1. Andrews M, Whittacker JA (2006) How to break web software. Addison-Wesley, Upper Saddle River

2. Barnum S, McGraw G (2005) Knowledge for software security. IEEE Secur Priv 3(2):74–78

3. Grunske L, Joyce D (2008) Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles. J Syst Softw 81(8):1327–1345

4. Halkidis ST, Tsantalis N, Chatzigeorgiou A, Stephanides G (2008) Architectural risk analysis of software systems based on security patterns. IEEE Trans Dependable Secure Comput 5(3):129–142

5. Heyman T, Scandariato R, Huygens C, Joosen W (2008) Using security patterns to combine security metrics. In: Proceedings of the third international conference on availability, security and reliability. ARES/IEEE Computer Society, Barcelona, pp 1156–1163