The dynamics of ( in ) security
暂无分享,去创建一个
[1] Gunter Ollmann. The evolution of commercial malware development kits and colour-by-numbers custom malware , 2008 .
[2] A. Arora,et al. Impact of Vulnerability Disclosure and Patch Availability - An Empirical Analysis , 2004 .
[3] S. Franz,et al. Critical Phenomena in Natural Sciences: Chaos, Fractals, Selforganization and Disorder: Concepts and Tools , 2004 .
[4] Bernhard Plattner,et al. Firefox (In) security update dynamics exposed , 2008, CCRV.
[5] Roy T. Fielding,et al. Hypertext Transfer Protocol - HTTP/1.0 , 1996, RFC.
[6] N. Johnson. The MITRE corporation , 1961, ACM National Meeting.
[7] Eric Rescorla,et al. Is finding security holes a good idea? , 2005, IEEE Security & Privacy.
[8] Carl A. Gunter,et al. Computer Security is Not a Science ( but it should be ) , 2003 .
[9] S. Radack. The Common Vulnerability Scoring System (CVSS) , 2007 .
[10] Lawrence A. Gordon,et al. Using information security as a response to competitor analysis systems , 2001, CACM.
[11] Rainer Böhme,et al. Vulnerability Markets What is the economic value of a zero-day exploit ? , 2005 .
[12] Andy Ozment,et al. Improving vulnerability discovery models , 2007, QoP '07.
[13] Tyler Moore,et al. Information Security Economics - and Beyond , 2007, DEON.
[14] Indrajit Ray,et al. Security Vulnerabilities in Software Systems: A Quantitative Perspective , 2005, DBSec.
[15] Stefan Frei,et al. Understanding the web browser threat: examination of vulnerable online web browser populations and the "insecurity iceberg" , 2008 .
[16] David McKinney. Vulnerability Bazaar , 2007, IEEE Security & Privacy.
[17] Yacov Y. Haimes,et al. Are we forgetting the risks of information technology? , 2000, Computer.
[18] W. Heath. The Difference: How the Power of Diversity Creates Better Groups, Firms, Schools, and Societies , 2008 .
[19] Reidar Conradi,et al. An empirical study of software reuse vs. defect-density and stability , 2004, Proceedings. 26th International Conference on Software Engineering.
[20] Adam Shostack,et al. The New School of Information Security , 2008 .
[21] Ramayya Krishnan,et al. An Empirical Analysis of Software Vendors' Patching Behavior: Impact of Vulnerability Disclosure , 2006, ICIS.
[22] Jeff Bollinger. Economies of disclosure , 2004, CSOC.
[23] Bruce Schneier. Locks and full disclosure , 2003, IEEE Security & Privacy Magazine.
[24] Ramayya Krishnan,et al. An Empirical Analysis of Vendor Response to Disclosure Policy , 2005, WEIS.
[25] Ross J. Anderson,et al. Security in open versus closed systems - the dance of Boltzmann , 2002 .
[26] Stuart E. Schechter,et al. Milk or Wine: Does Software Security Improve with Age? , 2006, USENIX Security Symposium.
[27] David Brumley,et al. Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[28] Bruce Schneier. The nonsecurity of secrecy , 2004, CACM.
[29] Corrado Leita. SGNET: a distributed infrastructure to handle zero-day exploits , 2007 .
[30] Bruce Schneier. The speed of security , 2003, IEEE Security & Privacy Magazine.
[31] Elias Levy,et al. Approaching Zero , 2004, IEEE Secur. Priv..
[32] Tyler Moore,et al. The Economics of Information Security , 2006, Science.
[33] James M. Utterback,et al. Mastering the Dynamics of Innovation , 1996 .
[34] Devendra Sahal,et al. Foundations of technometrics , 1985 .
[35] Niels Provos,et al. The Ghost in the Browser: Analysis of Web-based Malware , 2007, HotBots.
[36] Jeff Moss. Off at a Tangent — A discussion with Jeff Moss , 2008 .
[37] Hao Xu,et al. Optimal Policy for Software Vulnerability Disclosure , 2008, Manag. Sci..
[38] Felix FX Lindner. Software security is software reliability , 2006, Commun. ACM.
[39] Yashwant K. Malaiya,et al. Module size distribution and defect density , 2000, Proceedings 11th International Symposium on Software Reliability Engineering. ISSRE 2000.
[40] Chris Wysopal,et al. Responsible Vulnerability Disclosure Process , 2002 .
[41] N. Carr. IT doesn't matter , 2003, IEEE Engineering Management Review.
[42] Charles Miller,et al. The Legitimate vulnerability market: the secretive world of 0-day exploit sales , 2007, WEIS.
[43] Huseyin Cavusoglu,et al. Emerging Issues in Responsible Vulnerability Disclosure , 2005, WEIS.
[44] B Thomas,et al. A COMPARISON OF CONVENTIONAL AND ONLINE FRAUD , 2004 .
[45] Ross J. Anderson. Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.
[46] Stefan Frei,et al. Why Silent Updates Boost Security , 2009 .
[47] Jose J. Gonzalez,et al. Understanding Hidden Information Security Threats: The Vulnerability Black Market , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).
[48] Roy T. Fielding,et al. Hypertext Transfer Protocol - HTTP/1.0 , 1996, RFC.
[49] Bernhard Plattner,et al. Modelling the Security Ecosystem- The Dynamics of (In)Security , 2009, WEIS.
[50] R. A. Martin. Integrating your information security vulnerability management capabilities through industry standards (CVE&OVAL) , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).
[51] Anique Hommels,et al. Software vulnerability due to practical drift , 2007, Ethics and Information Technology.
[52] Martin May,et al. Putting private and government CERT’s to the test , 2008 .
[53] J. Herbsleb,et al. Two case studies of open source software development: Apache and Mozilla , 2002, TSEM.
[54] William A. Arbaugh,et al. IEEE 52 Computer , 1985 .
[55] Bernhard Plattner,et al. Large-scale vulnerability analysis , 2006, LSAD '06.
[56] EschelbeckGerhard. The Laws of Vulnerabilities , 2005 .
[57] Karthik N. Kannan,et al. An Economic Analysis of Market for Software Vulnerabilities , 2004 .
[58] Bernhard Plattner,et al. An economic damage model for large-scale Internet attacks , 2004, 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.
[59] Sanjay Ghemawat,et al. MapReduce: Simplified Data Processing on Large Clusters , 2004, OSDI.