{"id":"https://openalex.org/W2007538886","doi":"https://doi.org/10.4018/ijsse.2015010103","title":"Balancing Product and Process Assurance for Evolving Security Systems","display_name":"Balancing Product and Process Assurance for Evolving Security Systems","publication_year":2015,"publication_date":"2015-01-01","ids":{"openalex":"https://openalex.org/W2007538886","doi":"https://doi.org/10.4018/ijsse.2015010103","mag":"2007538886"},"language":"en","primary_location":{"id":"doi:10.4018/ijsse.2015010103","is_oa":false,"landing_page_url":"https://doi.org/10.4018/ijsse.2015010103","pdf_url":null,"source":{"id":"https://openalex.org/S43656255","display_name":"International Journal of Secure Software Engineering","issn_l":"1947-3036","issn":["1947-3036","1947-3044"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Secure Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5070598171","display_name":"Wolfgang Raschke","orcid":null},"institutions":[{"id":"https://openalex.org/I4092182","display_name":"Graz University of Technology","ror":"https://ror.org/00d7xrm67","country_code":"AT","type":"education","lineage":["https://openalex.org/I4092182"]}],"countries":["AT"],"is_corresponding":true,"raw_author_name":"Wolfgang Raschke","raw_affiliation_strings":["Institute for Technical Informatics, Graz University of Technology, Graz, Austria","Institute for Technical Informatics, Graz University of Technology, Graz, Austria#TAB#"],"affiliations":[{"raw_affiliation_string":"Institute for Technical Informatics, Graz University of Technology, Graz, Austria","institution_ids":["https://openalex.org/I4092182"]},{"raw_affiliation_string":"Institute for Technical Informatics, Graz University of Technology, Graz, Austria#TAB#","institution_ids":["https://openalex.org/I4092182"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005283767","display_name":"Massimiliano Zilli","orcid":null},"institutions":[{"id":"https://openalex.org/I4092182","display_name":"Graz University of Technology","ror":"https://ror.org/00d7xrm67","country_code":"AT","type":"education","lineage":["https://openalex.org/I4092182"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Massimiliano Zilli","raw_affiliation_strings":["Institute for Technical Informatics, Graz University of Technology, Graz, Austria","Institute for Technical Informatics, Graz University of Technology, Graz, Austria#TAB#"],"affiliations":[{"raw_affiliation_string":"Institute for Technical Informatics, Graz University of Technology, Graz, Austria","institution_ids":["https://openalex.org/I4092182"]},{"raw_affiliation_string":"Institute for Technical Informatics, Graz University of Technology, Graz, Austria#TAB#","institution_ids":["https://openalex.org/I4092182"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064318538","display_name":"Philip Baumgartner","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Philip Baumgartner","raw_affiliation_strings":["NXP Semiconductors Austria GmbH, Gratkorn, Austria"],"affiliations":[{"raw_affiliation_string":"NXP Semiconductors Austria GmbH, Gratkorn, Austria","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5073184991","display_name":"Johannes Loinig","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Johannes Loinig","raw_affiliation_strings":["NXP Semiconductors Austria GmbH, Gratkorn, Austria"],"affiliations":[{"raw_affiliation_string":"NXP Semiconductors Austria GmbH, Gratkorn, Austria","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048811541","display_name":"Christian Steger","orcid":"https://orcid.org/0000-0002-4441-266X"},"institutions":[{"id":"https://openalex.org/I4092182","display_name":"Graz University of Technology","ror":"https://ror.org/00d7xrm67","country_code":"AT","type":"education","lineage":["https://openalex.org/I4092182"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Christian Steger","raw_affiliation_strings":["Institute for Technical Informatics, Graz University of Technology, Graz, Austria","Institute for Technical Informatics, Graz University of Technology, Graz, Austria#TAB#"],"affiliations":[{"raw_affiliation_string":"Institute for Technical Informatics, Graz University of Technology, Graz, Austria","institution_ids":["https://openalex.org/I4092182"]},{"raw_affiliation_string":"Institute for Technical Informatics, Graz University of Technology, Graz, Austria#TAB#","institution_ids":["https://openalex.org/I4092182"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5081494574","display_name":"Christian Kreiner","orcid":"https://orcid.org/0000-0001-8354-8415"},"institutions":[{"id":"https://openalex.org/I4092182","display_name":"Graz University of Technology","ror":"https://ror.org/00d7xrm67","country_code":"AT","type":"education","lineage":["https://openalex.org/I4092182"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Christian Kreiner","raw_affiliation_strings":["Institute for Technical Informatics, Graz University of Technology, Graz, Austria","Institute for Technical Informatics, Graz University of Technology, Graz, Austria#TAB#"],"affiliations":[{"raw_affiliation_string":"Institute for Technical Informatics, Graz University of Technology, Graz, Austria","institution_ids":["https://openalex.org/I4092182"]},{"raw_affiliation_string":"Institute for Technical Informatics, Graz University of Technology, Graz, Austria#TAB#","institution_ids":["https://openalex.org/I4092182"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5070598171"],"corresponding_institution_ids":["https://openalex.org/I4092182"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.07735152,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"6","issue":"1","first_page":"47","last_page":"75"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T13295","display_name":"Safety Systems Engineering in Autonomy","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/2213","display_name":"Safety, Risk, Reliability and Quality"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T13295","display_name":"Safety Systems Engineering in Autonomy","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/2213","display_name":"Safety, Risk, Reliability and Quality"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7793554067611694},{"id":"https://openalex.org/keywords/agile-software-development","display_name":"Agile software development","score":0.6507217884063721},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5925367474555969},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.5616421699523926},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5544426441192627},{"id":"https://openalex.org/keywords/security-engineering","display_name":"Security engineering","score":0.530885636806488},{"id":"https://openalex.org/keywords/certification","display_name":"Certification","score":0.4615599513053894},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4288766086101532},{"id":"https://openalex.org/keywords/common-criteria","display_name":"Common Criteria","score":0.4245012104511261},{"id":"https://openalex.org/keywords/requirement","display_name":"Requirement","score":0.4217541515827179},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.4092779755592346},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.39013656973838806},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.3726971745491028},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.34360045194625854},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.2885955572128296},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.27759289741516113},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.268054723739624},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.25562411546707153},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.21313315629959106},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.0875261127948761}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7793554067611694},{"id":"https://openalex.org/C14185376","wikidata":"https://www.wikidata.org/wiki/Q30232","display_name":"Agile software development","level":2,"score":0.6507217884063721},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5925367474555969},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.5616421699523926},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5544426441192627},{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.530885636806488},{"id":"https://openalex.org/C46304622","wikidata":"https://www.wikidata.org/wiki/Q374814","display_name":"Certification","level":2,"score":0.4615599513053894},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4288766086101532},{"id":"https://openalex.org/C2777306048","wikidata":"https://www.wikidata.org/wiki/Q1116124","display_name":"Common Criteria","level":2,"score":0.4245012104511261},{"id":"https://openalex.org/C135475081","wikidata":"https://www.wikidata.org/wiki/Q774228","display_name":"Requirement","level":4,"score":0.4217541515827179},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.4092779755592346},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.39013656973838806},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.3726971745491028},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.34360045194625854},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2885955572128296},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.27759289741516113},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.268054723739624},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.25562411546707153},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.21313315629959106},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.0875261127948761},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.4018/ijsse.2015010103","is_oa":false,"landing_page_url":"https://doi.org/10.4018/ijsse.2015010103","pdf_url":null,"source":{"id":"https://openalex.org/S43656255","display_name":"International Journal of Secure Software Engineering","issn_l":"1947-3036","issn":["1947-3036","1947-3044"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Secure Software Engineering","raw_type":"journal-article"},{"id":"pmh:oai:RePEc:igg:jsse00:v:6:y:2015:i:1:p:47-75","is_oa":false,"landing_page_url":"http://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/ijsse.2015010103","pdf_url":null,"source":{"id":"https://openalex.org/S4306401271","display_name":"RePEc: Research Papers in Economics","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I77793887","host_organization_name":"Federal Reserve Bank of St. Louis","host_organization_lineage":["https://openalex.org/I77793887"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.5699999928474426,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W57932517","https://openalex.org/W119259191","https://openalex.org/W1505962635","https://openalex.org/W1521803701","https://openalex.org/W1546884423","https://openalex.org/W1569908354","https://openalex.org/W1571711164","https://openalex.org/W1589068524","https://openalex.org/W1601262399","https://openalex.org/W1967747652","https://openalex.org/W1968165445","https://openalex.org/W1973880086","https://openalex.org/W2083210338","https://openalex.org/W2086868175","https://openalex.org/W2097744609","https://openalex.org/W2113045578","https://openalex.org/W2124140478","https://openalex.org/W2131730994","https://openalex.org/W2141965919","https://openalex.org/W2540799308","https://openalex.org/W3087523659","https://openalex.org/W4245208602","https://openalex.org/W6635265112"],"related_works":["https://openalex.org/W1811024770","https://openalex.org/W4230385779","https://openalex.org/W2509045890","https://openalex.org/W2017116761","https://openalex.org/W2375023814","https://openalex.org/W3003273405","https://openalex.org/W2028922190","https://openalex.org/W1963623648","https://openalex.org/W2018644264","https://openalex.org/W4307601327"],"abstract_inverted_index":{"At":[0],"present,":[1],"security-related":[2],"engineering":[3],"usually":[4],"requires":[5],"a":[6,28,67,100,117],"big":[7],"up-front":[8],"design":[9,51,72],"(BUFD)":[10],"regarding":[11],"security":[12,15,29,71,84,106,113],"requirements":[13],"and":[14,73,138],"design.":[16],"In":[17,38,76],"addition":[18],"to":[19,35,44,47,60,116,147],"the":[20,23,26,49,53,79,88,111,121,124],"BUFD,":[21],"at":[22],"end":[24],"of":[25,99,123],"development,":[27],"evaluation":[30,74,85,114,126],"process":[31,115],"can":[32],"take":[33],"up":[34],"several":[36,131],"months.":[37],"today's":[39],"volatile":[40],"markets":[41],"customers":[42],"want":[43],"be":[45,145],"able":[46],"influence":[48],"software":[50,152],"during":[52],"development":[54,153],"process.":[55],"Agile":[56],"processes":[57],"have":[58],"proven":[59],"support":[61,149],"these":[62,136],"demands.":[63],"Nevertheless,":[64],"there":[65],"is":[66,94,128],"clash":[68],"between":[69],"traditional":[70,141],"processes.":[75,154],"this":[77],"paper,":[78],"authors":[80,134],"propose":[81],"an":[82,97],"agile":[83,112],"method":[86,93,127],"for":[87,104],"Common":[89],"Criteria":[90],"standard.":[91],"This":[92,108],"complemented":[95],"by":[96,130],"implementation":[98],"change":[101],"detection":[102],"analysis":[103],"model-based":[105],"requirements.":[107],"system":[109],"facilitates":[110],"high":[118],"degree.":[119],"However,":[120],"application":[122],"proposed":[125],"limited":[129],"constraints.":[132],"The":[133],"discuss":[135],"constraints":[137],"show":[139],"how":[140],"certification":[142],"schemes":[143],"could":[144],"extended":[146],"better":[148],"modern":[150],"industrial":[151]},"counts_by_year":[],"updated_date":"2026-02-09T09:26:11.010843","created_date":"2025-10-10T00:00:00"}