- Denning, D.E. Toward more secure software. Commun. ACM 58, 4 (Apr. 2015), 24--26. Google ScholarDigital Library
- Howard, M. and Lipner, S.B. The Security Development Lifecycle. Microsoft Press, 2006. Google ScholarDigital Library
- ISO/IEC, ISO/IEC 27034-1:2011. Information technology---Security techniques---Application security---Part 1: Overview and concepts; http://www.iso.org/iso/catalogue_detail.htm?csnumber=44378.Google Scholar
- Linux Foundation. Core Infrastructure Initiative site; https://www.coreinfrastructure.org/.Google Scholar
- Lipner, S.B. The trustworthy computing security development lifecycle. In Proceedings of the Twentieth Annual Computer Security Applications Conference (Tucson, AZ, 2004). Google ScholarDigital Library
- Lipner, S.B., Jaeger, T., and Zurko, M.E. Lessons from VAX SVS for high assurance VM systems. IEEE Security and Privacy (Nov.-Dec. 2012). Google ScholarDigital Library
- Microsoft Corporation. Life in the Digital Crosshairs, 2014; http://bit.ly/1NnOoS4.Google Scholar
- Panel: Security and Source Code Access: Issues and Realities. In Proceedings of the IEEE Symposium on Security and Privacy, 2000. Google ScholarDigital Library
Index Terms
- Security assurance
Recommendations
System security assurance: A systematic literature review
AbstractSystem security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. ...
Highlights- Systematic literature review of security assurance of the ICT and CPSs.
- Study ...
Quantitative security assurance metrics: REST API case studies
ECSA '18: Proceedings of the 12th European Conference on Software Architecture: Companion ProceedingsSecurity assurance is the confidence that a system meets its security requirements based on specific evidences that an assurance technique provide. The notion of measuring security is complex and tricky. Existing approaches either (1) consider one ...
Operational security assurance evaluation in open infrastructures
CRISIS '11: Proceedings of the 2011 6th International Conference on Risks and Security of Internet and Systems (CRiSIS)Measuring and evaluating cyber security is of primary importance in IT systems. The fundamental need to assess security choices validity and effectiveness is growing. One of the main accepted approaches to this problem is a standardized offline security ...
Comments