-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbibliography.bib
214 lines (196 loc) · 9.87 KB
/
bibliography.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
@techreport{ISO9126,
type = {Standard},
key = {ISO 9126-1},
author = {ISO 9126-1},
year = {2000},
title = {Information technology — Software product quality},
subtitle = {Part 1: Quality model},
address = {Geneva, CH},
institution = {International Organization for Standardization}
}
@techreport{ISO25010,
author = {ISO 25010},
key = {ISO 25010},
type = {Standard},
year = {2011},
title = {Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) - System and software quality models},
address = {Geneva, CH},
institution = {International Organization for Standardization}
}
@article{IEEE1517,
author = {},
journal = {IEEE Std 1517-2010 (Revision of IEEE Std 1517-1999)},
title = {IEEE Standard for Information Technology--System and Software Life Cycle Processes--Reuse Processes},
year = {2010},
volume = {},
number = {},
pages = {1-51},
doi = {10.1109/IEEESTD.2010.5551093}
}
@article{IEEE24765,
author = {},
journal = {ISO/IEC/IEEE 24765:2017(E)},
title = {ISO/IEC/IEEE International Standard - Systems and software engineering--Vocabulary},
year = {2017},
volume = {},
number = {},
pages = {1-541},
doi = {10.1109/IEEESTD.2017.8016712}
}
@inproceedings{maintainability_metrics,
author = {Heitlager, Ilja and Kuipers, Tobias and Visser, Joost},
booktitle = {6th International Conference on the Quality of Information and Communications Technology (QUATIC 2007)},
title = {A Practical Model for Measuring Maintainability},
year = {2007},
volume = {},
number = {},
pages = {30-39},
doi = {10.1109/QUATIC.2007.8},
organization = {IEEE}
}
@misc{scc,
author = {Ben Boyter},
howpublished = {\url{https://github.com/boyter/scc}},
title = {Sloc Cloc and Code (scc)},
year = {2022},
commit = {401ff326fc05d0ca4b2caab70881e68f83b7b119},
publisher = {Github}
}
@techreport{ISO7498-2,
type = {Standard},
key = {ISO 7498-2},
author = {ISO 7498-2},
year = {1989},
title = {Information processing systems -Open Systems lnterconnection -Basic Reference Model},
subtitle = {Part 2: Security Architecture},
address = {Geneva, CH},
institution = {International Organization for Standardization}
}
@techreport{ISO27000,
type = {Standard},
key = {ISO 27000},
author = {ISO 27000},
year = {2018},
title = {Information technology — Security techniques — Information security management systems — Overview and vocabulary},
address = {Geneva, CH},
institution = {International Organization for Standardization}
}
@book{BSI_2022, address={Bonn},
series={Die Lage der IT-Sicherheit in Deutschland},
title={Die Lage der IT-Sicherheit in Deutschland 2022},
callNumber={+49 (0) 22899 9582-0},
url={https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2022.html},
number={BSI-LB22/511},
institution={Bundesamt für Sicherheit in der Informationstechnik (BSI)},
author={BSI},
year={2022},
month={Oct},
pages={115},
collection={Die Lage der IT-Sicherheit in Deutschland},
language={de}
}
@article{Roshaidie_Liang_Jun_Yew_Fatima-Tuz-Zahra_2020,
title={Importance of Secure Software Development Processes and Tools for Developers},
url={https://arxiv.org/abs/2012.15153},
DOI={10.48550/ARXIV.2012.15153},
abstractNote={In this research paper of secure software systems, authors have discussed what the proper development process is when it comes to creating a secure software, which will be suited for developers and relevent stakeholders alike. Secure Software Development Process for Developers is of crucial importance for software engineers as more and more software-based devices are becoming commonly available, and cloud services are evolving which require for the software to be constantly connected to the internet. With this in mind, Secure Software Development needs to be transformed to something most developers can rely upon to make applied software safe and have the capability to mitigate against potential attacks by hackers. Furthermore, in this paper, existing Secure Software Development Process ideas and implementations are reviewed and investigated using the research paper pool available online. Thereafter, an approach is proposed to enhance the security aspect in software development process to resolve security issues. Lastly, the paper concludes with final remarks on practical implementation of security features in software development phases for production of secure and reliable software programs and systems.},
author={Roshaidie, Muhammad Danish and Liang, William Pang Han and Jun, Calvin Goh Kai and Yew, Kok Hong and Fatima-Tuz-Zahra},
year={2020}
}
@misc{Statistik_Cybersecurity_2022,
title={Beschwerden über Internetkriminalität in den USA 2021},
url={https://de.statista.com/statistik/daten/studie/154433/umfrage/beschwerden-ueber-internetkriminalitaet-seit-2000/},
abstractNote={Diese Statistik zeigt die Anzahl der jährlich eingehenden Beschwerden über Internetkriminalität auf der Website des Investigation Internet Crime Complaint Center (iC3) des FBI von 2000 bis 2021.},
journal={Statista},
author={Statista Research Department},
year={2022},
month={Dec},
language={de}
}
@inbook{Tahaei_Jenkins_Vaniea_Wolters_2021,
address={Cham},
title={“I Don't Know Too Much About It”: On the Security Mindsets of Computer Science Students},
volume={11739},
ISBN={9783030559571 9783030559588},
url={https://link.springer.com/10.1007/978-3-030-55958-8_2},
DOI={10.1007/978-3-030-55958-8_2},
booktitle={Socio-Technical Aspects in Security and Trust},
publisher={Springer International Publishing},
author={Tahaei, Mohammad and Jenkins, Adam and Vaniea, Kami and Wolters, Maria},
editor={Groß, Thomas and Tryfonas, Theo},
year={2021},
pages={27-46},
language={en}
}
# Quellen IT-Sec Part 2
@inproceedings{Jain2014SecurityMA,
title={Security Metrics and Software Development Progression},
author={Smriti Jain and Maya Ingle},
year={2014}
}
@inproceedings{Chowdhury_Chan_Zulkernine_2008,
address={Leipzig Germany},
title={Security metrics for source code structures},
ISBN={9781605580425},
url={https://dl.acm.org/doi/10.1145/1370905.1370913},
DOI={10.1145/1370905.1370913},
booktitle={Proceedings of the fourth international workshop on Software engineering for secure systems},
publisher={ACM},
author={Chowdhury, Istehad and Chan, Brian and Zulkernine, Mohammad},
year={2008},
month={May},
pages={57-64},
language={en}
}
@inproceedings{Wang_Wang_Guo_Xia_2009,
address={Clemson South Carolina},
title={Security metrics for software systems},
ISBN={9781605584218},
url={https://dl.acm.org/doi/10.1145/1566445.1566509},
DOI={10.1145/1566445.1566509},
booktitle={Proceedings of the 47th Annual Southeast Regional Conference},
publisher={ACM},
author={Wang, Ju An and Wang, Hao and Guo, Minzhe and Xia, Min},
year={2009},
month={Mar},
pages={1-6},
language={en}
}
# Metaanalysen
@inproceedings{MeFlado_Fernández-Medina_Piattini_2010,
address={Copenhagen Denmark},
title={A comparison of software design security metrics},
ISBN={9781450301794},
url={https://dl.acm.org/doi/10.1145/1842752.1842797},
DOI={10.1145/1842752.1842797},
booktitle={Proceedings of the Fourth European Conference on Software Architecture: Companion Volume},
publisher={ACM},
author={Mellado, Daniel and Fernández-Medina, Eduardo and Piattini, Mario},
year={2010},
month={Aug},
pages={236-242},
language={en}
}
@article{Pendleton_Garcia-Lebron_Cho_Xu_2016,
title={A Survey on Systems Security Metrics},
volume={49},
url={https://doi.org/10.1145/3005714},
DOI={10.1145/3005714},
abstractNote={Security metrics have received significant attention. However, they have not been systematically explored based on the understanding of attack-defense interactions, which are affected by various factors, including the degree of system vulnerabilities, the power of system defense mechanisms, attack (or threat) severity, and situations a system at risk faces. This survey particularly focuses on how a system security state can evolve as an outcome of cyber attack-defense interactions. This survey concerns how to measure system-level security by proposing a security metrics framework based on the following four sub-metrics: (1) metrics of system vulnerabilities, (2) metrics of defense power, (3) metrics of attack or threat severity, and (4) metrics of situations. To investigate the relationships among these four sub-metrics, we propose a hierarchical ontology with four sub-ontologies corresponding to the four sub-metrics and discuss how they are related to each other. Using the four sub-metrics, we discuss the state-of-art existing security metrics and their advantages and disadvantages (or limitations) to obtain lessons and insight in order to achieve an ideal goal in developing security metrics. Finally, we discuss open research questions in the security metrics research domain and we suggest key factors to enhance security metrics from a system security perspective.},
number={4},
journal={ACM Computing Surveys},
author={Pendleton, Marcus and Garcia-Lebron, Richard and Cho, Jin-Hee and Xu, Shouhuai},
year={2016},
month={Dec},
pages={62:1-62:35}
}
@misc{Redhat_CVE,
title={Was bedeutet CVE?},
url={https://www.redhat.com/de/topics/security/what-is-cve},
abstractNote={CVE, kurz für Common Vulnerabilities and Exposures (Häufige Schwachstellen und Risiken), ist eine Liste mit öffentlichen Sicherheitsschwachstellen in Computersystemen.},
journal={RedHat},
author={RedHat},
year={2021},
month={Nov},
language={de}
}