1. Attack potential in impact and complexity;Allodi,2017

2. Security events and vulnerability data for cybersecurity risk estimation;Allodi;Risk Anal.,2017

3. Enterprise risk assessment based on compliance reports and vulnerability scoring systems;Alsaleh,2014

4. ASArP: automated security assessment & audit of remote platforms using TCG-SCAP Synergies;Aslam;J. Inform. Secur. Appl.,2015

5. C. Eiram, B. Martin, The CVSSv2 Shortcomings, Faults, and Failures Formulation, Risk Based Security and the Open Security Foundation (OSF), 2013. Available online in September 2017, .