. Ovaldi, the OVAL Interpreter reference implementation, 2012.

M. Abedin, S. Nessa, E. Shaer, and L. Khan, Vulnerability analysis For evaluating quality of protection of security policies, Proceedings of the 2nd ACM workshop on Quality of protection , QoP '06, 2006.
DOI : 10.1145/1179494.1179505

H. Achi, A. Hellany, and M. Nagrial, Network security approach for digital forensics analysis, 2008 International Conference on Computer Engineering & Systems, pp.263-267, 2008.
DOI : 10.1109/ICCES.2008.4773009

M. S. Ahmed, E. Al-shaer, M. M. Taibah, M. Abedin, and L. Khan, Towards autonomic risk-aware security configuration, NOMS 2008, 2008 IEEE Network Operations and Management Symposium, pp.722-725, 2008.
DOI : 10.1109/NOMS.2008.4575198

J. Banghart and C. Johnson, The Technical Specification for the Security Content Automation Protocol (SCAP) NIST Special Publication, 2009.

M. Barrère, R. Badonnel, and O. Festor, Supporting Vulnerability Awareness in Autonomic Networks and Systems with OVAL, Proceedings of the 7th IEEE International Conference on Network and Service Management (CNSM'11), 2011.

M. Barrère, R. Badonnel, and O. Festor, Towards the assessment of distributed vulnerabilities in autonomic networks and systems, 2012 IEEE Network Operations and Management Symposium, 2012.
DOI : 10.1109/NOMS.2012.6211916

M. Barrère, G. Betarte, and M. Rodríguez, Towards machine-assisted formal procedures for the collection of digital evidence, 2011 Ninth Annual International Conference on Privacy, Security and Trust, pp.32-35, 2011.
DOI : 10.1109/PST.2011.5971960

M. Chiarini and A. Couch, Dynamic Dependencies and Performance Improvement, Proceedings of the 22nd Conference on Large Installation System Administration Conference, pp.9-21, 2008.

Y. Diao, A. Keller, S. Parekh, and V. V. Marinov, Predicting Labor Cost through IT Management Complexity Metrics, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management, pp.274-283, 2007.
DOI : 10.1109/INM.2007.374792

P. Foreman, Vulnerability Management, 2010.
DOI : 10.1201/9781439801512

S. Frei, D. Schatzmann, B. Plattner, and B. Trammel, Modelling the Security Ecosystem -The Dynamics of (In)Security, Proceedings of the Workshop on the Economics of Information Security, 2009.

M. A. Rahman and E. , A declarative approach for global network security configuration verification and evaluation, 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops, pp.531-538, 2011.
DOI : 10.1109/INM.2011.5990556

J. Sauve, R. Santos, R. Reboucas, A. Moura, and C. Bartolini, Change Priority Determination in IT Service Management Based on Risk Exposure, IEEE Transactions on Network and Service Management, vol.5, issue.3, pp.178-187, 2008.
DOI : 10.1109/TNSM.2009.031105

K. Scarfone and T. Grance, A framework for measuring the vulnerability of hosts, 2008 1st International Conference on Information Technology, pp.1-4, 2008.
DOI : 10.1109/INFTECH.2008.4621610

J. A. Wickboldt, L. A. Bianchin, and R. C. Lunardi, Improving IT Change Management Processes with Automated Risk Assessment, Proceedings of IEEE International Workshop on Distributed Systems: Operations and Management (DSOM'09) Nicolett. Improve IT Security with Vulnerability Management, pp.71-84, 2005.
DOI : 10.1007/978-3-642-04989-7_6

N. Ziring and S. D. Quinn, Specification for the Extensible Configuration Checklist Description Format (XCCDF). NIST, 2012.