This site graciously hosted
by our friends at




6.  Survey and Analysis of Available Literature

Table of Contents  |  Previous Section  |  Next Section

The three best sources of information uncovered in the literature search supporting the survey in each category were:

6.1  Best overall resources
  • Security Engineering: A Guide To Building Dependable Distributed Systems, by Ross J. Anderson, released just in mid-March of 2001 [Anderson 2001]
  • Practical UNIX & Internet Security, 2nd Edition, by Simson Garfinkel and Gene Spafford, the accepted classic in the field [Garfinkel 1996]
  • Secure Programming for Linux and UNIX HOWTO, by David A Wheeler, self-published on the Web in 2001 [Wheeler 2001]
6.2  Best resources for architecture
  • "Shifting the Odds -- Writing (More) Secure Software", by Steve Bellovin [Bellovin 1994]
  • "UNIX Security: Security in Programming", by Matt Bishop [Bishop 1996a]
  • "Architectural Patterns for Enabling Application Security", Yoder, Joseph and Jeffrey Barcalow [Yoder 1998]
6.3  Best resources for programming methodology
  • Programming Pearls, Jon Bentley [Bentley 2000]
  • Writing Solid Code: Microsoft's Techniques for Developing Bug-Free C Programs, Steve Maguire [Maguire 1993]
  • Code Complete: A Practical Handbook of Software Construction, Steve McConnell [McConnell 1993]
6.4  Best resources for language- and platform-specific tips
  • "A Lab Engineers Check List for Writing Secure Unix Code", Australian Computer Emergency Response Team (AUSCERT) [AUSCERT 1996]
  • "Security for Software Developers", Marcus Ranum [Ranum 1997]
  • Secure Programming for Linux and UNIX HOWTO, by David A Wheeler, self-published on the Web in 2001 [Wheeler 2001]
6.5  Best resources for standards
  • "The Common Criteria for Information Technology Security Evaluation (CC)", NIST [NIST 1999]
  • "System Security Engineering Capability Maturity Model (SSE CMM) Model Description Document", SSE-CMM Project [SSE-CMM 1999]
  • "Generally Accepted Principles and Practices for Securing Information Technology Systems", Marianne Swanson and Barbara Guttman [Swanson 1996]
Table of Contents  |  Previous Section  |  Next Section


Site Contents Copyright (C) 2002, 2003 Mark G. Graff and Kenneth R. van Wyk. All Rights Reserved.
webmaster@securecoding.org