Empirical Research for Software Security: Foundations and Experience
暫譯: 軟體安全的實證研究：基礎與經驗

開發安全軟體需要將多種方法和工具整合進開發過程中，而軟體設計則基於共享的專家知識、主張和意見。經驗方法，包括數據分析，允許從組織從其過程和工具中收集的數據，以及實踐這些過程和方法的專家的意見中提取知識和見解。本書向讀者介紹經驗研究方法的基本原則，並展示如何利用這些方法來完善基於經驗數據和已發表最佳實踐的安全軟體開發生命週期。

Dr. Lotfi ben Othmane is on the faculty at the Department of Electrical and Computer Engineering, Iowa State University, USA. Previously, he was a Research Scientist and then Head of the Secure Software Engineering department at Fraunhofer SIT, Germany. Lotfi received his Ph.D. from Western Michigan University (WMU), USA, in 2010; the M.S. in computer science from University of Sherbrooke, Canada, in 2000; and the B.S 　in information systems from University of Sfax, Tunisia, in 1995. He works currently on software security, specifically on (1) the application of empirical methods to address software security challenges and (2) the impact of incremental development on the security of software.

Dr. Martin Gilje Jaatun is a Senior Scientist at SINTEF ICT, where he has been employed since 2004. He received his Sivilingeniør degree in Telematics from the Norwegian Institute of Technology (NTH) in 1992, and the Dr.Philos. degree from the University of Stavanger in 2015. Previous positions include scientist at the Norwegian Defence Research Establishment (FFI), and Senior Lecturer in information security at the Bodø Graduate School of Business. His research interests include software security, security in cloud computing, and security of critical information infrastructures. Dr. Jaatun is an associate editor of the International Journal of Secure Software engineering. He is vice chairman of the Cloud Computing Association (cloudcom.org), vice chairman of Cloud Security Alliance Norway, and a Senior Member of the IEEE.
 

Dr. Edgar Weippl is Research Director of SBA Research and Associate Professor at the Vienna University of Technology. His research focuses on applied concepts of IT security. He has published numerous articles in journals and more than 100 papers in peer-reviewed conferences. After graduating with a Ph.D. from the Vienna University of Technology, he worked in a research startup for two years. He then spent one year teaching as an assistant professor at Beloit College, WI. From 2002 to 2004, he was a Consultant for a Health Maintenance Organization (HMO) in New York and Albany, NY, and for Deutsche Bank, Frankfurt, Germany. In 2004 he joined the Vienna University of Technology and co-founded SBA Research. Dr. Weippl has edited a large number of special issues in journals such as Information Security Technical Report and Computers & Security.

Lotfi ben Othmane 博士 目前在美國愛荷華州立大學電機與計算機工程系任教。之前，他曾擔任德國 Fraunhofer SIT 的安全軟體工程部門的研究科學家及部門主管。Lotfi 於 2010 年在美國西密歇根大學 (WMU) 獲得博士學位，2000 年在加拿大舍布魯克大學獲得計算機科學碩士學位，1995 年在突尼西亞斯法克斯大學獲得資訊系統學士學位。他目前的研究方向為軟體安全，特別是 (1) 應用實證方法來解決軟體安全挑戰，以及 (2) 漸進式開發對軟體安全的影響。

Martin Gilje Jaatun 博士 是 SINTEF ICT 的高級科學家，自 2004 年以來一直在該機構工作。他於 1992 年在挪威科技大學 (NTH) 獲得電信工程的 Sivilingeniør 學位，並於 2015 年在斯塔萬格大學獲得 Dr.Philos. 學位。之前的職位包括挪威國防研究所 (FFI) 的科學家，以及博多商學院的信息安全高級講師。他的研究興趣包括軟體安全、雲計算安全以及關鍵信息基礎設施的安全。Jaatun 博士是《國際安全軟體工程期刊》的副編輯，並擔任雲計算協會 (cloudcom.org) 的副主席、挪威雲安全聯盟的副主席，以及 IEEE 的高級會員。

Edgar Weippl 博士 是 SBA Research 的研究主任及維也納科技大學的副教授。他的研究專注於 IT 安全的應用概念。他在期刊上發表了大量文章，並在同行評審的會議上發表了超過 100 篇論文。博士畢業於維也納科技大學後，他在一家研究初創公司工作了兩年。隨後，他在威斯康辛州的貝洛伊特學院擔任助理教授一年。從 2002 年到 2004 年，他擔任紐約及阿爾巴尼的健康維護組織 (HMO) 和德意志銀行（法蘭克福，德國）的顧問。2004 年，他加入維也納科技大學並共同創立了 SBA Research。Weippl 博士編輯了許多期刊的特刊，如《信息安全技術報告》和《計算機與安全》。