1 |
Brian McGee et al, "Vulnerabilities in Enterprise Software," IBM X-Force 2012 Mid-year Trend and Risk Report, Sep. 2012, pp. 66-68.
|
2 |
Gregory Tassey, "The Economic Impact of Inadequate Infrastructure for Software Testing Planning Report," NIST, May 2002, pp. 169-170.
|
3 |
Paul Wood, "Closing The Window of Vulnerability: Exploits And Zero-Day Attacks," Internet Security Threat Report, vol. 17, Symantec, Apr. 2012.
|
4 |
Gerhard Eschelbeck, "Systems and Software Threats," Security Threat Report, Sophos, Jan. 2012. pp. 14-16.
|
5 |
Theresa Lanowitz, "Now Is the Time for Security at the Application Level," Gartner, Dec. 2005, pp. 2-8.
|
6 |
Joe Jarzombek, "Software Assurance: Enabling Security and Resilience throughout the Software Lifecycle," MITRE, Nov. 2012, pp. 3.
|
7 |
SwA, Capability Benchmarking, Softwar e & Supply Chain Assurance-Community Resources and Information Clearinghouse, Accessed Jan. 17, 2014, https://buildsecurityin.us-cert.gov/swa/forums-and-working-groups/processes-and-practices/swa-capability-benchmarking
|
8 |
Standard Life Cycle Processes View, Soft ware & Supply Chain Assurance-Commu nity Resources and Information Clearing house, Accessed Jan. 17, 2014, https://buildsecurityin.us-cert.gov/swa/process-view/overview
|
9 |
ISO std. 15408, Common Criteria for Information Technology Security Evaluation Version 3.1 Revision 4, ISO, Sep. 2012.
|
10 |
CVE List, Common Vulnerabilities and Exposures (CVE), Accessed Jan. 17, 2014, http://cve.mitre.org/
|
11 |
Richard Struse, "Software Assurance-Making the Software Ecosystem Rugged," U.S Department Homeland Security National Protection &Programs Directorate, Oct. 2011.
|
12 |
Adam O'Brien, "Common Criteria and Source Code Analysis Tools: Competitors or Complement," International Common Criteria Conferences 9th. Conf., Seoul, Rep of Korea, Sep.23-25,2008.
|
13 |
Jeff Jones, "Measurable Improvements at Microsoft," Introduction to the Microsoft Security Development Lifecycle (SDL), Microsoft, Jan. 2008.
|
14 |
B. Chess and C. McGraw, "Static analysis for security," IEEE Security & Privacy, vol. 2, no. 6, pp. 76-79, Nov. 2004.
|
15 |
"Basics of Secure Design Development and Test: Secure Software Made Easier," Microsoft, 2008.
|
16 |
Ray Potter, "Setting Expectations Common Criteria and the SDLC," International Common Criteria Conferences 9th. Conf., Seoul, Rep of Korea, Sep.23-25,2008.
|
17 |
Mehmet Kara, "Review on Common Criteria as a Secure Software Development Model," International Journal of Computer Science & Information Technology (IJCSIT) vol. 4, No 2, April. 2012. pp. 83-94
|
18 |
Bob Martin et al, "2011 CWE/SANS Top 25 Most Dangerous Software Errors," Common Weakness Enumeration (CWE), Sep. 2011.
|
19 |
Assessment and Remediation Tool, Common Weakness Enumeration (CWE), Accessed Jan. 17, 2014, http://cwe.mitre.org/compatible/category.html
|