1. Antón, P.S., et al.: Finding & Fixing Vulnerabilities in Information Systems: The vulnerability assessment & mitigation methodology. RAND National Defence Research Institute (2003)

2. Lecture Notes in Computer Science,2006

3. Beaver, K.: Security scan results: Take them with a grain of salt, Windows Security Tips (2006), http://searchwindowssecurity.techtarget.com/tip/0,289483,sid45_gci1227130,00.html

4. Cobb, M.: Should every flaw in a vulnerability scanner report be addressed? Ask The Security Expert: Questions & Answers. (2006), http://searchsecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid14_gci1244322,00.html

5. Ekelhart, A., et al.: Security Ontologies: Improving Quantitative Risk Analysis. In: Proceedings of the 40th Annual Hawaii International Conference on System Sciences (HICSS 2007). IEEE Computer Society, Los Alamitos (2007)