Degradation models and implied lifetime distributions, Reliability Engineering & System Safety, vol.92, issue.5, pp.601-608, 2007. ,
DOI : 10.1016/j.ress.2006.02.002
Security attribute evaluation method, Proceedings of the 24th international conference on Software engineering , ICSE '02, pp.232-240, 2002. ,
DOI : 10.1145/581339.581370
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.70.9285
A SLA evaluation methodology in Service Oriented Architectures, Proceedings of the 1st Workshop on Quality of Protection, 2005. ,
DOI : 10.1007/978-0-387-36584-8_10
Information Security Management: An Approach to Combine Process Certification And Product Evaluation, Computers & Security, vol.19, issue.8, pp.698-609, 2000. ,
DOI : 10.1016/S0167-4048(00)08019-6
The economics of information security investment, ACM Transactions on Information and System Security, vol.5, issue.4, pp.438-457, 2003. ,
DOI : 10.1145/581271.581274
Managing Cybersecurity Resources: a Cost-Benefit Analysis, 2006. ,
Complete Guide to Security and Privacy Metrics. Measuring Regulatory Compliance, Operational Resilience, and ROI, 2007. ,
DOI : 10.1201/9781420013283
Information technology ? Security techniques ? Code of Practice for Information Security Management, 2005. ,
Directions in security metric research, 2009. ,
DOI : 10.6028/NIST.IR.7564
Security metrics: replacing fear, uncertainty, and doubt, 2007. ,
A quantitative model of the security intrusion process based on attacker behavior, IEEE Transactions on Software Engineering, vol.23, issue.4, pp.235-245, 1997. ,
DOI : 10.1109/32.588541
Service-oriented Assurance ??? Comprehensive Security by Explicit Assurances, Proceedings of the 1st Workshop on Quality of Protection, 2005. ,
DOI : 10.1007/978-0-387-36584-8_2
Formal approach to security metrics. what does " more secure " mean for you?, Proceedings of the 1st International Workshop on Measurability of Security in Software Architectures, 2010. ,
DOI : 10.1145/1842752.1842787
URL : https://hal.archives-ouvertes.fr/inria-00536758
A method for modeling and quantifying the security attributes of intrusion tolerant systems, Performance Evaluation, vol.56, issue.1-4, pp.1-4167, 2004. ,
DOI : 10.1016/j.peva.2003.07.008
Measuring a system's attack surface, 2004. ,
DOI : 10.21236/ADA458115
An attack surface metric, 2005. ,
DOI : 10.21236/ada457096
An approach to measuring a systems attack surface, 2007. ,
DOI : 10.21236/ada476977
The lognormal distribution of software failure rates: application to software reliability growth modeling, Proceedings Ninth International Symposium on Software Reliability Engineering (Cat. No.98TB100257), pp.134-142, 1998. ,
DOI : 10.1109/ISSRE.1998.730872
Experimenting with quantitative evaluation tools for monitoring operational security, IEEE Transactions on Software Engineering, vol.25, issue.5, pp.633-650, 1999. ,
DOI : 10.1109/32.815323
A weakest-adversary security metric for network configuration security analysis, Proceedings of the 2nd ACM workshop on Quality of protection , QoP '06, pp.31-38, 2006. ,
DOI : 10.1145/1179494.1179502
How to buy better testing, Proceedings of the International Conference on Infrastructure Security (InfraSec'02), number 2437 in Lecture Notes in Computer Science, pp.73-87, 2002. ,
On risk: perception and direction, Computers & Security, vol.23, issue.5, pp.362-370, 2004. ,
DOI : 10.1016/j.cose.2004.05.003
Risk management guide for information technology systems, 2001. ,
DOI : 10.6028/NIST.SP.800-30
URL : http://www.dtic.mil/get-tr-doc/pdf?AD=ADA396553
Security metrics guide for information technology systems, 2003. ,
DOI : 10.6028/NIST.SP.800-55
Information assurance measures and metrics - state of practice and proposed taxonomy, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the, 2003. ,
DOI : 10.1109/HICSS.2003.1174904
An Attack Graph-Based Probabilistic Security Metric, Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security, pp.283-296, 2008. ,
DOI : 10.1007/11805588_9
Minimum-cost network hardening using attack graphs, Computer Communications, vol.29, issue.18, pp.3812-3824, 2006. ,
DOI : 10.1016/j.comcom.2006.06.018
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.83.8358