[biblioapp01_001] [AESRM 2005] Alliance for Enterprise Security Risk Management. “Convergence of Enterprise Security Organizations.” Booz Allen Hamilton, November 8, 2005. http://www.asisonline.org/newsroom/alliance.pdf

[biblioapp01_002] [Ahl 2005] Ahl, V. “An Experimental Comparison of Five Prioritization Methods.” Master’s thesis, School of Engineering, Blekinge Institute of Technology, Ronneby, Sweden, 2005.

[biblioapp01_003] [Alberts 2003] Alberts, Christopher J., & Dorofee, Audrey J. Managing Information Security Risks: The OCTAVE^SM Approach. Boston, MA: Addison-Wesley, 2003.

[biblioapp01_004] [Aleph One 1996] Aleph One. “Smashing the Stack for Fun and Profit.” Phrack Magazine 7, 49 (1996): file 14 of 16. http://www.phrack.org/issues.html?issue=49

[biblioapp01_005] [Alexander 1964] Alexander, Christopher. Notes on the Synthesis of Form. Cambridge, MA: Harvard University Press, 1964.

[biblioapp01_006] [Alexander 1977] Alexander, Christopher, Ishikawa, Sara, & Silverstein, Murray. A Pattern Language. New York: Oxford University Press, 1977.

[biblioapp01_007] [Alexander 1979] Alexander, Christopher. A Timeless Way of Building. New York: Oxford University Press, 1979.

[biblioapp01_008] [Alexander 2002] Alexander, Ian. “Misuse Cases Help to Elicit Non-Functional Requirements.” http://easyweb.easynet.co.uk/~iany/consultancy/misuse_cases/misuse_cases.htm

[biblioapp01_009] [Alexander 2003] Alexander, Ian. “Misuse Cases: Use Cases with Hostile Intent.” IEEE Software 20, 1 (2003): 58–66.

[biblioapp01_010] [Allen 2005] Allen, Julia. Governing for Enterprise Security (CMU/SEI-2005-TN-023, ADA441250). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, June 2005. http://www.sei.cmu.edu/publications/documents/05.reports/05tn023.html

[biblioapp01_011] [Allen 2007] Allen, Julia H., & Westby, Jody R. “Characteristics of Effective Security Governance.” Governing for Enterprise Security Implementation Guide, 2007. http://www.cert.org/governance/ges.html

[biblioapp01_012] [Anderson 2001] Anderson, Ross. Security Engineering: A Guide to Building Dependable Distributed Systems. New York: John Wiley & Sons, 2001.

[biblioapp01_013] [Anton 2001] Anton, A. I., Dempster, J. H., & Siege, D. F. “Deriving Goals from a Use Case Based Requirements Specification for an Electronic Commerce System,” 10–19. Proceedings of the Sixth International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ 2000). Stockholm, Sweden, June 5–6, 2000. London, UK: Springer-London, 2001.

[biblioapp01_014] [Arkin 2005] Arkin, Brad, Stender, Scott, & McGraw, Gary. “Software Penetration Testing.” IEEE Security & Privacy Magazine 3, 1 (January/February 2005): 84–87.

[biblioapp01_015] [Avizienis 2004] Avizienis, Algirdas, Laprie, Jean-Claude, Randell, Brian, & Landwehr, Carl. “Basic Concepts and Taxonomy of Dependable and Secure Computing.” IEEE Transactions on Dependable and Secure Computing 1, 1 (January–March 2004): 11–33.

[biblioapp01_016] [Beck 2004] Beck, Kent, & Andres, Cynthia. Extreme Programming Explained: Embrace Change (2nd ed.). Boston, MA: Addison-Wesley, 2004.

[biblioapp01_017] [Beizer 1995] Beizer, Boris. Black-Box Testing: Techniques for Functional Testing of Software and Systems. New York: John Wiley & Sons, 1995.

[biblioapp01_018] [Berinato 2002] Berinato, Scott. “Finally, a Real Return on Security Spending.” CIO Magazine (Australia), April 8, 2002. http://www.cio.com.au/index.php/id;557330171

[biblioapp01_019] [Binder 1999] Binder, R. V. Testing Object-Oriented Systems: Models, Patterns, and Tools (Addison-Wesley Object Technology Series). Reading, MA: Addison-Wesley, 1999.

[biblioapp01_020] [Bishop 1996] Bishop, Matt, & Dilger, M. “Checking for Race Conditions in File Accesses.” The USENIX Association, Computing Systems, Spring 1996: 131–152.

[biblioapp01_021] [Bishop 2002] Bishop, Matt. Computer Security: Art and Science. Boston, MA: Addison-Wesley, 2002.

[biblioapp01_022] [Black 2002] Black, Rex. Managing the Testing Process: Practical Tools and Techniques for Managing Hardware and Software Testing (2nd ed.). New York: John Wiley & Sons, 2002.

[biblioapp01_023] [Blum 2006] Blum, D. Making Business Sense of Information Security, Security and Risk Management Strategies, Version 1.0. Burton Group, February 10, 2006.

[biblioapp01_024] [Boehm 1987] Boehm, Barry W. “Improving Software Productivity.” Computer 20, 9 (September 1987): 43–57.

[biblioapp01_025] [Boehm 1988] Boehm, Barry W., & Papaccio, Philip N. “Understanding and Controlling Software Costs. IEEE Transactions on Software Engineering 14, 10 (October 1988): 1462–1477.

[biblioapp01_026] [Boehm 1989] Boehm, B., & Ross, R. “Theory-W Software Project Management: Principles and Examples.” IEEE Transactions on Software Engineering 15, 4 (July 1989): 902–916.

[biblioapp01_027] [Boehm 2007] Boehm, Barry, & Lane, Jo Ann. Using the Incremental Commitment Model to Integrate System Acquisition, Systems Engineering, and Software Engineering (USC-CSSE-2007-715). Los Angeles, CA: University of Southern California Center for Systems and Software Engineering, 2007.

[biblioapp01_028] [Booch 2005] Booch, Grady. Architecture Web Log. http://www.booch.com/architecture/blog.jsp (2005).

[biblioapp01_029] [Bowen 2006] Bowen, Pauline, Hash, Joan, & Wilson, Mark. Information Security Handbook: A Guide for Managers (NIST Special Publication 800-100). Gaithersburg, MD: Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, October 2006. http://csrc.nist.gov/publications/nistpubs/800-100/SP800-100-Mar07-2007.pdf

[biblioapp01_030] [Brackett 1990] Brackett, J. W. Software Requirements (SEI-CM-19-1.2, ADA235642). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 1990. http://www.sei.cmu.edu/publications/documents/cms/cm.019.html

[biblioapp01_031] [Butler 2002] Butler, Shawn. “Security Attribute Evaluation Method: A Cost–Benefit Approach,” 232–240. Proceedings of the 24th International Conference on Software Engineering. Orlando, FL, May 19–25, 2002. New York: ACM Press, 2002.

[biblioapp01_032] [Cameron 2005] Cameron, Kim. The Laws of Identity. http://www.identityblog.com/stories/2004/12/09/thelaws.html (2005).

[biblioapp01_033] [CAPEC 2007] MITRE Corporation. Common Attack Pattern Enumeration and Classification. http://capec.mitre.org (2007).

[biblioapp01_034] [Cappelli 2006] Cappelli, Dawn, Trzeciak, Randall, & Moore, Andrew. “Insider Threats in the SDLC.” Presentation at SEPG 2006. Carnegie Mellon University, Software Engineering Institute, 2006. http://www.cert.org/insider_threat/

[biblioapp01_035] [Caralli 2004a] Caralli, Richard. The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management (CMU/SEI-2004-TR-010, ADA443742). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2004. http://www.sei.cmu.edu/publications/documents/04.reports/04tr010.html

[biblioapp01_036] [Caralli 2004b] Caralli, Richard. Managing for Enterprise Security (CMU/SEI-2004-TN-046, ADA430839). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2004. http://www.sei.cmu.edu/publications/documents/04.reports/04tn046.html

[biblioapp01_037] [Caralli 2006] Caralli, Richard. Sustaining Operational Resiliency: A Process Improvement Approach to Security Management. (CMU/SEI-2006-TN-009, ADA446757). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006. http://www.sei.cmu.edu/publications/documents/06.reports/06tn009.html

[biblioapp01_038] [Caralli 2007] Caralli, Richard, Stevens, James F., Wallen, Charles M., White, David W., Wilson, William R., & Young, Lisa R. Introducing the CERT Resiliency Engineering Framework: Improving the Security and Sustainability Processes (CMU/SEI-2007-TR-009). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006. http://www.sei.cmu.edu/publications/documents/07.reports/07tr009.html

[biblioapp01_039] [Carey 2006] Carey, Allan. “2006 Global Information Security Workforce Study.” Framingham, MA: IDC, 2006. https://www.isc2.org/download/workforcestudy06.pdf

[biblioapp01_040] [CERT 2007] CERT Insider Threat Research. http://www.cert.org/insider_threat/ (2007).

[biblioapp01_041] [CCMB 2005a] Common Criteria Management Board. Common Criteria for Information Technology Security Evaluation Version 2.3, Parts 1–3 (CCMB-2005-08-001/002/003), August 2005. http://www.commoncriteriaportal.org/public/thecc.html

[biblioapp01_042] [CCMB 2005b] Common Criteria Management Board. Common Methodology for Information Technology Security Evaluation (CCMB-2005-08-004), August 2005. http://www.commoncriteriaportal.org/public/thecc.html

[biblioapp01_043] [Charette 2005] Charette, R. N. “Why Software Fails.” IEEE Spectrum 42, 9 (September 2005): 42–49.

[biblioapp01_044] [Checkland 1990] Checkland, Peter. Soft Systems Methodology in Action. Toronto, Ontario, Canada: John Wiley & Sons, 1990.

[biblioapp01_045] [Chen 2004] Chen, P., Dean, M., Ojoko-Adams, D., Osman, H., Lopez, L., & Xie, N. Systems Quality Requirements Engineering (SQUARE) Methodology: Case Study on Asset Management System (CMU/SEI-2004-SR-015, ADA431068). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2004. http://www.sei.cmu.edu/publications/documents/04.reports/04sr015.html

[biblioapp01_046] [Chess 2004] Chess, Brian, & McGraw, Gary. “Static Analysis for Security.” IEEE Security & Privacy 2, 6 (November/December 2004): 76–79.

[biblioapp01_047] [Chess 2007] Chess, Brian, & West, Jacob. Secure Programming with Static Analysis. Boston, MA: Addison-Wesley, 2007.

[biblioapp01_048] [Christel 1992] Christel, M., & Kang, K. Issues in Requirements Elicitation (CMU/SEI-92-TR-012, ADA258932). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 1992. http://www.sei.cmu.edu/publications/documents/92.reports/92.tr.012.html

[biblioapp01_049] [Chung 2006] Chung, L., Hung, F., Hough, E., & Ojoko-Adams, D. Security Quality Requirements Engineering (SQUARE): Case Study Phase III (CMU/SEI-2006-SR-003). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006. http://www.sei.cmu.edu/publications/documents/06.reports/06sr003.html

[biblioapp01_050] [CNSS 2006] Committee on National Security Systems. “National Information Assurance (IA) Glossary, Instruction No. 4009.” Ft. Meade, MD: CNSS Secretariat, June 2006. http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf

[biblioapp01_051] [Cornford 2004] Cornford, Steven L., Feather, Martin S., & Hicks, Kenneth A. DDP—A Tool for Life-Cycle Risk Management. http://ddptool.jpl.nasa.gov/docs/f344d-slc.pdf (2004).

[biblioapp01_052] [COSO 2004] Committee of Sponsoring Organizations of the Treadway Commission. “Enterprise Risk Management—Integrated Framework.” September 2004. The executive summary and ordering information are available at http://www.coso.org.

[biblioapp01_053] [CVE 2007] MITRE Corporation. Common Vulnerabilities and Exposures. http://cve.mitre.org (2007).

[biblioapp01_054] [CWE 2007] MITRE Corporation. Common Weakness Enumeration. http://cwe.mitre.org (2007).

[biblioapp01_055] [Davis 2003] Davis, A. “The Art of Requirements Triage.” IEEE Computer, 36, 3 (March 2003): 42–49.

[biblioapp01_056] [Davis 2005a] Davis, A. Just Enough Requirements Management: Where Software Development Meets Marketing. New York: Dorset House, 2005.

[biblioapp01_057] [Davis 2005b] Davis, Noopur. Secure Software Development Life Cycle Processes (CMU/SEI-2005-TN-024, ADA447047). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2005. http://www.sei.cmu.edu/publications/documents/05.reports/05tn024.html

[biblioapp01_058] [Deloitte 2007] Deloitte Touche Tohmatsu. 2007 Global Security Survey: The Shifting Security Paradigm. September 2007. http://www.deloitte.com/

[biblioapp01_059] [Denning 1998] Denning, Dorothy E. Information Warfare and Security. Reading, MA: Addison-Wesley, 1998.

[biblioapp01_060] [DHS 2003] Department of Homeland Security. National Strategy to Secure Cyberspace. Action-Recommendation 2-14, February 2003. http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf

[biblioapp01_061] [Dijkstra 1970] Dijkstra, E. W. “Structured Programming,” 84–88. Software Engineering Techniques. Edited by J. N. Buxton and B. Randall. Brussels, Belgium: NATO Scientific Affairs Division, 1970.

[biblioapp01_062] [Dustin 1999] Dustin, E., Rashka, J., & Paul, J. Automated Software Testing. Reading, MA: Addison-Wesley, 1999.

[biblioapp01_063] [Ellison 2003] Ellison, Robert J., & Moore, Andrew. P. Trustworthy Refinement Through Intrusion-Aware Design (CMU/SEI-2003-TR-002, ADA414865). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2003. http://www.sei.cmu.edu/publications/documents/03.reports/03tr002.html

[biblioapp01_064] [Fagan 1999] Fagan, Michael E. “Design and Code Inspections to Reduce Errors in Program Development.” IBM Systems Journal 38, 2 & 3 (1999): 258–287. http://www.research.ibm.com/journal/sj/382/fagan.pdf

[biblioapp01_065] [Fedchak 2007] Fedchak, Elaine, McGibbon, Thomas, & Vienneau, Robert. Software Project Management for Software Assurance: A DACS State-of-the-Art Report. DACS Report Number 34717, 30 September 2007. https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/906.html

[biblioapp01_066] [Fewster 1999] Fewster, Mark, & Graham, Dorothy. Software Test Automation. Reading, MA: Addison-Wesley, 1999.

[biblioapp01_067] [Fink 1997] Fink, G., & Bishop, M. “Property-Based Testing: A New Approach to Testing for Assurance.” ACM SIGSOFT Software Engineering Notes 22, 4 (July 1997): 74–80.

[biblioapp01_068] [Fyodor 2006] Fyodor. “Top 100 Network Security Tools.” Insecure.org, http://sectools.org/ (2006).

[biblioapp01_069] [Gamma 1995] Gamma, E., Helm, R., Johnson, R., & Vlissides, J. Design Patterns: Elements of Reusable Object-Oriented Software. Reading, MA: Addison-Wesley, 1995.

[biblioapp01_070] [GAO 1999] U.S. General Accounting Office. “Information Security Risk Assessment: Practices of Leading Organizations, A Supplement to GAO’s May 1998 Executive Guide on Information Security Management.” Washington, DC: U.S. General Accounting Office, 1999.

[biblioapp01_071] [Gaudin 2007] Gaudin, Sharon. “TJX Breach Costs Hit $17M.” Information Week, May 18, 2007.

[biblioapp01_072] [Gilb 1988] Gilb, Tom. Principles of Software Engineering Management. Reading, MA: Addison-Wesley, 1988.

[biblioapp01_073] [Goertzel 2006] Goertzel, Karen Mercedes, Winograd, Theodore, McKinley, Holly Lynne, & Holley, Patrick. Security in the Software Lifecycle: Making Software Development Processes—and Software Produced by Them—More Secure, Draft version 1.2. U.S. Department of Homeland Security, August 2006. http://www.cert.org/books/secureswe/SecuritySL.pdf

[biblioapp01_074] [Goertzel 2007] Goertzel, Karen Mercedes, Winograd, Theodore, McKinley, Holly Lynne, et al. Software Security Assurance: A State-of-the-Art Report (SOAR). Herndon, VA: Information Assurance Technology Analysis Center (IATAC) and Defense Technical Information Center (DTIC), 2007. http://iac.dtic.mil/iatac/download/security.pdf

[biblioapp01_075] [Goldenson 2003] Goldenson, Dennis R., & Gibson, Diane L. Demonstrating the Impact and Benefits of CMMI: An Update and Preliminary Results (CMU/SEI-2003-SR-009, ADA418481). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, October 2003. http://www.sei.cmu.edu/publications/documents/03.reports/03sr009.html

[biblioapp01_076] [Gong 2003] Gong, Li, Ellison, Gary, & Dageforde, Mary. Inside Java 2 Platform Security: Architecture, API Design, and Implementation (2nd ed.). Boston, MA: Addison-Wesley, 2003.

[biblioapp01_077] [Goodman 2007] Goodman, Seymour E., Aucsmith, David, Bellovin, Steven M., et al. Towards a Safer and More Secure Cyberspace. Edited by Seymour E. Goodman and Herbert S. Lin. Washington, DC: National Academy Press, 2007 (draft). http://books.nap.edu/catalog.php?record_id=11925

[biblioapp01_078] [Gordon 2005] Gordon, D., Mead, N. R., Stehney, T., Wattas, N., & Yu, E. System Quality Requirements Engineering (SQUARE): Case Study on Asset Management System, Phase II (CMU/SEI-2005-SR-005, ADA441304). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2005. http://www.sei.cmu.edu/publications/documents/05.reports/05sr005.html

[biblioapp01_079] [Gordon 2006] Gordon, L. A., & Loeb, M. P. “Budgeting Process for Information Security Expenditures.” Communications of the ACM 49, 1 (January 2006): 121–125.

[biblioapp01_080] [Graff 2003] Graff, Mark G., & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Sebastopol, CA: O’Reilly, 2003.

[biblioapp01_081] [Haimes 2004] Haimes, Yacov Y. Risk Modeling, Assessment, and Management (2nd ed.). Hoboken, NJ: John Wiley & Sons, 2004.

[biblioapp01_082] [Heitmeyer 2002] Heitmeyer, Constance. “Software Cost Reduction,” 1374–1380. Encyclopedia of Software Engineering. Edited by John J. Marciniak. 2 vols. New York: John Wiley & Sons, 2002.

[biblioapp01_083] [Hickey 2003] Hickey, A., Davis, A., & Kaiser, D. “Requirements Elicitation Techniques: Analyzing the Gap Between Technology Availability and Technology Use.” Comparative Technology Transfer and Society 1, 3 (December 2003): 279–302.

[biblioapp01_084] [Hickey 2004] Hickey, A., & Davis, A. “A Unified Model of Requirements Elicitation.” Journal of Management Information Systems 20, 4 (Spring 2004): 65–84.

[biblioapp01_085] [Hoglund 2004] Hoglund, Greg, & McGraw, Gary. Exploiting Software: How to Break Code. Boston, MA: Addison-Wesley, 2004.

[biblioapp01_086] [Hope 2004] Hope, Paco, McGraw, Gary, & Anton, Annie I. “Misuse and Abuse Cases: Getting Past the Positive.” IEEE Security & Privacy 2, 3 (May/June 2004): 90–92.

[biblioapp01_087] [Howard 2002] Howard, Michael, & LeBlanc, David C. Writing Secure Code (2nd ed.). Redmond, WA: Microsoft Press, 2002.

[biblioapp01_088] [Howard 2005] Howard, Michael, LeBlanc, David, & Viega, John. 19 Deadly Sins of Software Security. Emeryville, CA: McGraw-Hill/Osborne Media, 2005.

[biblioapp01_089] [Howard 2006] Howard, Michael, & Lipner, Steve. The Security Development Lifecycle—SDL: A Process for Developing Demonstrably More Secure Software. Redmond, WA: Microsoft Press, 2006.

[biblioapp01_090] [Howard 2007] Howard, Michael. “Lessons Learned from Five Years of Building More Secure Software.” MSDN Magazine, November 2007. http://msdn2.microsoft.com/en-us/mazagine/cc163310.aspx

[biblioapp01_091] [Huang 2006] Huang, C. Derrick, Hu, Qing, & Behara, Ravi S. “Economics of Information Security Investment in the Case of Simultaneous Attacks.” Fifth Workshop on the Economics of Information Security (WEIS 2006). University of Cambridge, Cambridge, UK, June 26–28, 2006. http://weis2006.econinfosec.org/docs/15.pdf

[biblioapp01_092] [Hubbard 1999] Hubbard, R. “Design, Implementation, and Evaluation of a Process to Structure the Collection of Software Project Requirements.” Ph.D. dissertation, Colorado Technical University, 1999.

[biblioapp01_093] [Hubbard 2000] Hubbard, R., Mead, N., & Schroeder, C. “An Assessment of the Relative Efficiency of a Facilitator-Driven Requirements Collection Process with Respect to the Conventional Interview Method.” Proceedings of the International Conference on Requirements Engineering. June 2000. Los Alamitos, CA: IEEE Computer Society Press, 2000.

[biblioapp01_094] [IEEE 1990] IEEE Standards Coordinating Committee (IEEE). IEEE Standard Glossary of Software Engineering Terminology (IEEE Std 610.12-1990). Los Alamitos, CA: IEEE Computer Society, 1991.

[biblioapp01_095] [IIA 2001] Institute of Internal Auditors. “Information Security Governance: What Directors Need to Know.” IIA, 2001. http://www.theiia.org/index.cfm

[biblioapp01_096] [ITGI 2006] IT Governance Institute. “Information Security Governance: Guidance for Boards of Directors and Executive Management, Second Edition.” ITGI, 2006. http://www.isaca.org (downloads).

[biblioapp01_097] [Jacobson 1992] Jacobson, Ivar. Object-Oriented Software Engineering: A Use Case Driven Approach. Reading, MA: Addison-Wesley, 1992.

[biblioapp01_098] [Jaquith 2002] Jaquith, Andrew. The Security of Applications: Not All Are Created Equal (@atstake Security Research Report) (2002). http://www.securitymanagement.com/archive/library/atstake_tech0502.pdf

[biblioapp01_099] [Johansson 2005] Johansson, Olof, & Torvalds, Linus. “Fix Possible futex mmap_sem Deadlock.” http://linux.bkbits.net:8080/linux-2.6/cset@421cfc11zFsK9gxvSJ2t__FCmuUd3Q (2005).

[biblioapp01_100] [Jones 1986a] Jones, Capers (Ed.). Tutorial: Programming Productivity: Issues for the Eighties (2nd ed.). Los Angeles, CA: IEEE Computer Society Press, 1986.

[biblioapp01_101] [Jones 1986b] Jones, Capers. Programming Productivity. New York: McGraw-Hill, 1986.

[biblioapp01_102] [Jones 1991] Jones, Capers. Applied Software Measurement: Assuring Productivity and Quality. New York: McGraw-Hill, 1991.

[biblioapp01_103] [Jones 1994] Jones, Capers. Assessment and Control of Software Risks. Englewood Cliffs, NJ: Prentice Hall, 1994.

[biblioapp01_104] [Jones 2005] Jones, Jack. “An Introduction to Factor Analysis of Information Risk (FAIR): A Framework for Understanding, Analyzing, and Measuring Information Risk.” Jack A. Jones, 2005. http://journals.sfu.ca/nujia/index.php/nujia/article/download/9/9

[biblioapp01_105] [Kaner 1999] Kaner, Cem, Falk, Jack, & Nguyen, Hung Quoc. Testing Computer Software (2nd ed.). New York: John Wiley & Sons, 1999.

[biblioapp01_106] [Kang 1990] Kang, K., Cohen, S., Hess, J., Novak, W., & Peterson, A. Feature-Oriented Domain Analysis (FODA) Feasibility Study (CMU/SEI-90-TR-021, ADA235785). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 1990. http://www.sei.cmu.edu/publications/documents/90.reports/90.tr.021.html

[biblioapp01_107] [Karlsson 1995] Karlsson, J. “Towards a Strategy for Software Requirements Selection. Licentiate.” Thesis 513, Linkping University, October 1995.

[biblioapp01_108] [Karlsson 1996] Karlsson, J. “Software Requirements Prioritizing,” 110–116. Proceedings of the Second International Conference on Requirements Engineering (ICRE ’96). Colorado Springs, CO, April 15–18, 1996. Los Alamitos, CA: IEEE Computer Society, 1996.

[biblioapp01_109] [Karlsson 1997] Karlsson, J., & Ryan, K. “Cost–Value Approach for Prioritizing Requirements.” IEEE Software 14, 5 (September/October 1997): 67–74.

[biblioapp01_110] [Kean 1997] Kean, L. “Feature-Oriented Domain Analysis.” Software Technology Roadmap. (1997). http://www.sei.cmu.edu/str/descriptions/foda_body.html

[biblioapp01_111] [Kelly 2004] Kelly, Tim P., & Weaver, Rob A. “The Goal Structuring Notation: A Safety Argument Notation.” Proceedings of the Dependable Systems and Networks 2004 Workshop on Assurance Cases, July 2004. http://www.aitcnet.org/AssuranceCases/agenda.html

[biblioapp01_112] [Kitson 1993] Kitson, David H., & Masters, Stephen. “An Analysis of SEI Software Process Assessment Results, 1987–1991,” 68–77. Proceedings of the Fifteenth International Conference on Software Engineering. Baltimore, MD, May 17–21, 1993. Washington, DC: IEEE Computer Society Press, 1993.

[biblioapp01_113] [Koizol 2004] Koizol, Jack, Litchfield, D., Aitel, D., Anley, C., Eren, S., Mehta, N., & Riley. H. The Shellcoder’s Handbook: Discovering and Exploiting Security Holes. Indianapolis, IN: Wiley, 2004.

[biblioapp01_114] [Kunz 1970] Kunz, Werner, & Rittel, Horst. “Issues as Elements of Information Systems.” http://www-iurd.ced.berkeley.edu/pub/WP-131.pdf (1970)

[biblioapp01_115] [Leffingwell 2003] Leffingwell, D., & Widrig, D. Managing Software Requirements: A Use Case Approach (2nd ed.). Boston, MA: Addison-Wesley, 2003.

[biblioapp01_116] [Leveson 2004] Leveson, Nancy. “A Systems-Theoretic Approach to Safety in Software-Intensive Systems.” IEEE Transactions on Dependable and Secure Computing 1, 1 (January–March 2004): 66–86. http://sunnyday.mit.edu/papers/tdsc.pdf

[biblioapp01_117] [Lipner 2005] Lipner, Steve. & Howard, Michael. The Trustworthy Computing Security Development Lifecycle. http://msdn2.microsoft.com/en-us/library/ms995349.aspx

[biblioapp01_118] [Lipson 2001] Lipson, Howard F., Mead, Nancy R., & Moore, Andrew P. A Risk-Management Approach to the Design of Survivable COTS-Based Systems. http://www.cert.org/research/isw/isw2001/papers/Lipson-29-08-a.pdf (2001).

[biblioapp01_119] [Lipson 2002] Lipson, Howard, Mead, Nancy, & Moore, Andrew. “Can We Ever Build Survivable Systems from COTS Components?” Proceedings of the 14th International Conference on Advanced Information Systems Engineering (CAiSE ’02). Toronto, Ontario, Canada, May 27–31, 2002. Heidelberg, Germany: Springer-Verlag (LNCS 2348), 2002.

[biblioapp01_120] [Lousteau 2003] Lousteau, Carolyn L., & Reid, Mark E. “Internal Control Systems for Auditor Independence.” CPA Journal, January 2006. http://www.nysscpa.org/cpajournal/2003/0103/features/f013603.htm

[biblioapp01_121] [Manadhata 2007] Manadhata, Pratyusa K., Kaynar, Dilsun K., & Wing, Jeannette M. A Formal Model for a System’s Attack Surface (CMU-CS-07-144). Pittsburgh, PA: School of Computer Science, Carnegie Mellon University, 2007. http://reports-archive.adm.cs.cmu.edu/anon/2007/CMU-CS-07-144.pdf

[biblioapp01_122] [Manson 2001] Manson, J., & Pugh, W. “Core Semantics of Multithreaded Java,” 29–38. Proceedings of the 2001 Joint ACM–ISCOPE Conference on Java Grande. Palo Alto, CA, 2001. New York: ACM Press, 2001. DOI= http://doi.acm.org/10.1145/376656.376806

[biblioapp01_123] [Manson 2005] Manson, J., Pugh, W., & Adve, S. V. “The Java Memory Model,” 378–391. Proceedings of the 32nd ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages. Long Beach, CA, January 12–14, 2005. New York: ACM Press, 2005. DOI= http://doi.acm.org/10.1145/1040305.1040336

[biblioapp01_124] [Marick 1994] Marick, Brian. The Craft of Software Testing: Subsystems Testing Including Object-Based and Object-Oriented Testing. Upper Saddle River, NJ: Prentice Hall, 1994.

[biblioapp01_125] [McCollum 2004] McCollum, Tim. “MacLean: Auditors Play Key Role Against IT Threats.” IT Audit 7. Institute of Internal Auditors, May 2004. http://www.theiia.org/itaudit/index.cfm?fuseaction=forum&fid=5514

[biblioapp01_126] [McConnell 1996] McConnell, Steve. “Software Quality at Top Speed.” Software Development, August 1996. http://www.stevemcconnell.com

[biblioapp01_127] [McConnell 2001] McConnell, Steve. “From the Editor—An Ounce of Prevention.” IEEE Software 18, 3 (May 2001): 5–7.

[biblioapp01_128] [McGraw 2006] McGraw, Gary. Software Security: Building Security In. Boston, MA: Addison-Wesley, 2006.

[biblioapp01_129] [Mead 2002] Mead, N. R. Survivable Systems Analysis Method. http://www.cert.org/archive/html/analysis-method.html (2002).

[biblioapp01_130] [Mead 2005] Mead, N. R., Hough, E., & Stehney, T. Security Quality Requirements Engineering (SQUARE) Methodology (CMU/SEI-2005-TR-009, ADA452453). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2005. http://www.sei.cmu.edu/publications/documents/05.reports/05tr009.html

[biblioapp01_131] [Meunier 2006] Meunier, Pascal. “What Is Secure Software Engineering?” CERIAS Weblogs, 2006. http://www.cerias.purdue.edu/weblogs/pmeunier/secure-it-practices/post-29/what-is-secure-software-engineering/

[biblioapp01_132] [Moffett 2004] Moffett, Jonathan D., Haley, Charles B., & Nuseibeh, Bashar. Core Security Requirements Artefacts (Technical Report 2004/23). Milton Keynes, UK: Department of Computing, Open University, June 2004. http://computing.open.ac.uk

[biblioapp01_133] [Moisiadis 2000] Moisiadis, F. “Prioritising Scenario Evolution,” 85–94. Proceedings of the Fourth International Conference on Requirements Engineering (ICRE 2000). June 19–23, 2000. Los Alamitos, CA: IEEE Computer Society, 2000.

[biblioapp01_134] [Moisiadis 2001] Moisiadis, F. “A Requirements Prioritisation Tool.” 6th Australian Workshop on Requirements Engineering (AWRE 2001). Sydney, Australia, November 2001.

[biblioapp01_135] [Moore 2001] Moore, A. P., Ellison, R. J., & Linger, R. C. Attack Modeling for Information Security and Survivability (CMU/SEI-2001-TN-001, ADA388771). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2001. http://www.sei.cmu.edu/publications/documents/01.reports/01tn001.html

[biblioapp01_136] [Nagaratnam 2005] Nagaratnam, N., Nadalin, A., Hondo, M., McIntosh, M., & Austel, P. “Business-Driven Application Security: From Modeling to Managing Secure Applications.” IBM Systems Journal 44, 4 (2005): 847–867.

[biblioapp01_137] [Neumann 2004] Neumann, Peter G. “Principled Assuredly Trustworthy Composable Architectures” (Final Report to DARPA, CDRL A001). Menlo Park, CA: Computer Science Laboratory, SRI International, December, 28, 2004. http://www.csl.sri.com/users/neumann/chats4.html

[biblioapp01_138] [NIAC 2005] National Infrastructure Advisory Council. “Risk Management Approaches to Protection, Final Report and Recommendations by the Council.” NIAC, October 11, 2005. http://www.dhs.gov/xlibrary/assets/niac/NIAC_RMWG_-_2-13-06v9_FINAL.pdf

[biblioapp01_139] [Nichols 2007] Nichols, Elizabeth, & Peterson, Gunnar. “A Metrics Framework to Drive Application Security Improvement.” IEEE Security & Privacy 5, 2 (March/April 2007): 88–91.

[biblioapp01_140] [NIST 2002] National Institute of Standards and Technology. Risk Management Guide for Information Technology Systems (NIST 800-30). http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf (2002).

[biblioapp01_141] [NIST 2007] NIST. National Vulnerability Database. http://nvd.nist.gov (2007).

[biblioapp01_142] [NSA 2004] National Security Agency. INFOSEC Assessment Methodology. http://www.iatrp.com/iam.php (2004).

[biblioapp01_143] [Over 2002] Over, James. “Team Software Process for Secure Systems Development.” Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2002. http://www.sei.cmu.edu/tsp/tsp-secure-presentation/tsp-secure.pdf

[biblioapp01_144] [Park 1999] Park, J., Port, D., & Boehm B. “Supporting Distributed Collaborative Prioritization for Win-Win Requirements Capture and Negotiation,” 578–584. Proceedings of the International Third World Multi-conference on Systemics, Cybernetics and Informatics (SCI99), Vol. 2. Orlando, FL, July 31–August 4, 1999. Orlando, FL: International Institute of Informatics and Systemics (IIIS), 1999.

[biblioapp01_145] [PCI 2006] Payment Card Industry. Payment Card Industry (PCI) Data Security Standard, Version 1.1. PCI Security Standards Council, September 2006. https://www.pcisecuritystandards.org/tech/

[biblioapp01_146] [Perillo 1997] Perillo, Robert J. “AT&T Database Glitch Caused ‘800’ Phone Outage.” Telecom Digest 17, 253 (September 18, 1997). http://massis.lcs.mit.edu/archives/back.issues/1997.volume.17/vol17.iss251-300

[biblioapp01_147] [PITAC 2005] President’s Information Technology Advisory Committee. Cyber Security: A Crisis of Prioritization. Arlington, VA: National Coordination Office for Information Technology Research and Development, PITAC, February 2005. http://www.nitrd.gov/pitac/reports/20050301_cybersecurity/cybersecurity.pdf

[biblioapp01_148] [PSM 2005] Practical Software and Systems Measurement (PSM). Security Measurement, White Paper v2.0 (2005). http://www.psmsc.com/Downloads/Other/Security%20White%20Paper%202.0.pdf

[biblioapp01_149] [Pugh 1999] Pugh, W. “Fixing the Java Memory Model,” 89–98. Proceedings of the ACM 1999 Conference on Java Grande. San Francisco, CA, June 12–14, 1999. New York: ACM Press, 1999. DOI= http://doi.acm.org/10.1145/304065.304106

[biblioapp01_150] [QFD 2005] QFD Institute. Frequently Asked Questions About QFD. http://www.qfdi.org/what_is_qfd/faqs_about_qfd.htm (2005).

[biblioapp01_151] [Reifer 2003] Reifer, D., Boehm, B., & Gangadharan, M. “Estimating the Cost of Security for COTS Software,” 178–186. Proceedings of the Second International Conference on COTS-Based Software Systems. Ottawa, Ontario, Canada, February 2003. Springer, Lecture Notes in Computer Science, 2003.

[biblioapp01_152] [Rumbaugh 1994] Rumbaugh, J. “Getting Started: Using Use Cases to Capture Requirements.” Journal of Object-Oriented Programming 7, 5 (September 1994): 8–23.

[biblioapp01_153] [Saaty 1980] Saaty, T. L. The Analytic Hierarchy Process. New York: McGraw-Hill, 1980.

[biblioapp01_154] [SAE 2004] SAE. JA 1002 Software Reliability Program Standard. Society of Automotive Engineers, January 2004. http://www.sae.org/technical/standards/JA1002_200401

[biblioapp01_155] [Saltzer 1975] Saltzer, Jerome H., & Schroeder, Michael D. “The Protection of Information in Computer Systems,” 1278–1308. Proceedings of the IEEE 63, 9 (September 1975).

[biblioapp01_156] [Schechter 2004] Schechter, Stuart Edward. “Computer Security Strength and Risk: A Quantitative Approach.” PhD dissertation, Harvard University, 2004. http://www.eecs.harvard.edu/~stuart/papers/thesis.pdf

[biblioapp01_157] [Schiffrin 1994] Schiffrin, D. Approaches to Discourse. Oxford, UK: Blackwell, 1994.

[biblioapp01_158] [Schneider 1999] Schneider, Fred B. (Ed.). Trust in Cyberspace. Washington, DC: National Academies Press, 1999. http://www.nap.edu/books/0309065585/html/R1.html

[biblioapp01_159] [Schneier 2000] Schneier, Bruce. Secrets and Lies: Digital Security in a Networked World. New York, NY: John Wiley & Sons, 2000.

[biblioapp01_160] [Schneier 2003] Schneier, Bruce. Beyond Fear. New York: Copernicus Books, 2003.

[biblioapp01_161] [Schwartz 2007] Schwartz, John. “Who Needs Hackers?” New York Times, September 12, 2007.

[biblioapp01_162] [SDS 1985] Systems Designers Scientific. CORE—The Method: User Manual. London, UK: SD-Scicon, 1986.

[biblioapp01_163] [Seacord 2005] Seacord, Robert C. Secure Coding in C and C++. Boston, MA: Addison-Wesley, 2005.

[biblioapp01_164] [SecurityFocus 2007] SecurityFocus. BugTraq. http://www.securityfocus.com/archive/1 (2007).

[biblioapp01_165] [Shirey 1994] Shirey, Robert W. “Security Architecture for Internet Protocols: A Guide for Protocol Designs and Standards.” Internet Draft: draft-irtf-psrg-secarch-sect1-00.txt, November 1994.

[biblioapp01_166] [Sindre 2000] Sindre, Guttorm, & Opdahl, Andreas L. “Eliciting Security Requirements by Misuse Cases,” 120–131. Proceedings of the 37th International Conference on Technology of Object-Oriented Languages and Systems (TOOLS-37 ’00). New York: IEEE Press, 2000.

[biblioapp01_167] [Sindre 2001] Sindre, Guttorm, & Opdahl, Andreas L. “Templates for Misuse Case Description.” Seventh International Workshop on Requirements Engineering: Foundation for Software Quality, 2001. http://swt.cs.tu-berlin.de/lehre/saswt/ws0506/unterlagen/TemplatesforMisuseCaseDescription.pdf

[biblioapp01_168] [Soo Hoo 2001] Soo Hoo, Kevin, Sudbury, Andrew W., & Jaquith, Andrew R. “Tangible ROI Through Secure Software Engineering.” Secure Business Quarterly 1, 2 (2001). http://www.musecurity.com/assets/files/Tangible%20ROI%20Secure%20SW%20Engineering.pdf

[biblioapp01_169] [Steven 2006] Steven, John. “Adopting an Enterprise Software Security Framework.” IEEE Security & Privacy 4, 2 (March/April 2006): 84–87. https://buildsecurityin.us-cert.gov/daisy/bsi/resources/published/series/bsi-ieee/568.html

[biblioapp01_170] [Stoneburner 2002] Stoneburner, Gary, Goguen, Alice, & Feringa, Alexis. Risk Management Guide for Information Technology Systems (Special Publication 800-30). Gaithersburg, MD: National Institute of Standards and Technology, 2002. http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

[biblioapp01_171] [Swanson 2003] Swanson, Marianne, Bartol, Nadya, Sabato, John, Hash, Joan, & Graffo, Laurie. Security Metrics Guide for Information Technology Systems (NIST Special Publication 800-55). Gaithersburg, MD: Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, July 2003. http://csrc.nist.gov/publications/nistpubs/800-55/sp800-55.pdf

[biblioapp01_172] [Taylor 2005] Taylor, Dan, & McGraw, Gary. “Adopting a Software Security Improvement Program.” IEEE Security & Privacy 3, 3 (May/June 2005): 88–91.

[biblioapp01_173] [Telang 2004] Telang, R., & Wattal, S. “Impact of Software Vulnerability Announcements on the Market Value of Software Vendors.” Carnegie Mellon University, 2004. http://www.infosecon.net/workshop/pdf/telang_wattal.pdf

[biblioapp01_174] [Tsipenyuk 2005] Tsipenyuk, Katrina, Chess, Brian, & McGraw, Gary. “Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors.” IEEE Security & Privacy 3, 6 (November/December 2005): 81–84.

[biblioapp01_175] [van Wyk 2005] van Wyk, Kenneth, & McGraw, Gary. “Bridging the Gap between Software Development and Information Security.” IEEE Security & Privacy 3, 5 (September/October 2005): 64–68.

[biblioapp01_176] [Viega 2001] Viega, John, & McGraw, Gary. Building Secure Software: How to Avoid Security Problems the Right Way. Boston, MA: Addison-Wesley, 2001.

[biblioapp01_177] [Voas 1997] Voas, Jeffrey M., & McGraw, Gary. Software Fault Injection: Inoculating Programs Against Errors. New York: John Wiley & Sons, 1998.

[biblioapp01_178] [Wayner 1997] Wayner, Peter. “Human Error Cripples the Internet.” New York Times, July 17, 1997. http://www.nytimes.com/library/cyber/week/071797dns.html

[biblioapp01_179] [Wäyrynen 2004] Wäyrynen, J., Bodén, M., & Boström, G. “Security Engineering and eXtreme Programming: An Impossible Marriage?” Proceedings of the 4th Conference on Extreme Programming and Agile Methods. Calgary, Alberta, Canada, August 15–18, 2004. Published as Extreme Programming and Agile Methods: XP/Agile Universe 2004. Berlin, Germany: Springer-Verlag, 2004.

[biblioapp01_180] [Westby 2005] Westby, Jody (Ed.). “Roadmap to an Enterprise Security Program.” American Bar Association, Privacy and Computer Crime Committee, Section of Science and Technology Law. American Bar Association, 2005. Ordering information available at http://www.abanet.org/abastore/index.cfm?section=main&fm=Product.AddToCart&pid=5450039

[biblioapp01_181] [Westby 2007] Westby, Jody R., & Allen, Julia H. Governing for Enterprise Security (GES) Implementation Guide (CMU/SEI-2007-TN-020). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, August 2007.

[biblioapp01_182] [Whittaker 2002] Whittaker, James A. How to Break Software: A Practical Guide to Testing. Boston MA: Addison-Wesley, 2002.

[biblioapp01_183] [Whittaker 2003] Whittaker, James A., & Thompson, Herbert H. How to Break Software Security. Boston MA: Addison-Wesley, 2003.

[biblioapp01_184] [Whitten 1999] Whitten, A., & Tygar, J. “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0.” Proceedings of Usenix Security Symposium, Usenix Association, 1999.

[biblioapp01_185] [Wiegers 2003] Wiegers, Karl E. Software Requirements (2nd ed.). Redmond, WA: Microsoft Press, 2003.

[biblioapp01_186] [Wood 1989] Wood, Jane, & Silver, Denise. Joint Application Design: How to Design Quality Systems in 40% Less Time. New York: John Wiley & Sons, 1989.

[biblioapp01_187] [Wood 1995] Wood, J., & Silver, D. Joint Application Development (2nd ed.). New York: Wiley, 1995.

[biblioapp01_188] [Woody 2005] Woody, C. Eliciting and Analyzing Quality Requirements: Management Influences on Software Quality Requirements (CMU/SEI-2005-TN-010, ADA441310). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2004. http://www.sei.cmu.edu/publications/documents/05.reports/05tn010.html

[biblioapp01_189] [Woody 2007] Woody, Carol, & Alberts, Christopher. “Considering Operational Security Risk During System Development.” IEEE Security & Privacy 5, 1 (January/February 2007): 30–35.

[biblioapp01_190] [Wysopal 2006] Wysopal, Chris, Nelson, Lucas, Dai Zovi, Dino, & Dustin, Elfriede. The Art of Software Security Testing. Cupertino, CA: Symantec Press, 2006.

[biblioapp01_191] [Xie 2004] Xie, Nick, & Mead, Nancy R. SQUARE Project: Cost/Benefit Analysis Framework for Information Security Improvement Projects in Small Companies (CMU/SEI-2004-TN-045, ADA31118). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2004. http://www.sei.cmu.edu/publications/documents/04.reports/04tn045.html

[biblioapp01_192] [Zowghi 2005] Zowghi, D., & Coulin, C. “Requirements Elicitation: A Survey of Techniques, Approaches, and Tools.” In Engineering and Managing Software Requirements, edited by Aybuke Aurum and Claes Wohlin. Heidelberg, Germany: Springer-Verlag, 2005.