[{"date_updated":"2024-08-09T08:55:49Z","date_created":"2024-05-02T08:57:52Z","author":[{"last_name":"Taaibi","full_name":"Taaibi, Samira","id":"55800","first_name":"Samira"},{"first_name":"Stefan","orcid":"http://orcid.org/0000-0002-8679-6673","last_name":"Dziwok","full_name":"Dziwok, Stefan","id":"3901"},{"first_name":"Lars","full_name":"Hermerschmidt, Lars","last_name":"Hermerschmidt"},{"first_name":"Thorsten","last_name":"Koch","full_name":"Koch, Thorsten","id":"13616"},{"full_name":"Merschjohann, Sven","id":"11394","last_name":"Merschjohann","first_name":"Sven"},{"first_name":"Mark","full_name":"Vollmary, Mark","last_name":"Vollmary"}],"title":"Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of their Product - An Experience Report","conference":{"location":"Salt Lake City","end_date":"2024-08-17","start_date":"2024-08-15","name":" 30th Americas Conference on Information Systems"},"publication_status":"accepted","has_accepted_license":"1","year":"2024","citation":{"ama":"Taaibi S, Dziwok S, Hermerschmidt L, Koch T, Merschjohann S, Vollmary M. Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of their Product - An Experience Report.","ieee":"S. Taaibi, S. Dziwok, L. Hermerschmidt, T. Koch, S. Merschjohann, and M. Vollmary, “Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of their Product - An Experience Report,” presented at the 30th Americas Conference on Information Systems, Salt Lake City.","chicago":"Taaibi, Samira, Stefan Dziwok, Lars Hermerschmidt, Thorsten Koch, Sven Merschjohann, and Mark Vollmary. “Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of Their Product - An Experience Report,” n.d.","apa":"Taaibi, S., Dziwok, S., Hermerschmidt, L., Koch, T., Merschjohann, S., & Vollmary, M. (n.d.). Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of their Product - An Experience Report. 30th Americas Conference on Information Systems, Salt Lake City.","short":"S. Taaibi, S. Dziwok, L. Hermerschmidt, T. Koch, S. Merschjohann, M. Vollmary, in: n.d.","mla":"Taaibi, Samira, et al. Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of Their Product - An Experience Report.","bibtex":"@inproceedings{Taaibi_Dziwok_Hermerschmidt_Koch_Merschjohann_Vollmary, title={Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of their Product - An Experience Report}, author={Taaibi, Samira and Dziwok, Stefan and Hermerschmidt, Lars and Koch, Thorsten and Merschjohann, Sven and Vollmary, Mark} }"},"_id":"53811","user_id":"55800","department":[{"_id":"662"}],"ddc":["000"],"keyword":["Software security","maturity model"],"file_date_updated":"2024-05-02T08:54:21Z","language":[{"iso":"eng"}],"type":"conference","abstract":[{"lang":"eng","text":"Persistent security challenges plague DevOps teams due to a deficiency in expertise regarding security tools and methods, as evidenced by frequent security incidents. Existing maturity models fail to adequately address the specific needs of DevOps teams. In response, this paper proposes \"Security Belts,\" a novel maturity model inspired by martial arts ranking systems. This model aims to assist DevOps teams in enhancing their security capabilities by providing a structured approach, starting with fundamental activities and progressing to more advanced techniques. Drawing from the experiences of monitoring 21 teams, the paper presents lessons learned and offers actionable advice for refining maturity models tailored to software quality improvement."}],"file":[{"file_size":540990,"file_name":"AMCIS2024_final_submission_maturity model security belt paper.pdf","access_level":"closed","file_id":"53812","date_updated":"2024-05-02T08:54:21Z","date_created":"2024-05-02T08:54:21Z","creator":"staaibi","success":1,"relation":"main_file","content_type":"application/pdf"}],"status":"public"},{"status":"public","type":"conference","publication":"REFSQ 2023: Requirements Engineering: Foundation for Software Quality","language":[{"iso":"eng"}],"user_id":"8472","department":[{"_id":"241"},{"_id":"662"}],"_id":"43395","citation":{"ama":"Trentinaglia R, Merschjohann S, Fockel M, Eikerling H. Eliciting Security Requirements – An Experience Report. In: REFSQ 2023: Requirements Engineering: Foundation for Software Quality. Springer Nature Switzerland; 2023. doi:10.1007/978-3-031-29786-1_25","ieee":"R. Trentinaglia, S. Merschjohann, M. Fockel, and H. Eikerling, “Eliciting Security Requirements – An Experience Report,” 2023, doi: 10.1007/978-3-031-29786-1_25.","chicago":"Trentinaglia, Roman, Sven Merschjohann, Markus Fockel, and Hendrik Eikerling. “Eliciting Security Requirements – An Experience Report.” In REFSQ 2023: Requirements Engineering: Foundation for Software Quality. Cham: Springer Nature Switzerland, 2023. https://doi.org/10.1007/978-3-031-29786-1_25.","apa":"Trentinaglia, R., Merschjohann, S., Fockel, M., & Eikerling, H. (2023). Eliciting Security Requirements – An Experience Report. REFSQ 2023: Requirements Engineering: Foundation for Software Quality. https://doi.org/10.1007/978-3-031-29786-1_25","mla":"Trentinaglia, Roman, et al. “Eliciting Security Requirements – An Experience Report.” REFSQ 2023: Requirements Engineering: Foundation for Software Quality, Springer Nature Switzerland, 2023, doi:10.1007/978-3-031-29786-1_25.","bibtex":"@inproceedings{Trentinaglia_Merschjohann_Fockel_Eikerling_2023, place={Cham}, title={Eliciting Security Requirements – An Experience Report}, DOI={10.1007/978-3-031-29786-1_25}, booktitle={REFSQ 2023: Requirements Engineering: Foundation for Software Quality}, publisher={Springer Nature Switzerland}, author={Trentinaglia, Roman and Merschjohann, Sven and Fockel, Markus and Eikerling, Hendrik}, year={2023} }","short":"R. Trentinaglia, S. Merschjohann, M. Fockel, H. Eikerling, in: REFSQ 2023: Requirements Engineering: Foundation for Software Quality, Springer Nature Switzerland, Cham, 2023."},"place":"Cham","year":"2023","publication_status":"published","publication_identifier":{"isbn":["9783031297854","9783031297861"],"issn":["0302-9743","1611-3349"]},"doi":"10.1007/978-3-031-29786-1_25","title":"Eliciting Security Requirements – An Experience Report","date_created":"2023-04-04T12:47:31Z","author":[{"last_name":"Trentinaglia","orcid":"0000-0001-9728-4991","id":"49934","full_name":"Trentinaglia, Roman","first_name":"Roman"},{"first_name":"Sven","last_name":"Merschjohann","id":"11394","full_name":"Merschjohann, Sven"},{"first_name":"Markus","id":"8472","full_name":"Fockel, Markus","last_name":"Fockel","orcid":"0000-0002-1269-0702"},{"last_name":"Eikerling","full_name":"Eikerling, Hendrik","id":"29279","first_name":"Hendrik"}],"publisher":"Springer Nature Switzerland","date_updated":"2023-04-04T12:51:41Z"},{"department":[{"_id":"76"},{"_id":"662"}],"user_id":"15249","series_title":"IEEE Secure Development Conference (SecDev)","_id":"33837","language":[{"iso":"eng"}],"type":"conference","status":"public","author":[{"orcid":"0000-0003-4424-5838","last_name":"Piskachev","id":"41936","full_name":"Piskachev, Goran","first_name":"Goran"},{"first_name":"Stefan","full_name":"Dziwok, Stefan","id":"3901","orcid":"http://orcid.org/0000-0002-8679-6673","last_name":"Dziwok"},{"first_name":"Thorsten","full_name":"Koch, Thorsten","id":"13616","last_name":"Koch"},{"full_name":"Merschjohann, Sven","id":"11394","last_name":"Merschjohann","first_name":"Sven"},{"first_name":"Eric","full_name":"Bodden, Eric","id":"59256","last_name":"Bodden","orcid":"0000-0003-3470-3647"}],"date_created":"2022-10-20T12:37:14Z","date_updated":"2022-10-20T12:37:44Z","title":"How far are German companies in improving security through static program analysis tools?","citation":{"mla":"Piskachev, Goran, et al. How Far Are German Companies in Improving Security through Static Program Analysis Tools? 2022.","short":"G. Piskachev, S. Dziwok, T. Koch, S. Merschjohann, E. Bodden, (2022).","bibtex":"@article{Piskachev_Dziwok_Koch_Merschjohann_Bodden_2022, series={IEEE Secure Development Conference (SecDev)}, title={How far are German companies in improving security through static program analysis tools?}, author={Piskachev, Goran and Dziwok, Stefan and Koch, Thorsten and Merschjohann, Sven and Bodden, Eric}, year={2022}, collection={IEEE Secure Development Conference (SecDev)} }","apa":"Piskachev, G., Dziwok, S., Koch, T., Merschjohann, S., & Bodden, E. (2022). How far are German companies in improving security through static program analysis tools?","ama":"Piskachev G, Dziwok S, Koch T, Merschjohann S, Bodden E. How far are German companies in improving security through static program analysis tools? Published online 2022.","ieee":"G. Piskachev, S. Dziwok, T. Koch, S. Merschjohann, and E. Bodden, “How far are German companies in improving security through static program analysis tools?” 2022.","chicago":"Piskachev, Goran, Stefan Dziwok, Thorsten Koch, Sven Merschjohann, and Eric Bodden. “How Far Are German Companies in Improving Security through Static Program Analysis Tools?” IEEE Secure Development Conference (SecDev), 2022."},"year":"2022"},{"language":[{"iso":"eng"}],"department":[{"_id":"241"},{"_id":"662"}],"user_id":"13616","_id":"23534","status":"public","abstract":[{"lang":"eng","text":"In recent years, the World Economic Forum has identified software security as\r\nthe most significant technological risk to the world's population, as\r\nsoftware-intensive systems process critical data and provide critical services.\r\nThis raises the question of the extent to which German companies are addressing\r\nsoftware security in developing and operating their software products. This\r\npaper reports on the results of an extensive study among developers, product\r\nowners, and managers to answer this question. Our results show that ensuring\r\nsecurity is a multi-faceted challenge for companies, involving low awareness,\r\ninaccurate self-assessment, and a lack of competence on the topic of secure\r\nsoftware development among all stakeholders. The current situation in software\r\ndevelopment is therefore detrimental to the security of software products in\r\nthe medium and long term."}],"publication":"arXiv:2108.11752","type":"preprint","title":"AppSecure.nrw Software Security Study","date_created":"2021-08-27T04:57:00Z","author":[{"orcid":"http://orcid.org/0000-0002-8679-6673","last_name":"Dziwok","full_name":"Dziwok, Stefan","id":"3901","first_name":"Stefan"},{"first_name":"Thorsten","full_name":"Koch, Thorsten","id":"13616","last_name":"Koch"},{"first_name":"Sven","last_name":"Merschjohann","full_name":"Merschjohann, Sven","id":"11394"},{"last_name":"Budweg","full_name":"Budweg, Boris","first_name":"Boris"},{"first_name":"Sebastian","full_name":"Leuer, Sebastian","last_name":"Leuer"}],"date_updated":"2022-01-06T06:55:56Z","citation":{"apa":"Dziwok, S., Koch, T., Merschjohann, S., Budweg, B., & Leuer, S. (2021). AppSecure.nrw Software Security Study. ArXiv:2108.11752.","mla":"Dziwok, Stefan, et al. “AppSecure.Nrw Software Security Study.” ArXiv:2108.11752, 2021.","bibtex":"@article{Dziwok_Koch_Merschjohann_Budweg_Leuer_2021, title={AppSecure.nrw Software Security Study}, journal={arXiv:2108.11752}, author={Dziwok, Stefan and Koch, Thorsten and Merschjohann, Sven and Budweg, Boris and Leuer, Sebastian}, year={2021} }","short":"S. Dziwok, T. Koch, S. Merschjohann, B. Budweg, S. Leuer, ArXiv:2108.11752 (2021).","chicago":"Dziwok, Stefan, Thorsten Koch, Sven Merschjohann, Boris Budweg, and Sebastian Leuer. “AppSecure.Nrw Software Security Study.” ArXiv:2108.11752, 2021.","ieee":"S. Dziwok, T. Koch, S. Merschjohann, B. Budweg, and S. Leuer, “AppSecure.nrw Software Security Study,” arXiv:2108.11752. 2021.","ama":"Dziwok S, Koch T, Merschjohann S, Budweg B, Leuer S. AppSecure.nrw Software Security Study. arXiv:210811752. 2021."},"year":"2021"},{"language":[{"iso":"eng"}],"_id":"22805","user_id":"8472","series_title":"Communications in Computer and Information Science","department":[{"_id":"241"},{"_id":"662"}],"status":"public","type":"conference","publication":"European System, Software & Service Process Improvement & Innovation Conference (EuroSPI 2019)","title":"Designing and Integrating IEC 62443 Compliant Threat Analysis","conference":{"location":"Edinburgh, UK","name":"European System, Software & Service Process Improvement & Innovation Conference (EuroSPI 2019)"},"doi":"10.1007/978-3-030-28005-5_5","date_updated":"2022-01-06T06:55:41Z","date_created":"2021-07-23T14:09:56Z","author":[{"id":"8472","full_name":"Fockel, Markus","orcid":"0000-0002-1269-0702","last_name":"Fockel","first_name":"Markus"},{"first_name":"Sven","last_name":"Merschjohann","id":"11394","full_name":"Merschjohann, Sven"},{"first_name":"Masud","full_name":"Fazal-Baqaie, Masud","last_name":"Fazal-Baqaie"},{"last_name":"Förder","full_name":"Förder, Torsten","first_name":"Torsten"},{"full_name":"Hausmann, Stefan","last_name":"Hausmann","first_name":"Stefan"},{"full_name":"Waldeck, Boris","last_name":"Waldeck","first_name":"Boris"}],"volume":1060,"year":"2019","citation":{"ieee":"M. Fockel, S. Merschjohann, M. Fazal-Baqaie, T. Förder, S. Hausmann, and B. Waldeck, “Designing and Integrating IEC 62443 Compliant Threat Analysis,” in European System, Software & Service Process Improvement & Innovation Conference (EuroSPI 2019), Edinburgh, UK, 2019, vol. 1060.","chicago":"Fockel, Markus, Sven Merschjohann, Masud Fazal-Baqaie, Torsten Förder, Stefan Hausmann, and Boris Waldeck. “Designing and Integrating IEC 62443 Compliant Threat Analysis.” In European System, Software & Service Process Improvement & Innovation Conference (EuroSPI 2019), Vol. 1060. Communications in Computer and Information Science, 2019. https://doi.org/10.1007/978-3-030-28005-5_5.","ama":"Fockel M, Merschjohann S, Fazal-Baqaie M, Förder T, Hausmann S, Waldeck B. Designing and Integrating IEC 62443 Compliant Threat Analysis. In: European System, Software & Service Process Improvement & Innovation Conference (EuroSPI 2019). Vol 1060. Communications in Computer and Information Science. ; 2019. doi:10.1007/978-3-030-28005-5_5","mla":"Fockel, Markus, et al. “Designing and Integrating IEC 62443 Compliant Threat Analysis.” European System, Software & Service Process Improvement & Innovation Conference (EuroSPI 2019), vol. 1060, 2019, doi:10.1007/978-3-030-28005-5_5.","short":"M. Fockel, S. Merschjohann, M. Fazal-Baqaie, T. Förder, S. Hausmann, B. Waldeck, in: European System, Software & Service Process Improvement & Innovation Conference (EuroSPI 2019), 2019.","bibtex":"@inproceedings{Fockel_Merschjohann_Fazal-Baqaie_Förder_Hausmann_Waldeck_2019, series={Communications in Computer and Information Science}, title={Designing and Integrating IEC 62443 Compliant Threat Analysis}, volume={1060}, DOI={10.1007/978-3-030-28005-5_5}, booktitle={European System, Software & Service Process Improvement & Innovation Conference (EuroSPI 2019)}, author={Fockel, Markus and Merschjohann, Sven and Fazal-Baqaie, Masud and Förder, Torsten and Hausmann, Stefan and Waldeck, Boris}, year={2019}, collection={Communications in Computer and Information Science} }","apa":"Fockel, M., Merschjohann, S., Fazal-Baqaie, M., Förder, T., Hausmann, S., & Waldeck, B. (2019). Designing and Integrating IEC 62443 Compliant Threat Analysis. In European System, Software & Service Process Improvement & Innovation Conference (EuroSPI 2019) (Vol. 1060). Edinburgh, UK. https://doi.org/10.1007/978-3-030-28005-5_5"},"intvolume":" 1060","publication_status":"published","publication_identifier":{"issn":["1865-0929","1865-0937"]}},{"status":"public","editor":[{"first_name":"Martin","last_name":"Mikusz","full_name":"Mikusz, Martin"}],"type":"conference","publication":"Projektmanagement und Vorgehensmodelle 2019 (PVM 2019)","language":[{"iso":"eng"}],"series_title":"Lecture Notes in Informatics (LNI)","user_id":"13616","department":[{"_id":"241"},{"_id":"662"}],"_id":"21929","citation":{"chicago":"Altemeier, Katharina, Matthias Becker, Stefan Dziwok, Thorsten Koch, and Sven Merschjohann. “Was Fehlt (Bisher) Um Apps Sicher Zu Entwickeln? - Prozesse, Werkzeuge Und Schulungen Für Sichere Apps by Design.” In Projektmanagement Und Vorgehensmodelle 2019 (PVM 2019), edited by Martin Mikusz. Lecture Notes in Informatics (LNI). Gesellschaft für Informatik e.V., 2019.","ieee":"K. Altemeier, M. Becker, S. Dziwok, T. Koch, and S. Merschjohann, “Was fehlt (bisher) um Apps sicher zu entwickeln? - Prozesse, Werkzeuge und Schulungen für sichere Apps by Design,” in Projektmanagement und Vorgehensmodelle 2019 (PVM 2019), 2019.","ama":"Altemeier K, Becker M, Dziwok S, Koch T, Merschjohann S. Was fehlt (bisher) um Apps sicher zu entwickeln? - Prozesse, Werkzeuge und Schulungen für sichere Apps by Design. In: Mikusz M, ed. Projektmanagement Und Vorgehensmodelle 2019 (PVM 2019). Lecture Notes in Informatics (LNI). Gesellschaft für Informatik e.V.; 2019.","apa":"Altemeier, K., Becker, M., Dziwok, S., Koch, T., & Merschjohann, S. (2019). Was fehlt (bisher) um Apps sicher zu entwickeln? - Prozesse, Werkzeuge und Schulungen für sichere Apps by Design. In M. Mikusz (Ed.), Projektmanagement und Vorgehensmodelle 2019 (PVM 2019). Gesellschaft für Informatik e.V.","short":"K. Altemeier, M. Becker, S. Dziwok, T. Koch, S. Merschjohann, in: M. Mikusz (Ed.), Projektmanagement Und Vorgehensmodelle 2019 (PVM 2019), Gesellschaft für Informatik e.V., 2019.","mla":"Altemeier, Katharina, et al. “Was Fehlt (Bisher) Um Apps Sicher Zu Entwickeln? - Prozesse, Werkzeuge Und Schulungen Für Sichere Apps by Design.” Projektmanagement Und Vorgehensmodelle 2019 (PVM 2019), edited by Martin Mikusz, Gesellschaft für Informatik e.V., 2019.","bibtex":"@inproceedings{Altemeier_Becker_Dziwok_Koch_Merschjohann_2019, series={Lecture Notes in Informatics (LNI)}, title={Was fehlt (bisher) um Apps sicher zu entwickeln? - Prozesse, Werkzeuge und Schulungen für sichere Apps by Design}, booktitle={Projektmanagement und Vorgehensmodelle 2019 (PVM 2019)}, publisher={Gesellschaft für Informatik e.V.}, author={Altemeier, Katharina and Becker, Matthias and Dziwok, Stefan and Koch, Thorsten and Merschjohann, Sven}, editor={Mikusz, MartinEditor}, year={2019}, collection={Lecture Notes in Informatics (LNI)} }"},"year":"2019","title":"Was fehlt (bisher) um Apps sicher zu entwickeln? - Prozesse, Werkzeuge und Schulungen für sichere Apps by Design","author":[{"first_name":"Katharina","full_name":"Altemeier, Katharina","last_name":"Altemeier"},{"last_name":"Becker","full_name":"Becker, Matthias","first_name":"Matthias"},{"full_name":"Dziwok, Stefan","id":"3901","orcid":"http://orcid.org/0000-0002-8679-6673","last_name":"Dziwok","first_name":"Stefan"},{"first_name":"Thorsten","id":"13616","full_name":"Koch, Thorsten","last_name":"Koch"},{"id":"11394","full_name":"Merschjohann, Sven","last_name":"Merschjohann","first_name":"Sven"}],"date_created":"2021-04-30T10:55:34Z","publisher":"Gesellschaft für Informatik e.V.","date_updated":"2022-01-06T06:55:19Z"},{"language":[{"iso":"eng"}],"_id":"20780","department":[{"_id":"241"},{"_id":"662"}],"user_id":"8472","series_title":"LNCS 11271","abstract":[{"text":"With the growing number of incidents, the topic security gains more and more attention across all domains. Organizations realize their lack of state-of-the-art security practices, however, they struggle to improve their software lifecycle in terms of security. In this talk, we introduce the concept of security by design that implements security practices within the whole software lifecycle. Based on our practical experience from industry projects in the regulated industrial automation and unregulated classical IT domain, we explain how to perform a threat analysis and how to integrate it into the software lifecycle.","lang":"eng"}],"status":"public","publication":"19th International Conference on Product-Focused Software Process Improvement (PROFES 2018)","type":"conference","title":"Threat Analysis in Practice - Systematically Deriving Security Requirements","doi":"10.1007/978-3-030-03673-7_25","publisher":"Springer Nature Switzerland AG","date_updated":"2022-01-06T06:54:38Z","author":[{"id":"8472","full_name":"Fockel, Markus","orcid":"0000-0002-1269-0702","last_name":"Fockel","first_name":"Markus"},{"last_name":"Merschjohann","full_name":"Merschjohann, Sven","id":"11394","first_name":"Sven"},{"last_name":"Fazal-Baqaie","full_name":"Fazal-Baqaie, Masud","first_name":"Masud"}],"date_created":"2020-12-17T12:00:45Z","year":"2018","citation":{"ieee":"M. Fockel, S. Merschjohann, and M. Fazal-Baqaie, “Threat Analysis in Practice - Systematically Deriving Security Requirements,” in 19th International Conference on Product-Focused Software Process Improvement (PROFES 2018), 2018.","chicago":"Fockel, Markus, Sven Merschjohann, and Masud Fazal-Baqaie. “Threat Analysis in Practice - Systematically Deriving Security Requirements.” In 19th International Conference on Product-Focused Software Process Improvement (PROFES 2018). LNCS 11271. Springer Nature Switzerland AG, 2018. https://doi.org/10.1007/978-3-030-03673-7_25.","ama":"Fockel M, Merschjohann S, Fazal-Baqaie M. Threat Analysis in Practice - Systematically Deriving Security Requirements. In: 19th International Conference on Product-Focused Software Process Improvement (PROFES 2018). LNCS 11271. Springer Nature Switzerland AG; 2018. doi:10.1007/978-3-030-03673-7_25","mla":"Fockel, Markus, et al. “Threat Analysis in Practice - Systematically Deriving Security Requirements.” 19th International Conference on Product-Focused Software Process Improvement (PROFES 2018), Springer Nature Switzerland AG, 2018, doi:10.1007/978-3-030-03673-7_25.","short":"M. Fockel, S. Merschjohann, M. Fazal-Baqaie, in: 19th International Conference on Product-Focused Software Process Improvement (PROFES 2018), Springer Nature Switzerland AG, 2018.","bibtex":"@inproceedings{Fockel_Merschjohann_Fazal-Baqaie_2018, series={LNCS 11271}, title={Threat Analysis in Practice - Systematically Deriving Security Requirements}, DOI={10.1007/978-3-030-03673-7_25}, booktitle={19th International Conference on Product-Focused Software Process Improvement (PROFES 2018)}, publisher={Springer Nature Switzerland AG}, author={Fockel, Markus and Merschjohann, Sven and Fazal-Baqaie, Masud}, year={2018}, collection={LNCS 11271} }","apa":"Fockel, M., Merschjohann, S., & Fazal-Baqaie, M. (2018). Threat Analysis in Practice - Systematically Deriving Security Requirements. In 19th International Conference on Product-Focused Software Process Improvement (PROFES 2018). Springer Nature Switzerland AG. https://doi.org/10.1007/978-3-030-03673-7_25"}}]