S. J. Bae, Degradation models and implied lifetime distributions, Reliability Engineering & System Safety, vol.92, issue.5, pp.601-608, 2007.
DOI : 10.1016/j.ress.2006.02.002

S. A. Butler, Security attribute evaluation method, Proceedings of the 24th international conference on Software engineering , ICSE '02, pp.232-240, 2002.
DOI : 10.1145/581339.581370
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.70.9285

V. Casola, A SLA evaluation methodology in Service Oriented Architectures, Proceedings of the 1st Workshop on Quality of Protection, 2005.
DOI : 10.1007/978-0-387-36584-8_10

M. M. Eloff and S. H. Solms, Information Security Management: An Approach to Combine Process Certification And Product Evaluation, Computers & Security, vol.19, issue.8, pp.698-609, 2000.
DOI : 10.1016/S0167-4048(00)08019-6

L. Gordon and M. Loeb, The economics of information security investment, ACM Transactions on Information and System Security, vol.5, issue.4, pp.438-457, 2003.
DOI : 10.1145/581271.581274

L. A. Gordon and M. P. Loeb, Managing Cybersecurity Resources: a Cost-Benefit Analysis, 2006.

D. S. Herrmann, Complete Guide to Security and Privacy Metrics. Measuring Regulatory Compliance, Operational Resilience, and ROI, 2007.
DOI : 10.1201/9781420013283

I. and I. Iso, Information technology ? Security techniques ? Code of Practice for Information Security Management, 2005.

W. Jansen, Directions in security metric research, 2009.
DOI : 10.6028/NIST.IR.7564

A. Jaquith, Security metrics: replacing fear, uncertainty, and doubt, 2007.

E. Jonsson and T. Olovsson, A quantitative model of the security intrusion process based on attacker behavior, IEEE Transactions on Software Engineering, vol.23, issue.4, pp.235-245, 1997.
DOI : 10.1109/32.588541

G. Karjoth, Service-oriented Assurance ??? Comprehensive Security by Explicit Assurances, Proceedings of the 1st Workshop on Quality of Protection, 2005.
DOI : 10.1007/978-0-387-36584-8_2

L. Krautsevich, Formal approach to security metrics. what does " more secure " mean for you?, Proceedings of the 1st International Workshop on Measurability of Security in Software Architectures, 2010.
DOI : 10.1145/1842752.1842787
URL : https://hal.archives-ouvertes.fr/inria-00536758

B. B. Madan, K. Goseva-popstojanova, K. Vaidyanathan, and K. S. Trivedi, A method for modeling and quantifying the security attributes of intrusion tolerant systems, Performance Evaluation, vol.56, issue.1-4, pp.1-4167, 2004.
DOI : 10.1016/j.peva.2003.07.008

P. Manadhata and J. Wing, Measuring a system's attack surface, 2004.
DOI : 10.21236/ADA458115

P. Manadhata and J. M. Wing, An attack surface metric, 2005.
DOI : 10.21236/ada457096

P. K. Manadhata, An approach to measuring a systems attack surface, 2007.
DOI : 10.21236/ada476977

R. Mullen, The lognormal distribution of software failure rates: application to software reliability growth modeling, Proceedings Ninth International Symposium on Software Reliability Engineering (Cat. No.98TB100257), pp.134-142, 1998.
DOI : 10.1109/ISSRE.1998.730872

R. Ortalo, Experimenting with quantitative evaluation tools for monitoring operational security, IEEE Transactions on Software Engineering, vol.25, issue.5, pp.633-650, 1999.
DOI : 10.1109/32.815323

J. Pamula, A weakest-adversary security metric for network configuration security analysis, Proceedings of the 2nd ACM workshop on Quality of protection , QoP '06, pp.31-38, 2006.
DOI : 10.1145/1179494.1179502

S. Schechter, How to buy better testing, Proceedings of the International Conference on Infrastructure Security (InfraSec'02), number 2437 in Lecture Notes in Computer Science, pp.73-87, 2002.

A. Stewart, On risk: perception and direction, Computers & Security, vol.23, issue.5, pp.362-370, 2004.
DOI : 10.1016/j.cose.2004.05.003

G. Stoneburner, Risk management guide for information technology systems, 2001.
DOI : 10.6028/NIST.SP.800-30
URL : http://www.dtic.mil/get-tr-doc/pdf?AD=ADA396553

M. Swanson, Security metrics guide for information technology systems, 2003.
DOI : 10.6028/NIST.SP.800-55

R. B. Vaughn, Information assurance measures and metrics - state of practice and proposed taxonomy, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the, 2003.
DOI : 10.1109/HICSS.2003.1174904

L. Wang, An Attack Graph-Based Probabilistic Security Metric, Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security, pp.283-296, 2008.
DOI : 10.1007/11805588_9

L. Wang, Minimum-cost network hardening using attack graphs, Computer Communications, vol.29, issue.18, pp.3812-3824, 2006.
DOI : 10.1016/j.comcom.2006.06.018
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.83.8358