Browse > Article

소프트웨어 생명주기에서의 설계문서에 대한 보안성 체크리스트  

Son Kyung-Ho (한국정보보호진흥원)
Kim Seung-Joo (성균관대학교 정보통신공학부)
Won Dong-Ho (성균관대학교 정보통신공학부)
Publication Information
Review of KIISC / v.16, no.4, 2006 , pp. 59-68 More about this Journal
Keywords
Citations & Related Records
연도 인용수 순위
  • Reference
1 International IT Security Evaluation Community, 'Common Evaluation Methodology 2.3', Aug. 2005
2 Hayes, W. and J. W. Over, 'The Personal Software Process (PSP): An Empirical Study of the Impact of PSP on Individual Engineers.' CMU/SEI- 97-TR-001, ADA335543. Pittsburgh, PA: The Software Engineering Institute, Carnegie Mellon University, 1997
3 IEEE P1074-2005:Roadmap for Optimizing Security in the System and Software Life Cycle ${\copyright}$ Bar Biszick-Lockwood/QualityIT Redmond, WA 2005
4 Neumann, Peter, Principles Assuredly Trustworthy Composable Architectures: (Emerging Draft of the) Final Report, December 2003
5 'Common Criteria for Information Technology Security Evaluation Version 2.3,' Aug. 2005, http://www.commoncriteriaportal.org/public/expert/index. php?menu=2
6 Jones, Capers. Software Assessments, Benchmarks, and Best Practices, Reading, MA: Addison-Wesley, 2000
7 C. Mann, 'Why Software Is so Bad,' Technology Review (July/August 2002)
8 Gary McGraw and Greg Morrisett, 'Attacking Malicious Code: A report to the Infosec Research Council', submitted to IEEE Software and presented to the Infosec Research Council. http://www.cigital.com/~gem/malcode.pdf [McGraw 2004] McGraw, Gary, 'Software Security', IEEE Security and Privacy, to appear March 2004
9 'IT839전략의 안전한 실현을 위한 소프트웨어 보안표준', 김홍근, 정보통신표준화 논문, TTA
10 ISO/IEC 12207 Software Life Cycle Processes http://www.12207.com/
11 Improving Security Across The Software Development Life cycle, Task force Report, April 2004, (http://www.cyberpartnership.org)
12 Bar Biszick-Lockwood, IT Quality and Security Assurance, 'Framework Solution for Life Cycle Security'
13 Jones, Capers. Software Assessments, Benchmarks, and Best Practices, Reading, MA: Addison-Wesley, 2000
14 D. Gilliam, J. Kelly, M. Bishop, 'Reducing Software Security Risk Through an Integrated Approach,' Proc. of the Ninth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (June, 2000), Gaithersburg, MD, pp.141-146
15 Hall, Anthony, and Roderick Chapman, Correctness by Construction: Developing a Commercial Secure System, IEEE Software, January/February 2002, pp.18-25
16 Davis, Noopur, and Mullaney, Julia, 'The Team Software Process in Practice: A Summary of Recent Results,' Technical Report CMU/SEI-2003-TR-014, September 2003
17 'Hold developers liable for flaws' By Tom Espiner, ZDNet (UK)
18 Herbsleb, J. et al. 'Benefits of CMMBased Software Process Improvement: Initial Results.' CMU/SEI-94-TR-013, Software Engineering Institute, Carnegie Mellon University, 1994
19 Goldenson, Dennis R. and Gibson, Diane L. 'Demonstrating the Impact and Benefits of CMMI', Special Report CMU/SEI-2003-SR-009, The Software Engineering Institute, Carnegie Mellon University, 2003
20 Howard, M., and S. Lipner, 'Inside the Windows Security Push,' IEEE Security & Privacy, vol.1, no. 1, 2003, pp. 57-61. and MicroSoft page, http://blogs.msdn.com/michael_howard/   DOI   ScienceOn