Knowledge for Software Security

A critical challenge facing software security today is the dearth of experienced practitioners. Approaches that rely solely on apprenticeship as a method of propagation won't scale quickly enough to address this burgeoning problem, so as the field evolves and establishes best practices, knowledge management can play a central role in encapsulating and spreading the emerging discipline more efficiently. This article is about the kinds of security knowledge that can provide a solid foundation for software security practices.

[1]  Gary McGraw,et al.  Exploiting Software: How to Break Code , 2004 .

[2]  Gary Mcgraw Software security , 2004, IEEE Security & Privacy Magazine.

[3]  Gary McGraw,et al.  ITS4: a static vulnerability scanner for C and C++ code , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[4]  Gary McGraw,et al.  Securing Java: getting down to business with mobile code , 1999 .

[5]  Gary McGraw,et al.  Software Security Testing , 2004, IEEE Secur. Priv..

[6]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[7]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.