References
- 'Common Criteria for Information Technology Security Evaluation Version 2.3,' Aug. 2005, http://www.commoncriteriaportal.org/public/expert/index. php?menu=2
- International IT Security Evaluation Community, 'Common Evaluation Methodology 2.3', Aug. 2005
- C. Mann, 'Why Software Is so Bad,' Technology Review (July/August 2002)
- 'Hold developers liable for flaws' By Tom Espiner, ZDNet (UK)
- 'IT839전략의 안전한 실현을 위한 소프트웨어 보안표준', 김홍근, 정보통신표준화 논문, TTA
- Improving Security Across The Software Development Life cycle, Task force Report, April 2004, (http://www.cyberpartnership.org)
- Herbsleb, J. et al. 'Benefits of CMMBased Software Process Improvement: Initial Results.' CMU/SEI-94-TR-013, Software Engineering Institute, Carnegie Mellon University, 1994
- Goldenson, Dennis R. and Gibson, Diane L. 'Demonstrating the Impact and Benefits of CMMI', Special Report CMU/SEI-2003-SR-009, The Software Engineering Institute, Carnegie Mellon University, 2003
- Jones, Capers. Software Assessments, Benchmarks, and Best Practices, Reading, MA: Addison-Wesley, 2000
- Hayes, W. and J. W. Over, 'The Personal Software Process (PSP): An Empirical Study of the Impact of PSP on Individual Engineers.' CMU/SEI- 97-TR-001, ADA335543. Pittsburgh, PA: The Software Engineering Institute, Carnegie Mellon University, 1997
- Davis, Noopur, and Mullaney, Julia, 'The Team Software Process in Practice: A Summary of Recent Results,' Technical Report CMU/SEI-2003-TR-014, September 2003
- Jones, Capers. Software Assessments, Benchmarks, and Best Practices, Reading, MA: Addison-Wesley, 2000
- Gary McGraw and Greg Morrisett, 'Attacking Malicious Code: A report to the Infosec Research Council', submitted to IEEE Software and presented to the Infosec Research Council. http://www.cigital.com/~gem/malcode.pdf [McGraw 2004] McGraw, Gary, 'Software Security', IEEE Security and Privacy, to appear March 2004
-
IEEE P1074-2005:Roadmap for Optimizing Security in the System and Software Life Cycle
${\copyright}$ Bar Biszick-Lockwood/QualityIT Redmond, WA 2005 - ISO/IEC 12207 Software Life Cycle Processes http://www.12207.com/
- Howard, M., and S. Lipner, 'Inside the Windows Security Push,' IEEE Security & Privacy, vol.1, no. 1, 2003, pp. 57-61. and MicroSoft page, http://blogs.msdn.com/michael_howard/ https://doi.org/10.1109/MSECP.2003.1176996
- Bar Biszick-Lockwood, IT Quality and Security Assurance, 'Framework Solution for Life Cycle Security'
- D. Gilliam, J. Kelly, M. Bishop, 'Reducing Software Security Risk Through an Integrated Approach,' Proc. of the Ninth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (June, 2000), Gaithersburg, MD, pp.141-146
- Hall, Anthony, and Roderick Chapman, Correctness by Construction: Developing a Commercial Secure System, IEEE Software, January/February 2002, pp.18-25
- Neumann, Peter, Principles Assuredly Trustworthy Composable Architectures: (Emerging Draft of the) Final Report, December 2003