"Carnegie Mellon Software Engineering Institute"},{"key":"ref18","doi-asserted-by":"crossref","first-page":"182","DOI":"10.1109\/DSNW.2011.5958810","article-title":"To benchmark or not to benchmark security: That is the question","author":"A A Neto","year":"2011","journal-title":"2011 IEEE\/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W)"},{"key":"ref19","author":"G Disterer","year":"2013","journal-title":"Iso\/iec 27000, 27001 and 27002 for information security management"},{"key":"ref20","first-page":"391","article-title":"Advanced security assurance case based on iso\/iec 15408","author":"O Potii","year":"2015","journal-title":"International Conference on Dependability and Complex Systems"},{"key":"ref21","author":"D Galin","year":"2004","journal-title":"Software quality assurance: from theory to implementation"},{"key":"ref22","author":"M Chemuturi","year":"2010","journal-title":"Mastering software quality assurance: best practices, tools and techniques for software developers"},{"key":"ref23","article-title":"Ieee standard 730-2014 software quality assurance processes","volume":"730","author":"D Heimann","year":"2014","journal-title":"IEEE Computer Society"},{"key":"ref24","author":"K Turpin","year":"2010","journal-title":"Owasp secure coding practices-quick reference guide"},{"key":"ref25","article-title":"Owasp iso iec 27034 application security controls project","author":"J Marcil","year":"2014","journal-title":"OWASP-Open Web Application Security Project"},{"key":"ref26","author":"L Poulin","year":"2008","journal-title":"Iso\/iec 27034 application security-overview"},{"key":"ref27","article-title":"Privacy by design -the 7 foundational principles -implementation and mapping of fair information practices","author":"A Cavoukian","year":"2009","journal-title":"Information & Privacy Commissioner"},{"issue":"5","key":"ref28","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1109\/MS.2004.1331309","article-title":"Measuring software product quality: A survey of iso\/iec 9126","volume":"21","author":"H Jung","year":"2004","journal-title":"IEEE software"},{"key":"ref29","author":"I Iso","year":"2009","journal-title":"Iso 15408-1: 2009, information technology-security techniques-evaluation criteria for it security"},{"key":"ref30","doi-asserted-by":"crossref","DOI":"10.4236\/jis.2013.42011","article-title":"Iso\/iec 27000, 27001 and 27002 for information security management","volume":"4","author":"G Disterer","year":"2013","journal-title":"Journal of Information Security"},{"key":"ref31","first-page":"1","author":"K Beckers","year":"2014","journal-title":"A structured comparison of security standards,\" in Engineering secure future internet services and systems"},{"key":"ref32","first-page":"74","article-title":"A survey on the applicability of safety, security and privacy standards in developing dependable systems","author":"L Shan","year":"2019","journal-title":"International Conference on Computer Safety, Reliability, and Security"},{"issue":"6","key":"ref33","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1109\/MSP.2004.111","article-title":"Static analysis for security","volume":"2","author":"B Chess","year":"2004","journal-title":"IEEE Security and Privacy"},{"issue":"1","key":"ref34","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1109\/MSP.2005.23","article-title":"Software penetration testing","volume":"3","author":"B Arkin","year":"2005","journal-title":"IEEE Security & Privacy"},{"key":"ref35","first-page":"1","article-title":"A case study of software security red teams at microsoft","author":"J Smith","year":"2020","journal-title":"2020 IEEE Symposium on Visual Languages and Human-Centric Computing (VL\/HCC"},{"key":"ref36","first-page":"463","article-title":"Improved metrics handling in sonarqube for software quality monitoring","author":"J Garc\ufffda-Munoz","year":"2016","journal-title":"Distributed Computing and Artificial Intelligence, 13th International Conference"},{"issue":"9","key":"ref37","first-page":"1682","article-title":"Sensei: Enforcing secure coding guidelines in the integrated development environment","volume":"50","author":"P De Cremer","year":"2020","journal-title":"Software: Practice and Experience"},{"key":"ref38","doi-asserted-by":"crossref","first-page":"336","DOI":"10.1016\/j.ress.2019.03.031","article-title":"Benchmarking static code analyzers","volume":"188","author":"J Herter","year":"2019","journal-title":"Reliability Engineering & System Safety"},{"key":"ref39","first-page":"1","article-title":"A study on penetration testing process and tools","author":"H M Z Al Shebli","year":"2018","journal-title":"2018 IEEE Long Island Systems, Applications and Technology Conference (LISAT)"},{"key":"ref40","doi-asserted-by":"crossref","first-page":"451","DOI":"10.1109\/ISSRE.2013.6698898","article-title":"Static analysis versus penetration testing: A controlled experiment","author":"R Scandariato","year":"2013","journal-title":"2013 IEEE 24th international symposium on software reliability engineering (ISSRE)"},{"key":"ref41","first-page":"19","article-title":"Software metrics for fault prediction using machine learning approaches: A literature review with promise repository dataset","author":"S Karim","year":"2017","journal-title":"2017 IEEE International Conference on Cybernetics and Computational Intelligence (CyberneticsCom)"},{"key":"ref42","author":"X Shen","year":"2018","journal-title":"Predicting vulnerable files by using machine learning method"},{"key":"ref43","article-title":"Vulnerable code detection using software metrics and machine learning","author":"N Medeiros","year":"2020","journal-title":"IEEE Access"},{"key":"ref44","article-title":"An empirical study on software metrics and machine learning to identify untrustworthy code","journal-title":"17th European Dependable Computing Conference (EDCC)"},{"key":"ref45","first-page":"56","article-title":"An analysis of multi-criteria decision making methods","volume":"10","author":"M Velasquez","year":"2013","journal-title":"International Journal of Operations Research"},{"key":"ref46","author":"N A Henrique Alves","year":"2016","journal-title":"A dataset of source code metrics and vulnerabilities"},{"key":"ref47","author":"Scitools","year":"2017","journal-title":"Understand static code analysis tool"},{"key":"ref48","first-page":"216","article-title":"Software metrics as indicators of security vulnerabilities","author":"N Medeiros","year":"2017","journal-title":"28th International Symposium on Software Reliability Engineering (ISSRE)"},{"key":"ref49","article-title":"A survey of decision tree classifier methodology","author":"S S","year":"1991","journal-title":"IEEE Transactions on Systems, Man, and Cybernetics"},{"issue":"1","key":"ref50","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1023\/A:1010933404324","article-title":"Random forests","volume":"45","author":"L Breiman","year":"2001","journal-title":"Machine learning"},{"key":"ref51","first-page":"39","article-title":"Support vector machines for classification -efficient learning machines: Theories, concepts, and applications for engineers and system designers","author":"M Awad","year":"2015","journal-title":"Efficient Learning Machines"},{"key":"ref52","doi-asserted-by":"crossref","first-page":"144","DOI":"10.1145\/130385.130401","article-title":"A training algorithm for optimal margin classifiers","author":"B Boser","year":"1992","journal-title":"COLT '92 Proceedings of the fifth annual workshop on Computational learning theory"},{"key":"ref53","doi-asserted-by":"crossref","first-page":"785","DOI":"10.1145\/2939672.2939785","article-title":"Xgboost: A scalable tree boosting system","author":"T Chen","year":"2016","journal-title":"Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining"},{"key":"ref54","doi-asserted-by":"crossref","first-page":"149","DOI":"10.1007\/978-0-387-21579-2_9","article-title":"The boosting approach to machine learning -an overview","volume":"171","author":"R Schapire","year":"2002","journal-title":"Nonlinear Estimation and Classification"},{"key":"ref55","author":"R C Team","year":"2017","journal-title":"The r project for statistical computing"},{"key":"ref56","author":"M Kuhn","year":"2016","journal-title":"The r caret package"},{"key":"ref57","author":"H Alshaher","year":"2021","journal-title":"Studying the effects of feature scaling in machine learning"},{"issue":"1","key":"ref58","article-title":"A survey on multi criteria decision making methods and its applications","volume":"1","author":"M Aruldoss","year":"2013","journal-title":"American Journal of Information Systems"},{"issue":"12","key":"ref59","article-title":"A survey of clustering techniques","volume":"7","author":"P Rai","year":"2010","journal-title":"International Journal of Computer Applications"},{"key":"ref60","article-title":"An overview of partitioning algorithms in clustering techniques","volume":"5","author":"S Saket","year":"2016","journal-title":"International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)"},{"key":"ref61","article-title":"Open issues for partitioning clustering methods: An overview","volume":"4","author":"M Barioni","year":"2014","journal-title":"Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery"},{"key":"ref62","first-page":"281","article-title":"Some methods for classification and analysis of multivariate observations","author":"J Macqueen","year":"1967","journal-title":"Proceedings of the Symposium on Mathematics and Probability"},{"key":"ref63","doi-asserted-by":"crossref","DOI":"10.1002\/9780470316801","author":"L Kaufman","year":"1990","journal-title":"Finding groups in data: An introduction to cluster analysis"},{"key":"ref64","doi-asserted-by":"crossref","first-page":"1135","DOI":"10.1145\/2939672.2939778","article-title":"why should i trust you?\" explaining the predictions of any classifier","author":"M T Ribeiro","year":"2016","journal-title":"Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining"},{"issue":"11","key":"ref65","doi-asserted-by":"crossref","first-page":"2548","DOI":"10.1109\/TIM.2014.2348632","article-title":"From measures to conclusions using analytic hierarchy process in dependability benchmarking","volume":"63","author":"M Martinez","year":"2014","journal-title":"IEEE Transactions on Instrumentation and Measurement"},{"issue":"3","key":"ref66","doi-asserted-by":"crossref","first-page":"281","DOI":"10.1016\/j.dss.2010.03.003","article-title":"Consensus models for ahp group decision making under row geometric mean prioritization method","volume":"49","author":"Y Dong","year":"2010","journal-title":"Decision Support Systems"}],"container-title":["SSRN Electronic Journal"],"original-title":[],"language":"en","deposited":{"date-parts":[[2023,4,23]],"date-time":"2023-04-23T19:02:21Z","timestamp":1682276541000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.ssrn.com\/abstract=4191447"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"references-count":66,"URL":"https:\/\/doi.org\/10.2139\/ssrn.4191447","relation":{},"ISSN":["1556-5068"],"issn-type":[{"value":"1556-5068","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2022]]},"published":{"date-parts":[[2022]]}}}