Testing for security during development: why we should scrap penetrate-and-patch

IEEE Aerospace and Electronic Systems Magazine

Volumn 13, Issue 4, 1998, Pages 13-15

  McGraw, G ^a  

^a Cigital   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CODES (SYMBOLS); COMPUTER SYSTEMS; COMPUTERS; ERRORS; SOFTWARE ENGINEERING; TESTING;

SECURITY ANALYSIS;

SECURITY OF DATA;

EID: 0032051310     PISSN: 08858985     EISSN: None     Source Type: Journal    
DOI: 10.1109/62.666831     Document Type: Article

References (6)

1. M. Bishop M. Dilger Checking for race conditions in file accesses The USENIX Association, Computing Systems 131 152 1996
2. W. Cheswick S. Bellovin Firewalls and Internet Security 1994 Addison-Wesley
3. M. Friedman J. Voas Software Assessment: Reliability, Safety, Testability 1995 John Wiley and Sons New York
4. S. Garfinkel G. Spafford Practical Unix & Internet Security 2nd 1996 O'Reilly & Associates, Inc.
5. A. Ghosh G. McGraw P. Charron M. Schatz Towards analyzing Security-critical software during development December 1996 RSTR-96 023-01 RST Corporation
6. B. Miller D. Koski C. Lee V. Maganty R. Murthy A. Natarajan J. Steidl Fuzz revisited: A reexamination of the reliability of UNIX utilities and services November 1995 University of Wisconsin, Computer Sciences Dept.