M. Hammervik, D. Andersson, J. Hallberg, “Capturing a cyber defence exercise,” TAMSEC, Linköping (2010).
K. Geers, “Live Fire Exercise: Preparing for Cyber War,” Journal of Homeland Security and Emergency Management, vol. 7, no. 1, Dec. 2010.
D. Andersson, M. Granåsen, T. Sundmark, H. Holm, and J. Hallberg, “Analysis of a Cyber Defense Exercise using Exploratory Sequential Data Analysis,” in 16th ICCRTS “Collective C2 in Multinational Civil-Military Operations,” 2011.
H. Holm, T. Sommestad, M. Ekstedt, and U. Franke, “Expert assessment on the probability of successful remote code execution attacks,” in Proceedings of 8th International Workshop on Security in Information Systems - WOSIS 2011, 2011.
H. Holm, T. Sommestad, J. Almroth, and M. Persson, “A Quantitative Evaluation of Vulnerability Scanning.” Information Management & Computer Security, vol. 19, no. 4, pp. 231–247, 2011.
H. Holm, “Performance of Automated Network Vulnerability Scanning at Remediating Security Issues.” Computers & Security, vol. 31, no. 2, pp. 164–175, 2012.
H. Holm, T. Sommestad, U. Franke, and M. Ekstedt, “Success rate of remote code execution attacks – expert assessments and observations,” Journal of Universal Computer Science, vol. 18, no. 6, pp. 732–749, 2012.
H. Holm, M. Ekstedt, and D. Andersson, “Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 6, pp. 825–837, Nov. 2012.
H. Holm, “Baltic Cyber Shield: Research from a Red Team versus Blue Team Exercise,” Pentest magazine, vol. 2012, no. 9, pp. 80–86, 2012.
T. Sommestad and K. Lundholm, “Detektering av IT-attacker - Intrångsdetekteringssystem och systemadministratörens roll (FOI-R--3419--SE),” Linköping, Sweden, 2012.
T. Sommestad and J. Hallberg, “Cyber security exercises and competitions as a platform for cyber security experiments,” Proceedings of NordSec, 2012.
T. Sommestad and A. Hunstad, “Intrusion detection and the role of the system administrator,” Information Management & Computer Security, vol. 21, no. 1, pp. 30-40, 2013.
T. Sommestad and U. Franke, "A Test of Intrusion Alert Filtering Based on Network Information," Security and Communication Networks 8 (3): 2291–2301. doi:10.1002/sec.1173, 2015.
T. Sommestad and F. Sandström, "An Empirical Test of the Accuracy of an Attack Graph Analysis Tool," Information & Computer Security, In press, 2015.
M. Granåsen and D. Andersson, “Measuring team effectiveness in cyber-defense exercises: a cross-disciplinary case study,” Cognition, Technology & Work, pp. 1-23, doi:10.1007/s10111-015-0350-2, 2015.