1 |
IATAC and DACS, "Software Security Assurance", State-of-the-Art Report(SOAR), Chap. 2, July 2007
|
2 |
Gary McGraw, "Software Security", IEEE Security & Privacy, pp. 80-83, March/April 2004.
|
3 |
Gary McGraw, "Software Security, Building Security In", Addison-Wesley, 2006
|
4 |
US Homeland Security, Software Assurance Home page-Community Resources and Information Clearinghouse, https://buildsecurityin.us-cert.gov/swa/
|
5 |
정보통신산업진흥원(NIPA), 2010년 소프트웨어 산업백서
|
6 |
F. Piessens, "A Taxonomy of Causes of Software Vulnerabilities in Internet Software", Supplementary Proceedings of the 13th International Symposium on Software Reliability Engineering, pages 47-52, November 2002, 또는 Extended version(with Examples):Technical Report(CW Reports), volume CW346, 11pages, Department of Computer Science, Belgium, August 2002
|
7 |
C. V. Berghe, J. Riordan, F. Piessens, "A Vulnerability Taxonomy Methodology applied to Web Services", Proceedings of the 10th Nordic Workshop on Secure IT Systems(NordSec 2005), pages 49-62, October 2005
|
8 |
Robert F. Dacey, "Information Security: Effective Patch Management is Critical to Mitigating Software Vulnerabilities", Information Security Issues, U.S. General Accounting Office(GAO), September 2003. http://www.gao.gov/new.items/d031138t.pdf
|
9 |
단국대 컴퓨터보안연구실, "소프트웨어 보안 취약점분류 방법 및 검출 방법에 관한 연구 국가보안기술연구소 위탁과제 연구결과 보고서, 2006년 10월
|
10 |
단국대 컴퓨터보안연구실, "소프트웨어의 보안취약성 분석 절차에 대한 방법 연구", 한국정보보호진흥원 위탁과제 연구결과보고서, 2003년 12월
|
11 |
Microsoft SDL home page, www.microsoft.com/security/sdl/
|
12 |
US Computer Emergency Readiness Team (US-CERT), Software Assurance, http://www.us-cert.gov/swa/
|
13 |
US Homeland Security, "Risk-Based Software Security Testing", Software Assurance Pocket Guide Series: Development Volume III Version 0.5, Sep. 2009. https://buildsecurityin.us-cert.gov/swa/downloads/TestingMWV0502AM091013.pdf
|
14 |
B. Potter and G. McGraw, "Software Security Testing", IEEE Security & Privacy, pp. 32-36, Sep./Oct. 2004.
|
15 |
CVE(Common Vulnerabilities and Exposures) home page: http://cve.mitre.org, and S. Christey, CVE and CVSS, Sep. 2010. available at: scap.nist.gov/events/2010/itsac/presentations/day1/SCAP_101-CVE_and_CVSS.pdf
|
16 |
CWE(Common Weakness Enumeration) home page:http://cwe.mitre.org and Top 25 Most Dangerous Software Error http://cwe.mitre.org/top25
|
17 |
Common Vulnerability Scoring System(CVSS-SIG) home page: http://www.first.org/cvss and S. Christey, Common Weakness scoring System(CWSS), Feb. 2011 (https://buildsecurityin.us-cert.gov/swa/presentations_032011/SteveChristey-CWSS.pdf)
|
18 |
NIST-SRD(SAMATE Reference Dataset) Project, ''http://samate.nist.gov/SRD/"
|
19 |
"Real World Fuzzing", Charlie Miller Independent Security Evaluators, October 20, 2007
|
20 |
"Fuzzing-Brute Force Vulnerability Discovery", Michael Sutton, 2007
|