, Information technology -security techniquessystems security engineering -capability maturity model, 2008.
, Introduction to the octave approach, 2003.
, Organization and maintenance of large ordered indices, 1970.
, A problem-based threat analysis in compliance with common criteria, vol.09, p.2013
, Sdl threat modeling tool. security development lifecycle, 2018.
, Developer-driven threat modeling: Lessons learned in the trenches, IEEE Security Privacy, vol.9, issue.4, pp.41-47, 2011.
, Toward a security ontology, IEEE Security and Privacy, vol.1, issue.3, pp.6-7, 2003.
, Security ontology: Simulating threats to corporate assets, vol.12, pp.249-259, 2006.
, Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-science, Int. Journal of Human-Computer Studies, vol.67, pp.281-296, 2009.
, The OWASP Foundation. Owasp attack list, 2017.
, UML Distilled: A Brief Guide to the Standard Object Modeling Language, Object Technology Series, 2003.
, The role of intangible assets in the modern cyber threat landscape: the hermeneut project, vol.5, 2019.
, Exiting the risk assessment maze: A meta-survey, ACM Comput. Surv, vol.51, issue.1, 2018.
, The Security Development Lifecycle, vol.34, 2006.
, Analyzing impacts of cloud computing threats in attack based classification models, 2016.
, Threat modeling: from infancy to maturity, New Ideas and Emerging Results, ICSE, 2020.
, The threats to our products. Microsoft Interface, Microsoft Corporation, vol.33, 1999.
, Software Security: Building Security In, 2006.
, A common criteria based security requirements engineering process for the development of secure information systems, vol.29, 2007.
, Common attack pattern enumeration and classification, 2007.
, Attck matrix for enterprise, 2015.
, Exploring software security approaches in software development lifecycle: A systematic mapping study, Comp. Stand. & Int, vol.50, pp.107-115, 2017.
, Asset-centric security risk assessment of software components, Workshop on MILS: Architecture and Assurance for Secure Systems, vol.01, p.2016
, Threat modeling of a mobile device management system for secure smart work, Electronic Commerce Research, vol.13, 2013.
, A descriptive study of microsoft's threat modeling technique, Requirements Engineering, p.20, 2013.
, Threat modeling: a summary of available methods, 2018.
, Experiences threat modeling at microsoft, vol.01, 2008.
, Threat Modeling: Designing for Security, 2014.
, A reuse-based approach to determining security requirements, 2003.
, Computer Security: Principles and Practice, 2014.
, Threat modeling -perhaps it's time, IEEE Security Privacy, vol.8, issue.3, pp.83-86, 2010.
, Comparison of risk analysis methods: Mehari, magerit, nist800-30 and microsoft's security management guide, Int. Conf. on Availability, Reliability and Security, 2009.
, Demystifying the threat modeling process, IEEE Security Privacy, vol.3, issue.5, pp.66-70, 2005.
, Threat analysis of software systems: A systematic literature review, Journal of Systems and Software, vol.144, pp.275-294, 2018.
, Real world threat modeling using the pasta methodology, 2012.
, An extensible patternbased library and taxonomy of security threats for distributed systems, Computer Standards Interfaces, vol.36, issue.4, pp.734-747, 2014.
, Threat modeling -a systematic literature review, Computers Security, vol.84, pp.53-69, 2019.