Resources
The Addison-Wesley Software Security Series, Gary McGraw contributing editor
Software Security by Gary McGraw
Specific Articles from the Building Security In Website mentioned in the book
Deployment & Operations content area
Requirements Elicitation Case Studies
Requirements Prioritization Case Study Using AHP
Introduction to the CLASP Process
Using Integer Programming to Optimize Investments in Security Countermeasures
Architectural Risk Analysis content area
Risk-Based and Functional Security Testing
Black Box Security Testing Tools
Adapting Penetration Testing for Software Development Purposes
Building Security In IEEE Security & Privacy Series
Identity in Assembly and Integration
Application Firewalls and Proxies—Introduction and Concept of Operations
Assessing Security Risk in Legacy Systems
Security Considerations in Managing COTS Software
Security Is Not Just a Technical Issue
Security and Project Management
The Influence of System Properties on Software Assurance and Project Management
Prioritizing IT Controls for Effective, Measurable Security
Measures and Measurement for Secure Software Development
Maturity of Practice and Exemplars
Adopting a Software Security Improvement Program
Bridging the Gap Between Software Development and Information Security
Misuse and Abuse Cases: Getting Past the Positive
Adopting an Enterprise Software Security Framework
Making the Business Case for Software Assurance
Secure Software Development Life Cycle Processes
Additional Resources—DHS SwA WG Output
Risk Management Framework Glossary
Copyright © 2008