1 |
G. Tassey, "The economic impacts of inadequate infrastructure for software testing," NIST, May 2002.
|
2 |
Microsoft, Inc., SDL helps build more secure software, retrieved Apr., 12, 2013, from http://www.microsoft.com/security/sdl/learn/measurable.aspx
|
3 |
B. Chess and C. McGraw, "Static analysis for security," IEEE Security & Privacy, vol. 2, no. 6, pp. 76-79, Nov.-Dec. 2004
|
4 |
M. Johns and M. Jodeit, "Scanstud: a methodology for systematic, fine-grained evaluation of static analysis tools," in Proc. IEEE 4th ICSTW, pp. 523-530, Berlin, Germany, Mar. 2011
|
5 |
T. Hofer, "Evaluation static source code analysis tools," M.S. Thesis, School Compt. Commun. Sci., Ecole Polytechnique Federale de Lausanne, Mar. 2010
|
6 |
R. K. McLean, "Comparing static security analysis tools using open source software," IEEE 6th Int. Conf. SW Security Reliability Companion (SERE-C), pp. 68-74, Gaithersburg, U.S.A., June 2012.
|
7 |
NIST, "Source code security analysis tool test plan Version 1.1," NIST Special Publication 500-270, July 2011
|
8 |
MITRE, Comon Weakness Enumeration V2.4, Retrieved Feb., 21, 2013, from http://cwe.mitre.org.
|
9 |
MITRE, Common Vulnerabilities and Exposures, Retrieved June, 20, 2012, from http://cve.mitre.org.
|
10 |
OWASP, OWASP Top Ten 2013 rc1, Retrieved Feb. 2013, from http://www.owasp.org.
|
11 |
J. Bang, R. Ha, J. Park, and P. Kang, "Minimum standard of weakness in development of reliable e-GOV software," in Proc. KICS Int. Conf. Commun. (KICS ICC 2012), vol. 48, pp. 127-128, Jeju Island, Korea, June 2012
|
12 |
NIST, Juliet Test Suite, Retrived Apr., 13, 2013, from http://samate.nist.gov/SRD/testsuite.php
|
13 |
MOPAS, "A guide to secure software development," Publication No.11-1311000-00030-10, Retrieved May 2012, from http://www.mopas.go.kr
|
14 |
P. E. Black, M. Kass, M. Koo, and E. Fong, "Source code security analysis tool functional specification version 1.1," NIST Special Publication 500-268, Feb. 2011.
|
15 |
MOPAS, "Guidelines on building and operating Information Systems," MOPAS Notification No.2012-25, June 2012
|