program, 95 | trapdoor, 112 | user , 95 | worm, 112 | secure program, 95 | rabbit, 112 | penetrate and patch, 96 | appended virus, 113 | fault, 96 | document virus, 116 | program security flaw, 97 | macro virus, 116 | bug, 98 | boot sector virus, 118 | error, 98 | virus signature, 120 | failure, 98 | polymorphic virus, 123 | buffer overflow, 100 | encrypting virus, 124 | incomplete mediation, 104 | Brain virus, 128 | time-of-check to time-of-use, 106 | The Internet worm, 129 | malicious code, 108 | Code Red, 132 | rogue program, 111 | web bug, 134 | virus, 111 | stub, 137 | agent, 111 | driver, 137 | transient virus, 111 | side effect, 138 | resident virus, 111 | error checking, 138 | Trojan horse, 111 | undefined operation, 139 | logic bomb, 112 | salami attack, 139 | time bomb, 112 | information leakage, 141 | backdoor, 112 | covert channel, 141 | timing channel, 146 | fault tree analysis, 157 | software engineering, 150 | regression test, 159 | encapsulation, 152 | black-box test, 159 | information hiding, 152 | clear-box test, 159 | modularity, 152 | independent test team, 159 | maintainability, 153 | configuration management, 163 | understandability, 153 | conditional compilation, 164 | reusability, 153 | proof of program correctness, 166 | correctability, 153 | program verification, 166 | testability, 153 | trusted software, 169 | coupling, 153 | functional correctness, 169 | cohesion, 153 | enforcement of integrity, 169 | peer review, 154 | limited privilege, 169 | program design, 155 | appropriate security level, 169 | inspection, 155 | mutual suspicion, 170 | walk-through , 155 | confinement, 170 | review, 155 | access log, 170 | egoless programming, 155 | development standards, 171 | hazard analysis, 157 | configuration management standards, 171 | failure modes and effects analysis, 157 | | |