Security in computing
Building a secure computer system
Building a secure computer system
Communications of the ACM
With microscope and tweezers: the worm from MIT's perspective
Communications of the ACM
Orthogonal Defect Classification-A Concept for In-Process Measurements
IEEE Transactions on Software Engineering - Special issue on software measurement principles, techniques, and environments
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
Communications of the ACM
The “worm” programs—early experience with a distributed computation
Communications of the ACM
A note on the confinement problem
Communications of the ACM
Cryptography and data security
Cryptography and data security
Dependability: Basic Concepts and Terminology
Dependability: Basic Concepts and Terminology
A Pathology of Computer Viruses
A Pathology of Computer Viruses
An Analysis of the Intel 80×86 Security Architecture and Implementations
IEEE Transactions on Software Engineering
A Methodology for Testing Intrusion Detection Systems
IEEE Transactions on Software Engineering
Catapults and grappling hooks: the tools and techniques of information warfare
IBM Systems Journal
A high-performance network intrusion detection system
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Coimbra: secure Web access to multimedia content
MULTIMEDIA '00 Proceedings of the 2000 ACM workshops on Multimedia
Securing PC applications: the relay race approach
Communications of the ACM - Supporting community and building social capital
An approach to secure distribution of web-based training courses
ACSC '01 Proceedings of the 24th Australasian conference on Computer science
Security of runtime extensible virtual environments
Proceedings of the 4th international conference on Collaborative virtual environments
Watermarking, tamper-proffing, and obfuscation: tools for software protection
IEEE Transactions on Software Engineering
System Health and Intrusion Monitoring Using a Hierarchy of Constraints
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
InfraSec '02 Proceedings of the International Conference on Infrastructure Security
An enterprise assurance framework
WET-ICE '96 Proceedings of the 5th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'96)
Incentive-based modeling and inference of attacker intent, objectives, and strategies
Proceedings of the 10th ACM conference on Computer and communications security
NSDF: a computer network system description framework and its application to network security
Computer Networks: The International Journal of Computer and Telecommunications Networking
Intrusion Tolerance in Distributed Middleware
Information Systems Frontiers
Using DAML+OIL to classify intrusive behaviours
The Knowledge Engineering Review
Basic Concepts and Taxonomy of Dependable and Secure Computing
IEEE Transactions on Dependable and Secure Computing
Reflections on Industry Trends and Experimental Research in Dependability
IEEE Transactions on Dependable and Secure Computing
Incentive-based modeling and inference of attacker intent, objectives, and strategies
ACM Transactions on Information and System Security (TISSEC)
A software flaw taxonomy: aiming tools at security
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Matching attack patterns to security vulnerabilities in software-intensive system designs
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
A systematic classification of cheating in online games
NetGames '05 Proceedings of 4th ACM SIGCOMM workshop on Network and system support for games
Towards a structured unified process for software security
Proceedings of the 2006 international workshop on Software engineering for secure systems
Framework for malware resistance metrics
Proceedings of the 2nd ACM workshop on Quality of protection
Investigation of IS professionals' intention to practise secure development of applications
International Journal of Human-Computer Studies
On the design of more secure software-intensive systems by use of attack patterns
Information and Software Technology
Security trumps efficiency: putting it into the curriculum
Journal of Computing Sciences in Colleges
On preventing intrusions by process behavior monitoring
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
Defect categorization: making use of a decade of widely varying historical data
Proceedings of the Second ACM-IEEE international symposium on Empirical software engineering and measurement
Analyzing Business Continuity through a Multi-layers Model
BPM '08 Proceedings of the 6th International Conference on Business Process Management
A taxonomy of software types to facilitate search and evidence-based software engineering
CASCON '08 Proceedings of the 2008 conference of the center for advanced studies on collaborative research: meeting of minds
Classification of Component Vulnerabilities in Java Service Oriented Programming (SOP) Platforms
CBSE '08 Proceedings of the 11th International Symposium on Component-Based Software Engineering
An evaluation of business solutions in manufacturing enterprises
International Journal of Business Intelligence and Data Mining
Secure Software Engineering: Learning from the Past to Address Future Challenges
Information Security Journal: A Global Perspective
Defining defects, errors, and service degradations
ACM SIGSOFT Software Engineering Notes
ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
A review of classification methods for network vulnerability
SMC'09 Proceedings of the 2009 IEEE international conference on Systems, Man and Cybernetics
A detailed analysis of the KDD CUP 99 data set
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Learning unknown attacks - a start
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
A study on monitoring and protecting computer system against interception threat
HSI'03 Proceedings of the 2nd international conference on Human.society@internet
Towards a unified fault-detection benchmark
Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
State space approach to security quantification
COMPSAC-W'05 Proceedings of the 29th annual international conference on Computer software and applications conference
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
Review of software security defects taxonomy
RSKT'10 Proceedings of the 5th international conference on Rough set and knowledge technology
System Assurance: Beyond Detecting Vulnerabilities
System Assurance: Beyond Detecting Vulnerabilities
A security-aware refactoring tool for Java programs
Proceedings of the 4th Workshop on Refactoring Tools
Empirical results on the study of software vulnerabilities (NIER track)
Proceedings of the 33rd International Conference on Software Engineering
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
RPS: an extension of reference monitor to prevent race-attacks
PCM'04 Proceedings of the 5th Pacific Rim conference on Advances in Multimedia Information Processing - Volume Part I
A new automatic intrusion response taxonomy and its application
APWeb'06 Proceedings of the 2006 international conference on Advanced Web and Network Technologies, and Applications
Addressing malicious code in COTS: a protection framework
ICCBSS'05 Proceedings of the 4th international conference on COTS-Based Software Systems
Security ontology: simulating threats to corporate assets
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Malware characteristics and threats on the internet ecosystem
Journal of Systems and Software
Anomaly detection methods in wired networks: a survey and taxonomy
Computer Communications
Proceedings of the 2012 workshop on New security paradigms
OSDC: adapting ODC for developing more secure software
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Security of public continuous integration services
Proceedings of the 9th International Symposium on Open Collaboration
Semantic security against web application attacks
Information Sciences: an International Journal
A distributed framework for demand-driven software vulnerability detection
Journal of Systems and Software
Hi-index | 0.00 |
An organized record of actual flaws can be useful to computer system designers, programmers, analysts, administrators, and users. This survey provides a taxonomy for computer program security flaws, with an Appendix that documents 50 actual security flaws. These flaws have all been described previously in the open literature, but in widely separated places. For those new to the field of computer security, they provide a good introduction to the characteristics of security flaws and how they can arise. Because these flaws were not randomly selected from a valid statistical sample of such flaws, we make no strong claims concerning the likely distribution of actual security flaws within the taxonomy. However, this method of organizing security flaw data can help those who have custody of more representative samples to organize them and to focus their efforts to remove and, eventually, to prevent the introduction of security flaws.