{"id":"https://openalex.org/W2293315449","doi":"https://doi.org/10.3217/jucs-018-12-1679","title":"Risk-Driven Security Metrics in Agile Software Development - An Industrial Pilot Study","display_name":"Risk-Driven Security Metrics in Agile Software Development - An Industrial Pilot Study","publication_year":2020,"publication_date":"2020-04-07","ids":{"openalex":"https://openalex.org/W2293315449","doi":"https://doi.org/10.3217/jucs-018-12-1679","mag":"2293315449"},"language":"en","primary_location":{"id":"pmh:oai:zenodo.org:5505817","is_oa":true,"landing_page_url":"https://zenodo.org/record/5505817","pdf_url":"https://zenodo.org/record/5505817","source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"JUCS - Journal of Universal Computer Science 18((12)) 1679-1702","raw_type":"info:eu-repo/semantics/article"},"type":"article","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://zenodo.org/record/5505817","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5053569214","display_name":"Ari Pietik\u00e4inen","orcid":null},"institutions":[{"id":"https://openalex.org/I87653560","display_name":"VTT Technical Research Centre of Finland","ror":"https://ror.org/04b181w54","country_code":"FI","type":"nonprofit","lineage":["https://openalex.org/I4210089493","https://openalex.org/I87653560"]}],"countries":["FI"],"is_corresponding":false,"raw_author_name":"Ari Pietik\u00e4inen","raw_affiliation_strings":["VTT Technical Research Centre of Finland"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"VTT Technical Research Centre of Finland","institution_ids":["https://openalex.org/I87653560"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011075320","display_name":"Christian Fr\u00fchwirth","orcid":"https://orcid.org/0009-0004-6081-5970"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Christian Fr\u00fchwirth","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5014217050","display_name":"Reijo Savola","orcid":"https://orcid.org/0000-0002-1588-8618"},"institutions":[{"id":"https://openalex.org/I4210131589","display_name":"Ericsson (Hungary)","ror":"https://ror.org/03c0yyz21","country_code":"HU","type":"company","lineage":["https://openalex.org/I1306339040","https://openalex.org/I4210131589"]}],"countries":["HU"],"is_corresponding":false,"raw_author_name":"Reijo M. Savola","raw_affiliation_strings":["Ericsson Oy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Ericsson Oy","institution_ids":["https://openalex.org/I4210131589"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.3924,"has_fulltext":true,"cited_by_count":23,"citation_normalized_percentile":{"value":0.85923247,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/agile-software-development","display_name":"Agile software development","score":0.7434701919555664},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.5403618216514587},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.503102719783783},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4500456750392914},{"id":"https://openalex.org/keywords/engineering-management","display_name":"Engineering management","score":0.3579205274581909},{"id":"https://openalex.org/keywords/systems-engineering","display_name":"Systems engineering","score":0.3461589515209198},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.317579448223114},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.11220088601112366}],"concepts":[{"id":"https://openalex.org/C14185376","wikidata":"https://www.wikidata.org/wiki/Q30232","display_name":"Agile software development","level":2,"score":0.7434701919555664},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.5403618216514587},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.503102719783783},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4500456750392914},{"id":"https://openalex.org/C110354214","wikidata":"https://www.wikidata.org/wiki/Q6314146","display_name":"Engineering management","level":1,"score":0.3579205274581909},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.3461589515209198},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.317579448223114},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.11220088601112366}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:zenodo.org:5505817","is_oa":true,"landing_page_url":"https://zenodo.org/record/5505817","pdf_url":"https://zenodo.org/record/5505817","source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"JUCS - Journal of Universal Computer Science 18((12)) 1679-1702","raw_type":"info:eu-repo/semantics/article"},{"id":"doi:10.3217/jucs-018-12-1679","is_oa":true,"landing_page_url":"https://doi.org/10.3217/jucs-018-12-1679","pdf_url":null,"source":{"id":"https://openalex.org/S4306400660","display_name":"TUGraz OPEN Library (Graz University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4092182","host_organization_name":"Graz University of Technology","host_organization_lineage":["https://openalex.org/I4092182"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:zenodo.org:5505817","is_oa":true,"landing_page_url":"https://zenodo.org/record/5505817","pdf_url":"https://zenodo.org/record/5505817","source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"JUCS - Journal of Universal Computer Science 18((12)) 1679-1702","raw_type":"info:eu-repo/semantics/article"},"sustainable_development_goals":[{"score":0.6499999761581421,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320338388","display_name":"Eurostars","ror":null}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2293315449.pdf","grobid_xml":"https://content.openalex.org/works/W2293315449.grobid-xml"},"referenced_works_count":25,"referenced_works":["https://openalex.org/W16900643","https://openalex.org/W43328283","https://openalex.org/W111010178","https://openalex.org/W117150685","https://openalex.org/W1198752617","https://openalex.org/W1480385994","https://openalex.org/W1516293359","https://openalex.org/W1536432326","https://openalex.org/W1587715758","https://openalex.org/W1602304209","https://openalex.org/W1993575476","https://openalex.org/W2000089542","https://openalex.org/W2015004885","https://openalex.org/W2048904649","https://openalex.org/W2064553186","https://openalex.org/W2086178534","https://openalex.org/W2098415077","https://openalex.org/W2114033273","https://openalex.org/W2143877366","https://openalex.org/W2156745762","https://openalex.org/W2156763327","https://openalex.org/W2618675491","https://openalex.org/W2921813468","https://openalex.org/W2954836612","https://openalex.org/W3003527120"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2656997359","https://openalex.org/W2460220957","https://openalex.org/W2022021367","https://openalex.org/W2065527077","https://openalex.org/W1973385172","https://openalex.org/W2083510688","https://openalex.org/W2294820933","https://openalex.org/W4319430762","https://openalex.org/W2804137150"],"abstract_inverted_index":{"The":[0,73,91,109],"need":[1],"for":[2,198,215],"effective":[3],"and":[4,17,22,28,46,58,63,80,101,131,174,209],"efficient":[5,49],"information":[6],"security":[7,33,61,78,120,129,140,181,191,199],"solutions":[8],"is":[9,193],"steadily":[10],"increasing":[11,156],"in":[12,35,40,65,82,105,123,155,186,202],"the":[13,32,36,48,83,112,115,137,157,165,187,194,203,213],"software":[14,88],"industry.":[15],"Software":[16],"system":[18,37],"developers":[19],"require":[20],"practical":[21,116,166],"systematic":[23],"approaches":[24],"to":[25,42,150],"obtain":[26],"sufficient":[27],"credible":[29],"evidence":[30,197,201],"of":[31,51,56,85,99,111,118,128,139,159,168,172,189,196,206],"level":[34],"under":[38],"development":[39,89,208],"order":[41],"guide":[43],"their":[44,219],"efforts":[45],"ensure":[47],"use":[50,188],"resources.":[52],"We":[53,161],"present":[54],"experiences":[55],"developing":[57],"using":[59],"hierarchical":[60],"metrics":[62,134,146,173,192],"measurements":[64,175],"an":[66,86],"industrial":[67],"pilot":[68,74,92],"study":[69,113],"at":[70,218],"Ericsson":[71,100],"Finland.":[72],"focused":[75],"on":[76],"risk-driven":[77,119,190],"design":[79],"implementation":[81],"context":[84],"Agile":[87],"process.":[90],"target":[93],"was":[94,148],"a":[95,102,152],"well-established":[96],"telecommunications":[97],"product":[98,207],"core":[103],"component":[104],"modern":[106],"mobile":[107],"networks.":[108],"results":[110],"demonstrate":[114],"potential":[117],"metrics,":[121],"particularly":[122],"offering":[124],"some":[125],"early":[126,204],"visibility":[127],"effectiveness":[130,200],"efficiency.":[132],"Hierarchical":[133],"models":[135],"enable":[136],"linking":[138],"objectives":[141],"with":[142],"detailed":[143],"measurements.":[144],"Security":[145],"visualization":[147],"found":[149,163],"play":[151],"crucial":[153],"role":[154],"manageability":[158],"metrics.":[160,182],"also":[162],"that":[164],"means":[167],"managing":[169],"larger":[170],"collections":[171],"are":[176,217],"more":[177],"essential":[178],"than":[179],"individual":[180],"A":[183],"major":[184],"challenge":[185],"lack":[195],"phases":[205],"Risk":[210],"Analysis,":[211],"when":[212],"needs":[214],"it":[216],"greatest.":[220]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":2},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":3},{"year":2012,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}