An historical examination of open source releases and their vulnerabilities
暂无分享,去创建一个
[1] Sandy Clark,et al. Familiarity breeds contempt: the honeymoon effect and the role of legacy code in zero-day vulnerabilities , 2010, ACSAC '10.
[2] James Walden,et al. An Empirical Study of the Evolution of PHP Web Application Security , 2011, 2011 Third International Workshop on Security Measurements and Metrics.
[3] Jeffrey S. Foster,et al. A comparison of bug finding tools for Java , 2004, 15th International Symposium on Software Reliability Engineering.
[4] Flemming Nielson,et al. Principles of Program Analysis , 1999, Springer Berlin Heidelberg.
[5] Omar H. Alhazmi,et al. Quantitative vulnerability assessment of systems software , 2005, Annual Reliability and Maintainability Symposium, 2005. Proceedings..
[6] Воробьев Антон Александрович. Анализ уязвимостей вычислительных систем на основе алгебраических структур и потоков данных National Vulnerability Database , 2013 .
[7] Eric Rescorla,et al. Is finding security holes a good idea? , 2005, IEEE Security & Privacy.
[8] N. Nagappan,et al. Static analysis tools as early indicators of pre-release defect density , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..
[9] Jacob West,et al. Secure Programming with Static Analysis , 2007 .
[10] William Landi,et al. Undecidability of static analysis , 1992, LOPL.
[11] Andy Ozment,et al. Improving vulnerability discovery models , 2007, QoP '07.
[12] Eugene H. Spafford,et al. A Trend Analysis of Vulnerabilities , 2005 .
[13] Andy Ozment,et al. The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting , 2005, WEIS.
[14] Brian Chess,et al. Improving computer security using extended static checking , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.
[15] Eugene H. Spafford,et al. The internet worm program: an analysis , 1989, CCRV.
[16] H. Rice. Classes of recursively enumerable sets and their decision problems , 1953 .
[17] Jr. Frederick P. Brooks,et al. The mythical man-month (anniversary ed.) , 1995 .
[18] J. David Morgenthaler,et al. Evaluating static analysis defect warnings on production software , 2007, PASTE '07.
[19] Stuart E. Schechter,et al. Milk or Wine: Does Software Security Improve with Age? , 2006, USENIX Security Symposium.
[20] David Montgomery,et al. The Mythical Man , 2008, International Labor and Working-Class History.
[21] Vadim Okun,et al. Effect of static analysis tools on software security: preliminary investigation , 2007, QoP '07.