1. Aagedal, J.O., den Braber, F., Dimitrakos, T., Gran, B.A., Raptis, D., Stolen, K.: Model-based risk assessment to improve enterprise security. In: Proceedings of the 6th International Enterprise Distributed Object Computing Conference, pp. 51–62 (2002)

2. Basili, V.R., Rombach, H.D.: The TAME project: Towards improvement-oriented software environments. IEEE Transactions on Software Engineering 14(6), 758–773 (1988)

3. Breaux, T.D., Vail, M.W., Antón, A.I.: Towards Regulatory Compliance: Extracting Rights & Obligations to Align Requirements with Regulations. In: Proc. 14th Int’l Conf. on RE 2006, pp. 49–58 (2006)

4. Butler, S.A.: Security Attribute Evaluation Method: A Cost Benefit Approach. In: Proceedings of the 24th International Conference on Software Engineering, May 2002, pp. 232–240 (2002)

5. Butler, S.A., Shaw, M.: Incorporating Nontechnical Attributes in Multi-Attribute Analysis for Security. In: Proceedings of the Workshop on Economics-Driven Software Engineering Research (2002), http://www-2.cs.cmu.edu/~shawnb/EDSERIV.pdf