D | Software Security: Building Security In

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Can'ts and won'ts 2nd
CANVAS tool
Carrying out fixes and validation, RMF 2nd
Catch NullPointer Exception phylum
Causes of problems
     complexity
     connectivity
     design flaws
     extensibility
     legacy applications
     mobile code
     "more lines, more bugs,"
     SOA (Service Oriented Architecture)
     software vulnerability
     Web Services
Cenzic
CERT incidents
Champions, for best practice adoption 2nd
Change maturity path 2nd
Checklists, architectural risk analysis [See also STRIDE.]
Chess, Brian
Cheswick, Bill
Cigital 2nd 3rd 4th 5th
Cigital Workbench
CISSP
COBIT
Code Quality vulnerability kingdom 2nd
Code review manual
Code review, software developers and information security practitioners 2nd
Code review, tools. [See also Tools.]
     array out of bounds 2nd
     binary analysis
     BLAST tool
     BOON tool 2nd
     code scanners 2nd
     commercial tool vendors. [See also Fortify.]
         code source analyzers
         Coverity
         Fortify
         Ounce Labs
         Secure Software
         tool characteristics
         tool problems
     constructive/destructive nature
     consultants as mentors
     CQual tool
     description
     Eau Claire tool
     ESP tool
     false negatives/positives
     FindBugs tool
     Flyover
     global analysis
     good versus perfect
     Hoglund's BugScan
     human evaluation
     implementation bugs
     integer range analysis 2nd
    ITS4
         code scanner
         rules, history
     kernel vulnerabilities 2nd
     local analysis
     module-level analysis
     MOPS tool
     RATS code scanner
    rules
         coverage
         example
         ITS4
         schema
     safety property violations
     SLAM tool
     specification checking
     Splint tool
    static code analysis
         example
         history
     taint analysis
     TOCTOU (time-of-check-time-of-use)
     touchpoint process
     xg++ tool 2nd
Command Injection phylum
Commercial architectural risk analysis
Commercial off-the-shelf software (COTS)
Commercial source code analysis tool vendors
     Coverity
     Fortify
     Ounce Labs
     Secure Software
     source code analyzers
     tool characteristics
     tool problems
comp.risks
Comparing Classes by Name phylum
Complexity
     linux/open source code base growth
     major operating systems
     metrics
     "more lines, more bugs,"
     trinity of trouble
     Windows code base growth
Connectivity, trinity of trouble
Constructive activities, touchpoints
Control flow tools
COTS (commercial off-the-shelf software) 2nd
Countermeasures, for risk mitigation
Coverage tools
Coverity
CQual tool
Creating Debug Binary phylum
Cross site scripting
Cross-Site Scripting phylum
Cultural change. [See Enterprise software security.]
CVE