1. Th omas, R. C. 2009. Total cost of security: a method for managing risks and incentives across the extended enterprise. In Proceedings of the 5th Annual Workshop on Cyber Security and information intelligence Research: Cyber Security and information intelligence Challenges and Strategies (Oak Ridge, Tennessee, April 13 - 15, 2009). F. Sheldon, G. Peterson, A. Krings, R. Abercrombie, and A. Mili, Eds. CSIIRW ‘09. ACM, New York, NY, 1–4.

2. Cheng, B. H. and Atlee, J. M. 2007. Research Directions in Requirements Engineering. In 2007 Future of Soft ware Engineering (May 23–25, 2007). International Conference on Soft ware Engineering. IEEE Computer Society, Washington, DC, 285–303.

3. Fenz, S. and Ekelhart, A. 2009. Formalizing information security knowledge. In Proceedings of the 4th international Symposium on information, Computer, and Communications Security (Sydney, Australia, March 10 - 12, 2009). ASIACCS ‘09. ACM, New York, NY, 183–194.

4. Cardenas, A. A., Roosta, T., and Sastry, S. 2009. Rethinking security properties, threat models, and the design space in sensor networks: A case study in SCADA systems. Ad Hoc Netw. 7, 8 (Nov. 2009), 1434–1447.

5. Fruhwirth, C. and Mannisto, T. 2009. Improving CVSS-based vulnerability prioritization and response with context information. In Proceedings of the 2009 3rd international Symposium on Empirical Software Engineering and Measurement (October 15 - 16, 2009). ESEM. IEEE Computer Society, Washington, DC, 535–544.