1. GQM+ strategies in a nutshell;Basili,2014
2. A methodology for collecting valid software engineering data;Basili;Softw. Eng. IEEE Trans.,1984
3. Bayuk, J., 2013. Metricon 8 formal proceedings. http://www.securitymetrics.org/attachments/Metricon-8-Proceedings-DraftForReview.pdf.
4. Heartland payment systems: lessons learned from a data breach;Cheney,2010
5. CIS, 2010. The cis security metrics. https://benchmarks.cisecurity.org/tools2/metrics/CIS_Security_Metrics_v1.1.0.pdf.