Note: This page is part of the us-cert.gov archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

Note: This page is part of the us-cert.gov archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

Software Engineering Bibliography

Published: February 05, 2007 | Last revised: September 29, 2008 Author(s): Carol Dekkers James McCurley Dave Zubrow Maturity Levels and Audience Indicators: / E  SDLC Life Cycles: Cross-Cutting  Copyright: Copyright © Carnegie Mellon University 2005-2012.

Abstract

General content area bibliography.

Beizer, Boris. Software Testing Techniques, 2nd edition, Boston, MA.: International Thomson Computer Press, 1990 (ISBN 1850328803).

Chrissis, M. B.; Konrad, M.; & Shrum, S. CMMI: Guidelines for Process Integration and Product Improvement. Boston, MA: Addison-Wesley, 2003 (ISBN 0321154967).

Cote, Marc-Alexis; Suryn, Witold; Martin, Robert A.; & Laporte, Claude Y. "Evolving a Corporate Software Quality Assessment Exercise: A Migration Path to ISO/IEC 9126.” Software Quality Engineering 6, 3 (2004).

Ernst & Young LLP. Using Attack Surface Area And Relative Attack Surface Quotient To Identify Attackability, Security & Technology Solutions, Advanced Security Center. Customer Information Paper.

Fenton, Norman E. & Pfleeger, Sharon L. Software Metrics: A Rigorous and Practical Approach, 2nd ed. Boston, MA: International Thomson Computer Press, 1996 (ISBN 1850322759).

Grady, Robert B. Practical Software Metrics for Project Management and Process Improvement. Englewood Cliffs, NJ : Prentice Hall, 1992 (ISBN 0137203845).

Halstead, Maurice.H. Elements of Software Science. New York, NY: Elsevier, 1977 (ISBN 0444002057).

Humphrey, Watts S. Managing the Software Process. Reading, MA: Addison-Wesley, 1989 (ISBN 0201180952).

Humphrey, Watts S. A Discipline for Software Engineering. Reading, MA: Addison-Wesley, 1995 (ISBN 0201546108).

Humphrey, Watts S. Introduction to the Team Software Process. Reading, MA: Addison-Wesley, 2000 (ISBN 020147719X).

ISO. ISO/IEC 15939:2002, Software engineering – Software Measurement Process. Geneva, Switzerland: International Organization for Standardization, 2002.

ISO. ISO/IEC 9126-1:2001: Software Engineering – Product Quality. Part 1: Quality Model. Geneva, Switzerland: International Organization for Standardization, 2001.

ISO. ISO/IEC TR 9126-2:2003: Software Engineering – Product Quality. Part 2: External Metrics. Geneva, Switzerland: International Organization for Standardization, 2003.

ISO. ISO/IEC TR 9126-3:2003: Software Engineering – Product Quality. Part 3: Internal Metrics. Geneva, Switzerland: International Organization for Standardization, 2003.

ISO. ISO/IEC TR 9126-4:2004: Software Engineering – Product Quality. Part 4: Quality in Use Metrics. Geneva, Switzerland: International Organization for Standardization, 2004.

Kan, Stephen H. Metrics and Models in Software Quality Engineering, 2nd ed. Boston, MA: Addison-Wesley, 2003 (ISBN 0201729156).

McGarry, John; Card, David; Jones, Cheryl; Layman, Beth; Clark, Elizabeth; Dean, Joseph; & Hall, Fred. Practice Software Measurement: Objective Information for Decision Makers, Boston, MA: Addison-Wesley, 2002 (ISBN 0201715163).

Reports and Articles

Basili, Victor R. “Quantitative Software Complexity Models: A Panel Summary.” IEEE Proceedings of the Workshop on Quantitative Software Models for Reliability, Complexity, and Cost. October 1979.

Basili, Victor R. & Weiss, David M. “A Methodology for Collecting Valid Software Engineering Data.” IEEE Transactions on Software Engineering 10, 6 (November 1984): 728-738.

Fagan, Michael E. “Design and code inspections to reduce errors in program development.” IBM Systems Journal 38, 2 & 3 (1999): 258-287.

Fenton, Norman. E. & Ohlsson, Niclas. “Quantitative Analysis of Faults and Failures in a Complex Software System.” IEEE Transactions on Software Engineering 26, 8 (August 2000): 797-814.

Florac, W. Software Quality Measurement: A Framework for Counting Problems and Defects (CMU/SEI-92-TR-022, ADA258556). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 1992.

McCabe, T. “A Complexity Measure.” IEEE Transactions on Software Engineering 2, 4 (December 1976): 308-320.

McGraw, Gary. “Software Security.” IEEE Security and Privacy 2, 2 (March-April 2004): 80-83.

Web Articles/Artifacts/Tools

Foundstone, Inc. Hacme Bank™ v2.0 (released 9/8/2004).

Practical Software and Systems Measurement (2012).

Software Engineering Information Repository (2007).

Capture/Recapture Analysis

Briand, Lionel C.; Emam, Khaled El; Freimut, Bernd G.; & Laitenberger, Oliver. “A Comprehensive Evaluation of Capture-Recapture Models for Estimating Software Defect Content.” IEEE Transactions on Software Engineering 26, 6 (June 2000): 518-540.

Humphrey, Watts S. Introduction to the Team Software Process. Reading, MA: Addison Wesley, 1999 (ISBN 020147719X).

Petersson, Hakan & Wohlin, Claes. “An Empirical Study of Experience-Based Software Defect Content Estimation Methods,” 126-135. Proceedings of the International Symposium on Software Reliability Engineering, ISSRE. Boca Raton, FL, Nov. 1-4, 1999. Los Alamitos, CA: IEEE Computer Society, 1999.

Defect Prevention Program

Mays, R. G.; Jones, C. L.; Holloway, G. J.; & Studinski, D. P. “Experiences with Defect Prevention.” IBM Systems Journal 29, 1 (1990): 4-32.

Grady, R. B. “Software Failure Analysis for High-Return Process Improvement Decisions.” Hewlett Packard Journal 47, 4 (August 1996): 15-24.

Gale, J. L.; Tirso, J. R.; & Burchfield, C. A. “Implement the Defect Prevention Process in the MVS Interactive Programming Organization.” IBM Systems Journal 29, 1 (1990): 33-43.

Statistical Process Control

Florac, William. A. & Carleton, Anita D. Measuring the Software Process: Statistical Process Control for Software Process Improvement. Reading, MA: Addison Wesley, 1999 (ISBN 0201604442).

Orthogonal Defect Classification Defect Prediction Technique

Chillarege, Ram; Bhandari, Inderpal S.; Chaar, Jarir K.; Halliday, Michael J.; Moebus, Diane S.; Ray, Bonnie K.; & Wong, Man-Yuen. “Orthogonal Defect Classification - A Concept for In-Process Measurements.” IEEE Transactions on Software Engineering 18, 11 (Nov. 1992): 943-956.

Bridge, Norman & Miller, Corrine. “Orthogonal Defect Classification: Using Defect Data to Improve Software Development,” 197-213. International Conference on Software Quality. Montgomery, AL, October 6-8, 1997. Milwaukee, WI: American Society for Quality, 1997.

El Emam, K. & Wieczorek, I. “The Repeatability of Code Defect Classifications,” 322-333. Proceedings of the Ninth International Symposium onSoftware Reliability Engineering. Paderborn, Germany, Nov. 4-7, 1998. Los Alamitos, CA: IEEE Computer Society, 1998.

Fault Proneness

Selby, R. & Basili, V. “Analyzing Error-Prone System Structure.” IEEE Transactions on Software Engineering 17, 2 (Feb. 1991): 141-152.

Briand, Lionel C.; Melo, Walcelio L.; & Wust, Jurgen. “Assessing the Applicability of Fault-Proneness Models Across Object-Oriented Software Projects.” IEEE Transactions on Software Engineering 28, 7 (July 2002): 706-720.

El Emam, K. “A Primer on Object Oriented Measurement,” 185-187. 7th International Software Metrics Symposium. London, England, April 4-6, 2001. Los Alamitos, CA: IEEE Computer Society, 2001.

Fenton, Norman E. & Ohlsson, Niclas. “Quantitative Analysis of Faults and Failures in a Complex Software System.” IEEE Transactions on Software Engineering 26, 8 (August 2000): 797-814.

Ohlsson, Magnus C. & Wohlin, Claes. “Identification of Green, Yellow, and Red Legacy Components,” 6-15. Proceedings of the 1998 IEEE International Conference on Software Maintenance, ICSM. Bethesda, MD, Nov. 16-20, 1998. Los Alamitos, CA: IEEE Computer Society, 1998.

General Defect Detection References

Fenton, Norman E. & Neil, Martin. “A Critique of Software Defect Prediction Models.” IEEE Transactions on Software Engineering 25, 5 (Sept. 1999): 675-689.

Frederick, M. “Using Defect Tracking and Analysis to Improve Software Quality.” University of Maryland (1999).

Florac, W. A. Software Quality Measurement: A Framework for CountingProblems and Defects (CMU/SEI-92-TR-22, ADA258556). Pittsburgh PA: Software Engineering Institute, Carnegie Mellon University, September 1992.

Peng, Wendy W. & Wallace, Dolores R. Software Error Analysis. Gaithersburg, MD: U.S. Dept. of Commerce, National Institute of Standards and Technology, 1993.

Empirical Defect Prediction

Humphrey, W. Introduction to the Team Software Process. Reading, MA: Addison Wesley, 2000 (ISBN 020147719X).

Weller, E. F. “Using metrics to manage software projects.” IEEE Software 27, 9 (Sept. 1994): 27-33.

Defect Profile Prediction Technique

Gaffney, John; Roberts, William; & DiLorio, Robert. “A Process and Tool for Improved Software Defect Analysis and Quality Management,” Track 7, 463-469. CD-ROM Proceedings for the Ninth Annual Software Technology Conference: Information Dominance Through Software Technology. Salt Lake City, Utah, April 27 – May 2, 1997. Hill AFB, UT: Software Technology Support Center (STSC), 1997.

COQUALMO Prediction Technique

Chulani, Sunita & Boehm, Barry. Modeling Software Defect Introduction and Removal: COQUALMO (Technical Report USC-CSE-99-510). Los Angeles, CA: University of Southern California, Center for Software Engineering, 1999.

Copyright © Carnegie Mellon University 2005-2012.

This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission.  Permission is required for any other use.  Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu.

The Build Security In (BSI) portal is sponsored by the U.S. Department of Homeland Security (DHS), National Cyber Security Division. The Software Engineering Institute (SEI) develops and operates BSI. DHS funding supports the publishing of all site content.

NO WARRANTY

THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS FURNISHED ON AN “AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.