The latest development version of this page may be more current than this released 4.0.0 version.

Security Document Citations

[SALT75]

J. H. Saltzer and M. D. Schroeder, “The protection of information in computer systems,” Proceedings of the IEEE, vol. 63, no. 9, pp. 1278-1308, Sep 1975. [Online]. Available: http://web.mit.edu/Saltzer/www/publications/protection/.

[PAUL09]

M. Paul, “The Ten Best Practices for Secure Software Development,” International Information Systems Security Certification Consortium, Inc. [(ISC)2®], Palm Harbor, FL, USA, 2009.

[MS12]

Microsoft Corporation, Security Development Lifecycle - SDL Process Guidance Version 5.2,2012.

[CCITSE12]

Common Criteria for Information Technology Security Evaluation ver. 3.1 rev. 4, 2012.

[MICR16]

Micrium, “Certification Kits,” 2016. [Online]. Available: https://www.micrium.com/certification/certification-kits/.

[NIST02]

National Institute of Standards and Technology, FIPS PUB 140-2: Security Requirements for COMPANY PUBLIC Application note Cryptographic Modules, Gaithersburg, 2002.

[GHS10]

Green Hills Software, “INTEGRITY-178B Separation Kernel Security Target v4.2,” 2010.

[RFC2119]

Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels”, BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997. [Online]. Available: https://www.rfc-editor.org/info/rfc2119.

[STRIDE09]

Microsoft Corporation, “The STRIDE Threat Model, 2009”. [Online]. Available: https://msdn.microsoft.com/en-us/library/ee823878%28v=cs.20%29.aspx.

[CVSS]

Forum of Incident Response and Security Teams, “Common Vulnerability Scoring System v3.0: Specification Document”. [Online]. Available: https://www.first.org/cvss/specification-document.

[OWASP]

Open Web Application Security Project, “Application Threat Modeling”. [Online]. Available: https://www.owasp.org/index.php/Application_Threat_Modeling.

[CIIBPB]

Core Infrastructure Initiative Best Practices Badge. [Online]. Available: https://github.com/linuxfoundation/cii-best-practices-badge