Threat Modeling

Building More Secure Software with Improved Development Processes

IEEE Security and Privacy

Application Penetration Testing

IEEE Security and Privacy

Software Penetration Testing

IEEE Security and Privacy

Attacking information visualization system usability overloading and deceiving the human

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security

A threat-driven approach to modeling and verifying secure software

Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering

An advisor for web services security policies

Proceedings of the 2005 workshop on Secure web services

Toward a threat model for storage systems

Proceedings of the 2005 ACM workshop on Storage security and survivability

Towards agile security in web applications

Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications

Teaching software security with threat modeling: conference workshop

Journal of Computing Sciences in Colleges

Secure Bit: Transparent, Hardware Buffer-Overflow Protection

IEEE Transactions on Dependable and Secure Computing

Secure software engineering teaching modules

InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development

Threading secure coding principles and risk analysis into the undergraduate computer science and information systems curriculum

InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development

Research Directions in Requirements Engineering

FOSE '07 2007 Future of Software Engineering

Test-Driven Development of Relational Databases

IEEE Software

A Threat Model Driven Approach for Security Testing

SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems

Checking threat modeling data flow diagrams for implementation conformance and security

Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering

Aspect-oriented specification of threat-driven security requirements

International Journal of Computer Applications in Technology

Towards a threat model for mobile ad-hoc networks

ISP'06 Proceedings of the 5th WSEAS International Conference on Information Security and Privacy

Executable misuse cases for modeling security concerns

Proceedings of the 30th international conference on Software engineering

A security thread in a thread-based curriculum

SIGITE '08 Proceedings of the 9th ACM SIGITE conference on Information technology education

Strata-Gem: risk assessment through mission modeling

Proceedings of the 4th ACM workshop on Quality of protection

Evolution of the MTA architecture: the impact of security

Software—Practice & Experience

Enhancing research into usable privacy and security

Proceedings of the 27th ACM international conference on Design of communication

Security-aware software development life cycle (SaSDLC): processes and tools

WOCN'09 Proceedings of the Sixth international conference on Wireless and Optical Communications Networks

System Engineering Security

KES '09 Proceedings of the 13th International Conference on Knowledge-Based and Intelligent Information and Engineering Systems: Part II

Avoiding Threats Using Multi Agent System Planning for Web Based Systems

ICCCI '09 Proceedings of the 1st International Conference on Computational Collective Intelligence. Semantic Web, Social Networks and Multiagent Systems

What is the shape of your security policy?: security as a classification problem

NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop

A comparative analysis of common threats, vulnerabilities, attacks and countermeasures within smart card and wireless sensor network node technologies

WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems

The security threats and corresponding measures to distributed storage systems

APPT'07 Proceedings of the 7th international conference on Advanced parallel processing technologies

IT security analysis best practices and formal approaches

Foundations of security analysis and design IV

Towards improved security criteria for certification of electronic health record systems

Proceedings of the 2010 ICSE Workshop on Software Engineering in Health Care

Using implied scenarios in security testing

Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems

An empirical investigation into open source web applications' implementation vulnerabilities

Empirical Software Engineering

Indicator-based architecture-level security evaluation in a service-oriented environment

Proceedings of the Fourth European Conference on Software Architecture: Companion Volume

A security ontology for incident analysis

Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research

Analyzing security architectures

Proceedings of the IEEE/ACM international conference on Automated software engineering

First principles vulnerability assessment

Proceedings of the 2010 ACM workshop on Cloud computing security workshop

Controlling security of software development with multi-agent system

KES'10 Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part IV

To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design

Proceedings of the 2010 workshop on New security paradigms

Securing tests in E-learning environment

Proceedings of the 2011 International Conference on Communication, Computing & Security

System Assurance: Beyond Detecting Vulnerabilities

System Assurance: Beyond Detecting Vulnerabilities

Security mutation testing of the FileZilla FTP server

Proceedings of the 2011 ACM Symposium on Applied Computing

Modeling security attacks with statecharts

Proceedings of the joint ACM SIGSOFT conference -- QoSA and ACM SIGSOFT symposium -- ISARCS on Quality of software architectures -- QoSA and architecting critical systems -- ISARCS

Layered security architecture for threat management using multi-agent system

ACM SIGSOFT Software Engineering Notes

Environment-driven threats elicitation for web applications

KES-AMSTA'11 Proceedings of the 5th KES international conference on Agent and multi-agent systems: technologies and applications

Software security for small development teams: a case study

Proceedings of the 13th International Conference on Information Integration and Web-based Applications and Services

XML security in the next generation optical disc context

SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management

Information modeling for automated risk analysis

CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security

Idea: reusability of threat models – two approaches with an experimental evaluation

ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems

An advanced approach for modeling and detecting software vulnerabilities

Information and Software Technology

Automated tracing and visualization of software security structure and properties

Proceedings of the Ninth International Symposium on Visualization for Cyber Security

Short paper: smartphones: not smart enough?

Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices

Growing a pattern language (for security)

Proceedings of the ACM international symposium on New ideas, new paradigms, and reflections on programming and software

The nature of order: from security patterns to a pattern language

Proceedings of the 3rd annual conference on Systems, programming, and applications: software for humanity

Mitigating multi-threats optimally in proactive threat management

ACM SIGSOFT Software Engineering Notes

Point-and-shoot security design: can we build better tools for developers?

Proceedings of the 2012 workshop on New security paradigms

Eliciting Policy Requirements for Critical National Infrastructure Using the IRIS Framework

International Journal of Secure Software Engineering

A method for incorporating usable security into computer security courses

Proceeding of the 44th ACM technical symposium on Computer science education

Threat modeling for security assessment in cyberphysical systems

Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

Finding architectural flaws in android apps is easy

Proceedings of the 2013 companion publication for conference on Systems, programming, & applications: software for humanity

A Systematic Survey of Self-Protecting Software Systems

ACM Transactions on Autonomous and Adaptive Systems (TAAS) - Special Section on Best Papers from SEAMS 2012

Threat modeling of a mobile device management system for secure smart work

Electronic Commerce Research

An extensible pattern-based library and taxonomy of security threats for distributed systems

Computer Standards & Interfaces