{"id":"https://openalex.org/W2769244242","doi":"https://doi.org/10.1145/3143434.3143461","title":"Using FSM patterns to size security non-functional requirements with COSMIC","display_name":"Using FSM patterns to size security non-functional requirements with COSMIC","publication_year":2017,"publication_date":"2017-10-25","ids":{"openalex":"https://openalex.org/W2769244242","doi":"https://doi.org/10.1145/3143434.3143461","mag":"2769244242"},"language":"en","primary_location":{"id":"doi:10.1145/3143434.3143461","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3143434.3143461","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 27th International Workshop on Software Measurement and 12th International Conference on Software Process and Product Measurement","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5052371305","display_name":"Erdir Ungan","orcid":null},"institutions":[{"id":"https://openalex.org/I159129438","display_name":"Universit\u00e9 du Qu\u00e9bec \u00e0 Montr\u00e9al","ror":"https://ror.org/002rjbv21","country_code":"CA","type":"education","lineage":["https://openalex.org/I159129438","https://openalex.org/I49663120"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Erdir Ungan","raw_affiliation_strings":["Universit\u00e9 du Qu\u00e9bec \u00e0 Montr\u00e9al, Montreal, Canada"],"affiliations":[{"raw_affiliation_string":"Universit\u00e9 du Qu\u00e9bec \u00e0 Montr\u00e9al, Montreal, Canada","institution_ids":["https://openalex.org/I159129438"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060430840","display_name":"Sylvie Trudel","orcid":null},"institutions":[{"id":"https://openalex.org/I159129438","display_name":"Universit\u00e9 du Qu\u00e9bec \u00e0 Montr\u00e9al","ror":"https://ror.org/002rjbv21","country_code":"CA","type":"education","lineage":["https://openalex.org/I159129438","https://openalex.org/I49663120"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Sylvie Trudel","raw_affiliation_strings":["Universit\u00e9 du Qu\u00e9bec \u00e0 Montr\u00e9al, Montreal, Canada"],"affiliations":[{"raw_affiliation_string":"Universit\u00e9 du Qu\u00e9bec \u00e0 Montr\u00e9al, Montreal, Canada","institution_ids":["https://openalex.org/I159129438"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5023417867","display_name":"Luc Poulin","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Luc Poulin","raw_affiliation_strings":["Application Security Institute, Quebec, Canada"],"affiliations":[{"raw_affiliation_string":"Application Security Institute, Quebec, Canada","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5052371305"],"corresponding_institution_ids":["https://openalex.org/I159129438"],"apc_list":null,"apc_paid":null,"fwci":0.4836,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.75298076,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"64","last_page":"76"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7000285387039185},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5493747591972351},{"id":"https://openalex.org/keywords/functional-requirement","display_name":"Functional requirement","score":0.49636298418045044},{"id":"https://openalex.org/keywords/operationalization","display_name":"Operationalization","score":0.49565589427948},{"id":"https://openalex.org/keywords/non-functional-requirement","display_name":"Non-functional requirement","score":0.47367268800735474},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4471038281917572},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.37247490882873535},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.357289582490921},{"id":"https://openalex.org/keywords/reliability-engineering","display_name":"Reliability engineering","score":0.3483183979988098},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3431876003742218},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.21913248300552368},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.19747906923294067},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.14633938670158386},{"id":"https://openalex.org/keywords/software-construction","display_name":"Software construction","score":0.1439080536365509},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.11206433176994324},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.09813052415847778}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7000285387039185},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5493747591972351},{"id":"https://openalex.org/C62235348","wikidata":"https://www.wikidata.org/wiki/Q3264234","display_name":"Functional requirement","level":2,"score":0.49636298418045044},{"id":"https://openalex.org/C9354725","wikidata":"https://www.wikidata.org/wiki/Q286017","display_name":"Operationalization","level":2,"score":0.49565589427948},{"id":"https://openalex.org/C199747065","wikidata":"https://www.wikidata.org/wiki/Q3254666","display_name":"Non-functional requirement","level":5,"score":0.47367268800735474},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4471038281917572},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.37247490882873535},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.357289582490921},{"id":"https://openalex.org/C200601418","wikidata":"https://www.wikidata.org/wiki/Q2193887","display_name":"Reliability engineering","level":1,"score":0.3483183979988098},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3431876003742218},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.21913248300552368},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.19747906923294067},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.14633938670158386},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.1439080536365509},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.11206433176994324},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.09813052415847778},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3143434.3143461","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3143434.3143461","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 27th International Workshop on Software Measurement and 12th International Conference on Software Process and Product Measurement","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.4300000071525574,"display_name":"Industry, innovation and infrastructure"}],"awards":[{"id":"https://openalex.org/G6778335415","display_name":null,"funder_award_id":"04436","funder_id":"https://openalex.org/F4320334593","funder_display_name":"Natural Sciences and Engineering Research Council of Canada"},{"id":"https://openalex.org/G7567392999","display_name":null,"funder_award_id":"1059B191600263","funder_id":"https://openalex.org/F4320322626","funder_display_name":"T\u00fcrkiye Bilimsel ve Teknolojik Ara\u015ft\u0131rma Kurumu"}],"funders":[{"id":"https://openalex.org/F4320311271","display_name":"Universit\u00e9 du Qu\u00e9bec \u00e0 Montr\u00e9al","ror":"https://ror.org/002rjbv21"},{"id":"https://openalex.org/F4320322626","display_name":"T\u00fcrkiye Bilimsel ve Teknolojik Ara\u015ft\u0131rma Kurumu","ror":"https://ror.org/04w9kkr77"},{"id":"https://openalex.org/F4320334593","display_name":"Natural Sciences and Engineering Research Council of Canada","ror":"https://ror.org/01h531d29"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W1537202","https://openalex.org/W220935706","https://openalex.org/W1492153604","https://openalex.org/W1511533557","https://openalex.org/W1534933129","https://openalex.org/W2020194669","https://openalex.org/W2059995226","https://openalex.org/W2134438571","https://openalex.org/W2134606933","https://openalex.org/W2136922540","https://openalex.org/W2166054436","https://openalex.org/W2182421524","https://openalex.org/W2295255318","https://openalex.org/W2301605390","https://openalex.org/W2306493606","https://openalex.org/W2488959303","https://openalex.org/W2507469946","https://openalex.org/W2559524254","https://openalex.org/W2568145926","https://openalex.org/W2789825598","https://openalex.org/W3036546508","https://openalex.org/W3200788958"],"related_works":["https://openalex.org/W2155030595","https://openalex.org/W2240531736","https://openalex.org/W1595482434","https://openalex.org/W2393484683","https://openalex.org/W4385784960","https://openalex.org/W2128973668","https://openalex.org/W1027252504","https://openalex.org/W3101626139","https://openalex.org/W2406301776","https://openalex.org/W3214821522"],"abstract_inverted_index":{"Measuring":[0],"non-functional":[1],"requirements":[2],"(NFR)":[3],"proved":[4],"to":[5,14,28,44,54,120,139,163,208,213,217,231],"be":[6,65,121,140,164,182,218,229],"a":[7,98,104,199],"non-trivial":[8],"problem":[9],"and":[10,46,114,211],"has":[11],"been":[12],"subject":[13],"many":[15],"studies":[16],"recently.":[17],"This":[18],"paper":[19],"introduces":[20],"application":[21,55],"of":[22,31,50,60,83,93,101,125,153,161,172,198,203,234],"Functional":[23,84],"Size":[24],"Measurement":[25],"(FSM)":[26],"Patterns":[27,63,117],"facilitate":[29],"measurement":[30,51,82],"NFRs,":[32,210],"focusing":[33],"on":[34],"security":[35,56,131,209,215],"requirements.":[36],"A":[37],"Design":[38],"Science":[39],"Research":[40],"methodology":[41],"was":[42,206],"followed":[43],"define":[45],"demonstrate":[47],"the":[48,80,91,150,159,169,173,187,196,221],"usefulness":[49],"patterns":[52,180],"applied":[53,76],"controls":[57],"(ASC).":[58],"Examples":[59],"how":[61,73],"FSM":[62,116,179],"can":[64,107],"defined":[66,194],"for":[67],"ASC":[68],"are":[69,75,144],"provided,":[70],"along":[71],"with":[72],"they":[74,143],"during":[77],"or":[78],"after":[79],"COSMIC":[81],"User":[85],"Requirements":[86],"(FURs).":[87],"Results":[88],"suggest":[89],"that":[90],"magnitude":[92],"functional":[94,127,188],"size":[95,128,160,189],"introduced":[96],"by":[97,130],"sample":[99],"set":[100],"ASCs":[102],"through":[103],"small":[105],"case":[106],"increase":[108],"significantly":[109],"(e.g.":[110],"over":[111],"200%).":[112],"Defining":[113],"applying":[115],"turned":[118],"out":[119],"an":[122,183],"effective":[123],"way":[124],"reflecting":[126],"denoted":[129],"NFRs.":[132,235],"The":[133,201],"approach":[134],"also":[135],"lets":[136],"such":[137],"NFRs":[138,193,216],"sized":[141],"before":[142],"actually":[145],"converted":[146],"into":[147],"FURs":[148],"in":[149,168,185,220],"later":[151],"phases":[152],"software":[154,162,174,223],"development":[155,175],"lifecycle,":[156],"which":[157],"makes":[158],"represented":[165],"more":[166],"accurate":[167],"early":[170],"stages":[171],"lifecycle.":[176],"As":[177],"such,":[178],"should":[181],"asset":[184],"incorporating":[186],"stemming":[190],"from":[191],"high-level":[192],"at":[195],"start":[197],"project.":[200],"scope":[202],"this":[204],"research":[205],"limited":[207],"specifically":[212],"those":[214],"operationalized":[219],"measured":[222],"(quasi":[224],"NFRs).":[225],"Future":[226],"work":[227],"could":[228],"extended":[230],"other":[232],"categories":[233]},"counts_by_year":[{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}