(Howard and LeBlanc 2003) Howard, Michael, and David LeBlanc. Writing Secure Code, 2nd Edition. Redmond, WA: Microsoft Press, 2003.
(Humphrey 1999) “Bugs or Defects?” http://www.sei.cmu.edu/news-at-sei/columns/watts_new/1999/March/watts-mar99.htm.
(LeBlanc 2004) LeBlanc, David. “Integer Handling with the C++ SafeInt Class,” http://msdn.microsoft.com/library/en-us/dncode/html/secure01142004.asp. January 2004.
(LeBlanc 2005) LeBlanc, David. “Another Look at the SafeInt Class,” http://msdn2.microsoft.com/en-us/library/ms972819.aspx. May 2005.
(eEye 2001) eEye Digital Security. “Microsoft Internet Information Services Remote Buffer Overflow,” http://research.eeye.com/html/advisories/published/AD20010618.html. June 2001.
(Skape and Skywing 2005) “Bypassing Windows Hardware-enforced Data Execution Pre-vention,” http://www.uninformed.org/?v=2&a=4&t=txt. October 2005.
(Litchfield 2003) Litchfield, David. “Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server,” http://www.ngssoftware.com/papers/defeating-w2k3-stack-protection.pdf. September 2003.