Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] Can'ts and won'ts 2nd CANVAS tool Carrying out fixes and validation, RMF 2nd Catch NullPointer Exception phylum Causes of problems complexity connectivity design flaws extensibility legacy applications mobile code "more lines, more bugs," SOA (Service Oriented Architecture) software vulnerability Web Services Cenzic CERT incidents Champions, for best practice adoption 2nd Change maturity path 2nd Checklists, architectural risk analysis [See also STRIDE.] Chess, Brian Cheswick, Bill Cigital 2nd 3rd 4th 5th Cigital Workbench CISSP COBIT Code Quality vulnerability kingdom 2nd Code review manual Code review, software developers and information security practitioners 2nd Code review, tools. [See also Tools.] array out of bounds 2nd binary analysis BLAST tool BOON tool 2nd code scanners 2nd commercial tool vendors. [See also Fortify.] code source analyzers Coverity Fortify Ounce Labs Secure Software tool characteristics tool problems constructive/destructive nature consultants as mentors CQual tool description Eau Claire tool ESP tool false negatives/positives FindBugs tool Flyover global analysis good versus perfect Hoglund's BugScan human evaluation implementation bugs integer range analysis 2nd ITS4 code scanner rules, history kernel vulnerabilities 2nd local analysis module-level analysis MOPS tool RATS code scanner rules coverage example ITS4 schema safety property violations SLAM tool specification checking Splint tool static code analysis example history taint analysis TOCTOU (time-of-check-time-of-use) touchpoint process xg++ tool 2nd Command Injection phylum Commercial architectural risk analysis Commercial off-the-shelf software (COTS) Commercial source code analysis tool vendors Coverity Fortify Ounce Labs Secure Software source code analyzers tool characteristics tool problems comp.risks Comparing Classes by Name phylum Complexity linux/open source code base growth major operating systems metrics "more lines, more bugs," trinity of trouble Windows code base growth Connectivity, trinity of trouble Constructive activities, touchpoints Control flow tools COTS (commercial off-the-shelf software) 2nd Countermeasures, for risk mitigation Coverage tools Coverity CQual tool Creating Debug Binary phylum Cross site scripting Cross-Site Scripting phylum Cultural change. [See Enterprise software security.] CVE |