A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
NSPW '95 Proceedings of the 1995 workshop on New security paradigms
Working Group Report on Application Security
WET-ICE '96 Proceedings of the 5th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'96)
Hi-index | 0.00 |
The paper explores generating and conveying confidence in enterprise security. An enterprise assurance framework provides a structure enterprise assurance evidence that strengthens and clarifies the overall enterprise assurance argument. The structure and components of these arguments are defined and then applied to an enterprise. Finally, standards of evidence and evidence trade-offs are mentioned. The paper is largely based on a recent NIST internal report called "A Framework for Reasoning about Assurance".