참고문헌
- Charlie Lai, "Java Insecurity: Accounting for Subtleties That Can Compromise Code," Software, IEEE, pp.13-19, 2008. https://doi.org/10.1109/MS.2008.9
- Gary McGraw, Software Security, Addison-Wesley, February 2006.
- John Viega and Gary McGraw, Building Secure Software, Addison-Wesley, September 2001.
-
$JAVA^{TM}$ SECURITY OVERVIEW, White Paper, Sun Microsystems, 2005. - Lynn Futcher and Rossouw von Solms, "Guidelines for Secure Software Development," ACM Proceedings of the 2008 annual research conference of the South African Institute of Computer Scientists and Information Technologists on IT research in developing countries: riding the wave of technology, pp.56-65, 2008.
-
The
$JAVA^{TM}$ Language Specification, Third Edition, Sun Microsystems, 2005. - Cigital Java Security Rulepack, http://www.cigital.com/securitypack/
- CWE(Common Weakness Enumeration), http://cwe.mitre.org/
- Fortify, http://www.fortify.com/products/fortify-360/
- Gartner, Nov 2005, http://gartner.com
- Secure Coding Guidelines for the Java Programming Language, Version 2.0, http://java.sun.com/security/seccodeguide.html
- SANS Top 25, http://www.sans.org/top25-programm-ing-errors/
- SevenPerniciousKingdoms,http://cwe.mitre.org/documents/sources/SevenPerniciousKingdoms.pdf
- The CERT Sun Microsystems Secure Coding Standard for Java, https://www.securecoding.cert.org/confluence/display/java/
- Tiobe Programming Community Index, 2009, http://www.tiobe.com/index.php/content/paperinfo/tptp/index.html