1 |
International IT Security Evaluation Community, 'Common Evaluation Methodology 2.3', Aug. 2005
|
2 |
Hayes, W. and J. W. Over, 'The Personal Software Process (PSP): An Empirical Study of the Impact of PSP on Individual Engineers.' CMU/SEI- 97-TR-001, ADA335543. Pittsburgh, PA: The Software Engineering Institute, Carnegie Mellon University, 1997
|
3 |
IEEE P1074-2005:Roadmap for Optimizing Security in the System and Software Life Cycle Bar Biszick-Lockwood/QualityIT Redmond, WA 2005
|
4 |
Neumann, Peter, Principles Assuredly Trustworthy Composable Architectures: (Emerging Draft of the) Final Report, December 2003
|
5 |
'Common Criteria for Information Technology Security Evaluation Version 2.3,' Aug. 2005, http://www.commoncriteriaportal.org/public/expert/index. php?menu=2
|
6 |
Jones, Capers. Software Assessments, Benchmarks, and Best Practices, Reading, MA: Addison-Wesley, 2000
|
7 |
C. Mann, 'Why Software Is so Bad,' Technology Review (July/August 2002)
|
8 |
Gary McGraw and Greg Morrisett, 'Attacking Malicious Code: A report to the Infosec Research Council', submitted to IEEE Software and presented to the Infosec Research Council. http://www.cigital.com/~gem/malcode.pdf [McGraw 2004] McGraw, Gary, 'Software Security', IEEE Security and Privacy, to appear March 2004
|
9 |
'IT839전략의 안전한 실현을 위한 소프트웨어 보안표준', 김홍근, 정보통신표준화 논문, TTA
|
10 |
ISO/IEC 12207 Software Life Cycle Processes http://www.12207.com/
|
11 |
Improving Security Across The Software Development Life cycle, Task force Report, April 2004, (http://www.cyberpartnership.org)
|
12 |
Bar Biszick-Lockwood, IT Quality and Security Assurance, 'Framework Solution for Life Cycle Security'
|
13 |
Jones, Capers. Software Assessments, Benchmarks, and Best Practices, Reading, MA: Addison-Wesley, 2000
|
14 |
D. Gilliam, J. Kelly, M. Bishop, 'Reducing Software Security Risk Through an Integrated Approach,' Proc. of the Ninth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (June, 2000), Gaithersburg, MD, pp.141-146
|
15 |
Hall, Anthony, and Roderick Chapman, Correctness by Construction: Developing a Commercial Secure System, IEEE Software, January/February 2002, pp.18-25
|
16 |
Davis, Noopur, and Mullaney, Julia, 'The Team Software Process in Practice: A Summary of Recent Results,' Technical Report CMU/SEI-2003-TR-014, September 2003
|
17 |
'Hold developers liable for flaws' By Tom Espiner, ZDNet (UK)
|
18 |
Herbsleb, J. et al. 'Benefits of CMMBased Software Process Improvement: Initial Results.' CMU/SEI-94-TR-013, Software Engineering Institute, Carnegie Mellon University, 1994
|
19 |
Goldenson, Dennis R. and Gibson, Diane L. 'Demonstrating the Impact and Benefits of CMMI', Special Report CMU/SEI-2003-SR-009, The Software Engineering Institute, Carnegie Mellon University, 2003
|
20 |
Howard, M., and S. Lipner, 'Inside the Windows Security Push,' IEEE Security & Privacy, vol.1, no. 1, 2003, pp. 57-61. and MicroSoft page, http://blogs.msdn.com/michael_howard/
DOI
ScienceOn
|