-
1
-
-
0034174059
-
Coping with Java Programming Stress
-
April
-
R. Alexander, J. Bieman, and J. Viega, "Coping with Java Programming Stress," IEEE Computer, vol. 33, no. 4, pp. 30-38, April 2000.
-
(2000)
IEEE Computer
, vol.33
, Issue.4
, pp. 30-38
-
-
Alexander, R.1
Bieman, J.2
Viega, J.3
-
2
-
-
36549070602
-
Evaluating Static Analysis Defect Warnings On Production Software
-
N. Ayewah, W. Pugh, J. Morgenthaler, J. Penix, Y. Zhou, "Evaluating Static Analysis Defect Warnings On Production Software," in Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, 2007, pp. 1-8.
-
(2007)
Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
, pp. 1-8
-
-
Ayewah, N.1
Pugh, W.2
Morgenthaler, J.3
Penix, J.4
Zhou, Y.5
-
3
-
-
84863931706
-
Reluctance to Trust
-
Cigital Inc, Online, Available:, Accessed: January 17, 2008
-
S. Barnum and M Gegick, "Reluctance to Trust," Build Security In: Setting a Higher Standard for Software Assurance, Cigital Inc., 2005. [Online]. Available: https://buildsecurityin.us-cert.gov/daisy/bsi/articles/ knowledge/principles/355.html. [Accessed: January 17, 2008].
-
(2005)
Build Security In: Setting a Higher Standard for Software Assurance
-
-
Barnum, S.1
Gegick, M.2
-
4
-
-
33845521537
-
-
Naval Postgraduate School: Monterey, California, Tech Rep. NPS-CS-05-010, September, Available:, Accessed: Sept. 5, 2007
-
T. V. Benzel, C. E. Irvine, T. E. Levin, G. Bhaskara, and P. C. Nguyen, "Design Principles for Security," Naval Postgraduate School: Monterey, California, Tech Rep. NPS-CS-05-010, September 2005. Available: http://handle.dtic.mil/100.2/ADA437854. [Accessed: Sept. 5, 2007].
-
(2005)
Design Principles for Security
-
-
Benzel, T.V.1
Irvine, C.E.2
Levin, T.E.3
Bhaskara, G.4
Nguyen, P.C.5
-
6
-
-
57449110087
-
-
Online, Available:, Accessed: March 1, 2008
-
O. Burn, "Checkstyle 4.4," [Online]. Available: http://checkstyle.sourceforge.net. [Accessed: March 1, 2008].
-
Checkstyle 4.4
-
-
Burn, O.1
-
7
-
-
84939437331
-
-
CERT, Software Engineering Institute: Carnegie Mellon, Online, Available:, Accessed: February, 16, 2008
-
CERT, "Secure Coding," Software Engineering Institute: Carnegie Mellon, [Online]. Available: https://www.cert.org/secure-coding. [Accessed: February, 16, 2008].
-
Secure Coding
-
-
-
9
-
-
57449104988
-
-
CLASP, Comprehensive Lightweight Application Security Process, Secure Software, Inc, Version 2.0, 2006, Online, Available:, Accessed December 5, 2007
-
CLASP, "Comprehensive Lightweight Application Security Process," Secure Software, Inc., Version 2.0, 2006. [Online]. Available: http://searchsoftwarequality.techtarget.com/searchAppSecurit y/downloads/clasp-v20.pdf. [Accessed December 5, 2007].
-
-
-
-
10
-
-
57449090788
-
Fortify Source Code Analysis (SCA)
-
Fortify Software Inc, Online, Available
-
Fortify Software Inc., "Fortify Source Code Analysis (SCA)," Fortify Software Inc. [Online]. Available: http://www.fortify.com/ products/sca.
-
Fortify Software Inc
-
-
-
11
-
-
57449120801
-
-
Introduction to Software Engineering Design:, Boston, MA: Addison-Wesley
-
C. Fox, Introduction to Software Engineering Design: Processes, Principles, and Patterns with UML2. Boston, MA: Addison-Wesley, 2006.
-
(2006)
Processes, Principles, and Patterns with UML2
-
-
Fox, C.1
-
12
-
-
0003801299
-
-
2nd ed. Boston, MA: Addison-Wesley
-
L. Gong, G. Ellison, and M. Dageforde, Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd ed. Boston, MA: Addison-Wesley, 2003.
-
(2003)
Inside Java 2 Platform Security: Architecture, API Design, and Implementation
-
-
Gong, L.1
Ellison, G.2
Dageforde, M.3
-
14
-
-
14544301479
-
Finding Bugs is Easy
-
December
-
D. Hovemeyer and W. Pugh, "Finding Bugs is Easy," in SIGPLAN Notices, vol. 39, no. 12, December 2004, pp. 92-206.
-
(2004)
SIGPLAN Notices
, vol.39
, Issue.12
, pp. 92-206
-
-
Hovemeyer, D.1
Pugh, W.2
-
16
-
-
57449119986
-
-
Online, Available
-
InfoEther, "PMD," [Online]. Available: http://pmd.sourceforge. net.
-
PMD
-
-
InfoEther1
-
17
-
-
57449093681
-
-
Online, Available
-
Jlint, "About Jlint," [Online]. Available: http://jlint. sourceforge.net.
-
About Jlint
-
-
-
18
-
-
39449084957
-
Java Insecurity: Accounting for Subtleties That Can Compromise Code
-
January/February
-
C. Lai, "Java Insecurity: Accounting for Subtleties That Can Compromise Code," IEEE Software, vol. 25, no. 1, pp. 13-19, January/February 2008.
-
(2008)
IEEE Software
, vol.25
, Issue.1
, pp. 13-19
-
-
Lai, C.1
-
19
-
-
0003416497
-
-
John Wiley & Sons, Inc, Online, Available:, Accessed: March 13, 2008
-
G. McGraw and E. Felton, Securing Java: Getting Down to Business with Mobile Code. John Wiley & Sons, Inc., 1998. [Online], Available: http://www.securingjava.com. [Accessed: March 13, 2008].
-
(1998)
Securing Java: Getting Down to Business with Mobile Code
-
-
McGraw, G.1
Felton, E.2
-
20
-
-
84906987800
-
-
National Institute of Standards and Technology, Online, Available:, Accessed: February 5, 2008
-
National Institute of Standards and Technology, "SAMATE: Software Assurance Metrics and Tool Evaluation," National Institute of Standards and Technology. [Online]. Available: http://samate.nist.gov. [Accessed: February 5, 2008],
-
SAMATE: Software Assurance Metrics and Tool Evaluation
-
-
-
21
-
-
0015482049
-
On the Criteria To Be Used in Decomposing Systems into Modules
-
D. L. Parnas, "On the Criteria To Be Used in Decomposing Systems into Modules," in Communications of the ACM, vol. 15, no. 12, 1972, pp. 1053-1058.
-
(1972)
Communications of the ACM
, vol.15
, Issue.12
, pp. 1053-1058
-
-
Parnas, D.L.1
-
23
-
-
57449098756
-
-
S. Redwine, Jr., Ed., Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software, Workforce Education and Training Working Group, U.S. Department of Homeland Security, Draft Version 1.1, September 2006.
-
S. Redwine, Jr., Ed., Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software, Workforce Education and Training Working Group, U.S. Department of Homeland Security, Draft Version 1.1, September 2006.
-
-
-
-
24
-
-
57449096876
-
-
S. Redwine Jr., Towards an Organization for Software System Security Principles and Guidelines, Institute for Infrastructure and Information Assurance, James Madison University: Harrisonburg, VA, Tech. Rep. 08-01, Version 1.0, February 2008.
-
S. Redwine Jr., "Towards an Organization for Software System Security Principles and Guidelines," Institute for Infrastructure and Information Assurance, James Madison University: Harrisonburg, VA, Tech. Rep. 08-01, Version 1.0, February 2008.
-
-
-
-
25
-
-
16244364044
-
A Comparison of Bug Finding Tools for Java
-
France, November
-
N. Rutar, C. Almazan, and J. Foster, "A Comparison of Bug Finding Tools for Java," in Proceedings of the 15th IEEE International Symposium on Software Reliability Engineering, France, November 2004.
-
(2004)
Proceedings of the 15th IEEE International Symposium on Software Reliability Engineering
-
-
Rutar, N.1
Almazan, C.2
Foster, J.3
-
26
-
-
0016555241
-
The Protection of Information in Computer Systems
-
Available
-
M. D. Schroeder, and J. H. Saltzer, "The Protection of Information in Computer Systems," in Proceedings of the IEEE, vol. 63, no. 9, 1975, pp. 1278-1308. Available: http://web.mit.edu/Saltzer/www/publications/protection.
-
(1975)
Proceedings of the IEEE
, vol.63
, Issue.9
, pp. 1278-1308
-
-
Schroeder, M.D.1
Saltzer, J.H.2
-
27
-
-
57449109222
-
Secure Coding Standards
-
NIST Special Publication 500-262, July, Available
-
R. Seacord, "Secure Coding Standards," in Proceedings of the Static Analysis Summit, NIST Special Publication 500-262, July 2006. Available: http://samate.nist.gov/docs/NIST-Special-Publication-500-262.pdf.
-
(2006)
Proceedings of the Static Analysis Summit
-
-
Seacord, R.1
-
28
-
-
57449114642
-
-
Sun Microsystems, Inc., Secure Coding Guidelines for the Java Programming Language, version 2.0, Sun Microsystems, Inc. [Online]. Available: http://java.sun.com/security/seccodeguide.html, [Accessed: Aug. 30, 2007].
-
Sun Microsystems, Inc., "Secure Coding Guidelines for the Java Programming Language, version 2.0," Sun Microsystems, Inc. [Online]. Available: http://java.sun.com/security/seccodeguide.html, [Accessed: Aug. 30, 2007].
-
-
-
-
29
-
-
57449114256
-
Common Weaknesses Enumeration: A Community-Developed Dictionary of Software Weakness Types
-
The MITRE Corporation, The MITRE Corporation, Online, Available:, Accessed: October 28, 2007
-
The MITRE Corporation, "Common Weaknesses Enumeration: A Community-Developed Dictionary of Software Weakness Types," Draft 7, The MITRE Corporation, 2007. [Online]. Available: http://cwe.mitre.org. [Accessed: October 28, 2007].
-
(2007)
Draft
, vol.7
-
-
-
30
-
-
30344442772
-
Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
-
and Metrics, Long Beach, CA, November
-
K. Tsipenyuk, B. Chess, G. McGraw, "Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors," in NIST Workshop on Software Security Assurance Tools, Techniques, and Metrics, Long Beach, CA, November 2005.
-
(2005)
NIST Workshop on Software Security Assurance Tools, Techniques
-
-
Tsipenyuk, K.1
Chess, B.2
McGraw, G.3
-
31
-
-
57449095278
-
-
utils.com, Lint4j, [Online]. Available: http://www.jutils. com.
-
utils.com, "Lint4j," [Online]. Available: http://www.jutils. com.
-
-
-
-
33
-
-
24944501226
-
Comparing Bug Finding Tools with Reviews and Tests
-
S. Wagner, J. Jurjens, C. Koller, P. Trischberger, "Comparing Bug Finding Tools with Reviews and Tests," in Proceedings of the 17th International Conference on Testing of Communication Systems, 2005, pp. 40-55.
-
(2005)
Proceedings of the 17th International Conference on Testing of Communication Systems
, pp. 40-55
-
-
Wagner, S.1
Jurjens, J.2
Koller, C.3
Trischberger, P.4
-
34
-
-
50549089646
-
An Evaluation of Two Bug Pattern Tools for Java
-
to appear in
-
S. Wagner, F. Deissenboeck, J. Wimmer, M. Aichner, M. Schwab, "An Evaluation of Two Bug Pattern Tools for Java," to appear in Proceedings of the 1st IEEE International Conference on Software Testing, Verification and Validation, 2008.
-
(2008)
Proceedings of the 1st IEEE International Conference on Software Testing, Verification and Validation
-
-
Wagner, S.1
Deissenboeck, F.2
Wimmer, J.3
Aichner, M.4
Schwab, M.5
-
35
-
-
57449101188
-
Writing secure Java code: Taxonomy of heuristics and an evaluation of static analysis tools,
-
M.S. Thesis, James Madison University, Available
-
M. S. Ware, "Writing secure Java code: taxonomy of heuristics and an evaluation of static analysis tools," M.S. Thesis, James Madison University, 2008. Available: http://peregrin.jmu.edu/-warems.
-
(2008)
-
-
Ware, M.S.1
|