[1]S. Kumar and E. Spafford, “A pattern matching model for misuse intrusion detection,” 17th National Computer Security Conference, pp. 11-21, 1994.
[2]M. Bishop, “A taxonomy of UNIX system and network vulnerabilities,” Tech. Rep. CSE-95-10, Department of Computer Science at the University of California at Davis, 1995.
[3]S. Kumar, Classification and Detection of Computer Intrusions, Ph.D. thesis, Purdue University, 1995.
[4]IV. Krsul, Software Vulnerability Analysis, PhD thesis, Purdue University, West Lafayette, 1998.
[6]S. Gorman, “Electricity grid in U.S. penetrated by spies,” http://online.wsj.com/article/SB123914805204099085.html, Accessed March 2014.
[7]N. Falliere, L. O. Murchu and E. Chien, “W32.Stuxnet dossier,” Symantec Corp., Security Response, 2011.
[8]Laboratory of Cryptography and System Security (CrySyS), “Duqu: A stuxnet-like malware found in the wild,” October 2011.
[10]Y. Shin, A. Meneely and L. Williams, “Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities,” IEEE Transactions on Software Engineering, vol. 37, no. 6, Nov.-Dec 2011.
[11]M. Gegick, L. Williams, J. Osborne and M. Vouk, “Prioritizing software security fortification through code-level metrics,” in Proceedings of 4th ACM workshop on Quality of protection, Alexandria, Virginia, USA, pp. 31-38, October 2008.
[12]Y. Shin and L. Williams, “Is complexity really the enemy of software security?,” in Proceedings of the 4th ACM Workshop on Quality of Protection, Alexandria, Virginia, USA, pp. 47-50, October 2008.
[13]V. H. Nguyen and L. M. S. Tran, “Predicting vulnerable software components with dependency graphs,” in Proceedings of the 6th International Workshop on Security Measurements and Metrics, Bolzano-Bozen, Italy, September 2010.
[14]I. Chowdhury and M. Zulkernine, “Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities,” Journal of Systems Architecture, pp. 294-313, 2011.
[15]Y. Shin and L. Williams, “An initial study on the use of execution complexity metrics as indicators of software vulnerabilities,” in Proceedings of the 7th International Workshop on Software Engineering for Secure Systems, Waikiki, Honolulu, Hawaii, pp. 1-7, May 2011.
[16]Y. Shin, and L. Williams, “Can traditional fault prediction models be used for vulnerability prediction?,” Empirical Software Engineering, pp. 1-35, 2011.
[17]A. Meneely and L. Williams, “Secure open source collaboration: An empirical study of linus’s law,” InCCS’09, 2009.
[18]N. Nagappan, T. Ball and B. Murphy, “Using historical in-Process and product metrics for early estimation of software failures,” in International Symposium on Software Reliability Engineering, pp. 62-74, 2006.
[19]E. J. Weyuker, T. J. Ostrand and R. M. Bell, “Using developer information as a factor for fault prediction,” in Proceedings of the 3rd International Workshop on Predictor Models in Software Engineering, Minneapolis, MN, USA, PROMISE’7, May 2007.
[20]R. Abreu, and R. Premraj, “How developer communication frequency relates to bug introducing changes,” in Proceedigs of joint ERCIM Workshop on Software Evolution (EVOL) and Int'l Work-shop on Principles of Software Evolution, pp. 153-157, 2009.
[21]S. Matsumoto, Y. Kamei, A. Monden, K.-I. Matsumoto and M. Nakamura, “An analysis of developer metrics for fault prediction,” in Proceedings of the 6th International Conference on Predictive Models in Software Engineering, PROMISE ’10, pp. 1, 2010.
[22]R. Bell, T. Ostrand and E. Weyuker, “The limited impact of individual developer data on software defect prediction,” Empirical Software Engineering, pp. 1–28, 2011.
[23]E. J. Weyuker, T. J. Ostrand and R. M. Bell, “Do too many cooks spoil the broth? using the number of developers to enhance defect prediction models,” Empirical Software Eng., pp. 539-559, 2008.
[25]B. Cashell, W.D. Jackson, M. Jickling and B. Webel, “CRS report for congress: The economic impact of cyber-attacks,” Congressional Research Service, April 2004.
[26]S. Conte, H. Dunsmore and V. Shen, Software Engineering Metrics and Models, the benjamin/cummings publishing company, 1986.
[27]B. Beizer, Software Testing Techniques, electrical engineering/computer science and engineering series. Van nostrand reinhold, 1983.
[29]T. Jiang, L. Tan, and S. Kim, “Personalized defect prediction,” in Proceedings of the 28th International Conference on Automated Software Engineering (ASE’13), Silicon Valley, CA, USA, pp. 279-289, 2013.
[30]S. McIntosh, Y. Kamei, B. Adams, and A. E. Hassan, “The impact of code review coverage and code review participation on software quality, A case study of the Qt, VTK, and ITK projects,” MSR ’14, May 31 - June 1, 2014, Hyderabad, India.
[34]A. Bosu, J. C. Carver and M. Hafiz, "When are OSS developers more likely to introduce vulnerable code changes? A case study", OSS 2014, IFIP AICT 427, pp. 234-236, 2014.
[35]A. Hovsepyan, R. Scandariato and W. Joosen, “Software vulnerability prediction using text analysis techniques,” IEEE international workshop on security measurements and metrics, Lund, Sweden, pp. 710, September 2012.
[36]B. Shuai, M. Li, H. Li, Q. Zhang and C. Tang, “Software vulnerability detection using genetic algorithm and dynamic taint analysis,” Consumer Electronics, Communications and Networks (CECNet), pp. 589-593, November 2013.
[37]D. Wu and J. Ren, “Software vulnerability analysis method based on adaptive-K sequence clustering,” TELKOMNIKA Indonesian Journal of Electrical Engineering, vol. 12, no. 6, 2014.
[38]A. E. Hassan, “The road ahead for mining software repositories,” in Frontiers of Software Maintenance (FoSM), pp. 48–57, October 2008.
[44]M.W. Fagerland and L. Sandvik, “Performance of five two-sample location tests for skewed distributions with unequal variances,” Contemporary Clinical Trials, Vol. 30, pp. 490–496, 2009.
)