{"id":"https://openalex.org/W1971450942","doi":"https://doi.org/10.1147/jrd.2013.2288060","title":"Threat analysis in the software development lifecycle","display_name":"Threat analysis in the software development lifecycle","publication_year":2014,"publication_date":"2014-01-01","ids":{"openalex":"https://openalex.org/W1971450942","doi":"https://doi.org/10.1147/jrd.2013.2288060","mag":"1971450942"},"language":"en","primary_location":{"id":"doi:10.1147/jrd.2013.2288060","is_oa":false,"landing_page_url":"https://doi.org/10.1147/jrd.2013.2288060","pdf_url":null,"source":{"id":"https://openalex.org/S4210219925","display_name":"IBM Journal of Research and Development","issn_l":"0018-8646","issn":["0018-8646","2151-8556"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320652","host_organization_name":"IBM","host_organization_lineage":["https://openalex.org/P4310320652"],"host_organization_lineage_names":["IBM"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IBM Journal of Research and Development","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5006159544","display_name":"Jim Whitmore","orcid":"https://orcid.org/0000-0002-5917-1678"},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"J. Whitmore","raw_affiliation_strings":["IBM Software Group, Mechanicsburg, USA","IBM Software Group, Mechanicsburg, PA#TAB#"],"affiliations":[{"raw_affiliation_string":"IBM Software Group, Mechanicsburg, USA","institution_ids":["https://openalex.org/I1341412227"]},{"raw_affiliation_string":"IBM Software Group, Mechanicsburg, PA#TAB#","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048369184","display_name":"Sven T\u00fcrpe","orcid":"https://orcid.org/0000-0001-8752-5691"},"institutions":[{"id":"https://openalex.org/I4210133470","display_name":"Fraunhofer Institute for Secure Information Technology","ror":"https://ror.org/03qt2gs44","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210133470","https://openalex.org/I4923324"]},{"id":"https://openalex.org/I4923324","display_name":"Fraunhofer Society","ror":"https://ror.org/05hkkdn48","country_code":"DE","type":"funder","lineage":["https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"S. Turpe","raw_affiliation_strings":["Fraunhofer Institute for Secure Information Technology, Security Test Lab , Darmstadt, Germany","Fraunhofer Institute for Secure Information Technology, Security Test Lab, Darmstadt, Germany#TAB#"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Secure Information Technology, Security Test Lab , Darmstadt, Germany","institution_ids":["https://openalex.org/I4210133470"]},{"raw_affiliation_string":"Fraunhofer Institute for Secure Information Technology, Security Test Lab, Darmstadt, Germany#TAB#","institution_ids":["https://openalex.org/I4923324"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058790242","display_name":"Stefan Triller","orcid":null},"institutions":[{"id":"https://openalex.org/I4923324","display_name":"Fraunhofer Society","ror":"https://ror.org/05hkkdn48","country_code":"DE","type":"funder","lineage":["https://openalex.org/I4923324"]},{"id":"https://openalex.org/I4210133470","display_name":"Fraunhofer Institute for Secure Information Technology","ror":"https://ror.org/03qt2gs44","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210133470","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"S. Triller","raw_affiliation_strings":["Fraunhofer Institute for Secure Information Technology, Security Test Lab , Darmstadt, Germany","Fraunhofer Institute for Secure Information Technology, Security Test Lab, Darmstadt, Germany#TAB#"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Secure Information Technology, Security Test Lab , Darmstadt, Germany","institution_ids":["https://openalex.org/I4210133470"]},{"raw_affiliation_string":"Fraunhofer Institute for Secure Information Technology, Security Test Lab, Darmstadt, Germany#TAB#","institution_ids":["https://openalex.org/I4923324"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080720838","display_name":"Andreas Poller","orcid":null},"institutions":[{"id":"https://openalex.org/I4923324","display_name":"Fraunhofer Society","ror":"https://ror.org/05hkkdn48","country_code":"DE","type":"funder","lineage":["https://openalex.org/I4923324"]},{"id":"https://openalex.org/I4210133470","display_name":"Fraunhofer Institute for Secure Information Technology","ror":"https://ror.org/03qt2gs44","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210133470","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"A. Poller","raw_affiliation_strings":["Fraunhofer Institute for Secure Information Technology, Security Test Lab , Darmstadt, Germany","Fraunhofer Institute for Secure Information Technology, Security Test Lab, Darmstadt, Germany#TAB#"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Secure Information Technology, Security Test Lab , Darmstadt, Germany","institution_ids":["https://openalex.org/I4210133470"]},{"raw_affiliation_string":"Fraunhofer Institute for Secure Information Technology, Security Test Lab, Darmstadt, Germany#TAB#","institution_ids":["https://openalex.org/I4923324"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5049056263","display_name":"C. Robert Carlson","orcid":null},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"C. Carlson","raw_affiliation_strings":["IBM Software Group, Minneapolis, USA","IBM Software Group, Minneapolis, MN#TAB#"],"affiliations":[{"raw_affiliation_string":"IBM Software Group, Minneapolis, USA","institution_ids":["https://openalex.org/I1341412227"]},{"raw_affiliation_string":"IBM Software Group, Minneapolis, MN#TAB#","institution_ids":["https://openalex.org/I1341412227"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5006159544"],"corresponding_institution_ids":["https://openalex.org/I1341412227"],"apc_list":null,"apc_paid":null,"fwci":2.3667,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.90238488,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"58","issue":"1","first_page":"6:1","last_page":"6:13"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.7810909748077393},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.6356104016304016},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.5383656024932861},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5329666137695312},{"id":"https://openalex.org/keywords/information-assurance","display_name":"Information assurance","score":0.5059213042259216},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.48490387201309204},{"id":"https://openalex.org/keywords/engineering-management","display_name":"Engineering management","score":0.4790664613246918},{"id":"https://openalex.org/keywords/ibm","display_name":"IBM","score":0.4502425193786621},{"id":"https://openalex.org/keywords/software-development-process","display_name":"Software development process","score":0.43835172057151794},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.43472564220428467},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.4118099510669708},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.4078289568424225},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.40189045667648315},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.34284329414367676},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.3261567950248718},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2801988124847412},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.23725083470344543},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.18378910422325134}],"concepts":[{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.7810909748077393},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.6356104016304016},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.5383656024932861},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5329666137695312},{"id":"https://openalex.org/C2780795517","wikidata":"https://www.wikidata.org/wiki/Q6030997","display_name":"Information assurance","level":3,"score":0.5059213042259216},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.48490387201309204},{"id":"https://openalex.org/C110354214","wikidata":"https://www.wikidata.org/wiki/Q6314146","display_name":"Engineering management","level":1,"score":0.4790664613246918},{"id":"https://openalex.org/C70388272","wikidata":"https://www.wikidata.org/wiki/Q5968558","display_name":"IBM","level":2,"score":0.4502425193786621},{"id":"https://openalex.org/C180152950","wikidata":"https://www.wikidata.org/wiki/Q2904257","display_name":"Software development process","level":4,"score":0.43835172057151794},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.43472564220428467},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.4118099510669708},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4078289568424225},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.40189045667648315},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.34284329414367676},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.3261567950248718},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2801988124847412},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.23725083470344543},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.18378910422325134},{"id":"https://openalex.org/C171250308","wikidata":"https://www.wikidata.org/wiki/Q11468","display_name":"Nanotechnology","level":1,"score":0.0},{"id":"https://openalex.org/C192562407","wikidata":"https://www.wikidata.org/wiki/Q228736","display_name":"Materials science","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1147/jrd.2013.2288060","is_oa":false,"landing_page_url":"https://doi.org/10.1147/jrd.2013.2288060","pdf_url":null,"source":{"id":"https://openalex.org/S4210219925","display_name":"IBM Journal of Research and Development","issn_l":"0018-8646","issn":["0018-8646","2151-8556"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320652","host_organization_name":"IBM","host_organization_lineage":["https://openalex.org/P4310320652"],"host_organization_lineage_names":["IBM"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IBM Journal of Research and Development","raw_type":"journal-article"},{"id":"pmh:oai:publica.fraunhofer.de:publica/235427","is_oa":false,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/235427","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"journal article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.5600000023841858,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W84546129","https://openalex.org/W146540859","https://openalex.org/W981357659","https://openalex.org/W1965654413","https://openalex.org/W1969069099","https://openalex.org/W1980474774","https://openalex.org/W2035029962","https://openalex.org/W2050245701","https://openalex.org/W2081418638","https://openalex.org/W2100063638","https://openalex.org/W2122376491","https://openalex.org/W2126762719"],"related_works":["https://openalex.org/W2141388993","https://openalex.org/W1978034799","https://openalex.org/W2999607548","https://openalex.org/W2411222674","https://openalex.org/W2956597637","https://openalex.org/W1991896709","https://openalex.org/W2293245356","https://openalex.org/W2006426112","https://openalex.org/W4225160120","https://openalex.org/W4377970706"],"abstract_inverted_index":{"Businesses":[0],"and":[1,5,41,57,82,92,97,115,142,168,191],"governments":[2],"that":[3,15,111,194],"deploy":[4],"operate":[6],"IT":[7],"(information":[8],"technology)":[9],"systems":[10],"continue":[11],"to":[12,28,44,50,94],"seek":[13],"assurance":[14,42],"software":[16,33,74,99,154,174,179],"they":[17,23],"procure":[18],"has":[19,195],"the":[20,30,64,78,85,102,127,134,143,196,202],"security":[21,31,62,122,152],"characteristics":[22],"expect.":[24],"The":[25,162],"criteria":[26],"used":[27],"evaluate":[29],"of":[32,39,47,61,73,80,104,121,129,151,201,205],"are":[34,75],"expanding":[35],"from":[36],"static":[37],"sets":[38,46],"functional":[40],"requirements":[43],"complex":[45],"evidence":[48],"related":[49],"development":[51,175,207],"practices":[52],"for":[53,117,137,159,173,198],"design,":[54],"coding,":[55],"testing,":[56],"support,":[58],"plus":[59,187],"consideration":[60],"in":[63,153],"supply":[65,180],"chain.":[66,181],"To":[67],"meet":[68],"these":[69],"evolving":[70],"expectations,":[71],"creators":[72],"faced":[76],"with":[77,133],"challenge":[79],"consistently":[81],"continuously":[83],"applying":[84],"most":[86],"current":[87,203],"knowledge":[88,192],"about":[89],"risks,":[90],"threats,":[91],"weaknesses":[93],"their":[95,171],"existing":[96,166],"new":[98],"assets.":[100],"Yet":[101],"practice":[103],"threat":[105,160],"analysis":[106],"remains":[107],"an":[108,130,177,188],"art":[109],"form":[110],"is":[112],"highly":[113],"subjective":[114],"reserved":[116],"a":[118,209],"small":[119],"community":[120],"experts.":[123],"This":[124,147],"paper":[125],"reviews":[126],"findings":[128],"IBM-sponsored":[131],"project":[132,148,163],"Fraunhofer":[135],"Institute":[136],"Secure":[138],"Information":[139],"Technology":[140],"(SIT)":[141],"Technische":[144],"Universit\u00e4t":[145],"Darmstadt.":[146],"investigated":[149],"aspects":[150],"development,":[155],"including":[156],"practical":[157],"methods":[158,167],"analysis.":[161],"also":[164],"examined":[165],"tools,":[169],"assessing":[170],"efficacy":[172],"within":[176],"open-source":[178],"These":[182],"efforts":[183],"yielded":[184],"valuable":[185],"insights":[186],"automated":[189],"tool":[190],"base":[193],"potential":[197],"overcoming":[199],"some":[200],"limitations":[204],"secure":[206],"on":[208],"large":[210],"scale.":[211]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2017,"cited_by_count":2},{"year":2015,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}