1 |
Charlie Lai, "Java Insecurity: Accounting for Subtleties That Can Compromise Code," Software, IEEE, pp.13-19, 2008.
DOI
|
2 |
John Viega and Gary McGraw, Building Secure Software, Addison-Wesley, September 2001.
|
3 |
The Language Specification, Third Edition, Sun Microsystems, 2005.
|
4 |
CWE(Common Weakness Enumeration), http://cwe.mitre.org/
|
5 |
Fortify, http://www.fortify.com/products/fortify-360/
|
6 |
The CERT Sun Microsystems Secure Coding Standard for Java, https://www.securecoding.cert.org/confluence/display/java/
|
7 |
Tiobe Programming Community Index, 2009, http://www.tiobe.com/index.php/content/paperinfo/tptp/index.html
|
8 |
Lynn Futcher and Rossouw von Solms, "Guidelines for Secure Software Development," ACM Proceedings of the 2008 annual research conference of the South African Institute of Computer Scientists and Information Technologists on IT research in developing countries: riding the wave of technology, pp.56-65, 2008.
|
9 |
Gary McGraw, Software Security, Addison-Wesley, February 2006.
|
10 |
Gartner, Nov 2005, http://gartner.com
|
11 |
SANS Top 25, http://www.sans.org/top25-programm-ing-errors/
|
12 |
Cigital Java Security Rulepack, http://www.cigital.com/securitypack/
|
13 |
SECURITY OVERVIEW, White Paper, Sun Microsystems, 2005.
|
14 |
Secure Coding Guidelines for the Java Programming Language, Version 2.0, http://java.sun.com/security/seccodeguide.html
|
15 |
SevenPerniciousKingdoms,http://cwe.mitre.org/documents/sources/SevenPerniciousKingdoms.pdf
|