|
|||||
|
Klocwork (who sell source code analysis tools) has a ‘Klocwork University‘ portal on their developers web site. They have announced an online Secure Coding for C/C++ course developed with Security Innovation. You have to register (free) to take the course. (Note: this is provided for information, and is not an endorsement)
Cigital has a nice list of papers and other software risk publications located at www.cigital.com/papers.
Here are a set of references for topics discussed in the webinar: –SP 800-39 Mar. 2011 Managing Information Security Risk: Organization, Mission, and Information System View
SP800-39-final.pdf –SP 800-27 Rev. A Jun 2004 Engineering Principles for Information Technology Security (A Baseline for Achieving Security)
SP800-27-RevA.pdf –SP 800-12 Oct 1995 An Introduction to Computer Security: The NIST Handbook
handbook.pdf –SP 800-142 Oct. 2010 Practical Combinatorial Testing
SP800-142-101006.pdf Five Free Pen (Penetration) Testing Tools:www.computerworld.com/s/article/9087439/Five_free_pen_testing_tools
Open Web Application Security Project (OWASP) Cheat Sheets: https://www.owasp.org/index.php/Cheat_Sheets
Taguchi Orthogonal Arrays http://www.weibull.com/DOEWeb/taguchis_orthogonal_arrays.htm
“Design Patterns: Elements of Reusable Object-Oriented Software” by Erich Gamma , Richard Helm , Ralph Johnson , John Vlissides
“Metrics and Models in Software Quality Engineering”, 2nd Edition | InformIT http://www.informit.com/store/product.aspx?isbn=0201729156
The final webinar in the IEEE-USA series on Risk Management will be Also see the companion article in IEEE-USA’s Todays Engineer: “Software Risk Management”. Here are some references requested in the webinar: SOFTWARE QUALITY & TESTING(MSIT – 32): Contributing Author: Dr. B.N. SubrayaInfosys Technologies Ltd.,Mysore http://www.scribd.com/doc/6944749/94/PRIMITIVE-METRIC-AND-COMPUTED-METRICS A Whitepaper on Metrics Andreas Rau, Steinbeis Transferzentrum Softwaretechnik, 1998, 1999, 2001 Last Change: 2001-08-06 http://www.it.fht-esslingen.de/~rau/forschung/metrics.htm Norita Ahmad and Phillip A. Laplante, “Reasoning About Software Using Metrics and Expert Opinion,” Innovations in Systems and Software Engineering: A NASA Journal, vol. 3, no. 4, December 2007, pp. 229-235. J. Voas. “Testing for Characteristics Other than Correctness: Safety, Failure-tolerance, and Security,” Proceedings of the International Conference on Testing Computer Software, June 1996. J. Voas, G. McGraw, A. Ghosh, F. Charron, & K. Miller. “Defining an Adaptive Software Security Metric from a Dynamic Software Failure-tolerance Measure,” Proceedings of the 11th Annual Conference on Computer Assurance (COMPASS ’96), pp. 250-263, June 1996. Idongesit Mkpong-Ruffin, David Umphress, John Hamilton, and Juan Gilbert. 2007. Quantitative software security risk assessment model. In Proceedings of the 2007 ACM workshop on Quality of protection (QoP ’07). ACM, New York, NY, USA, 31-33. DOI=10.1145/1314257.1314267 http://doi.acm.org/10.1145/1314257.1314267 Software unit test coverage and adequacy (1997) by Hong Zhu , Patrick A. V. Hall , John H. R. May Venue: ACM Computing Surveys “Software Assessment: Reliability, Safety, Testability” by Michael A. Friedman
Welcome to the Process@Risk blog. The next webinar in the IEEE-USA series on Risk Management will be Wednesday November 16. The topic is Lean Six Sigma for Risk Management. This is the online companion site for discussion of the webinar. Also see the article in IEEE-USA Today’s Engineer: “Risk Management and Lean Six Sigma” Welcome to the ERM and Infomation Security Risk blog. The next webinar in the IEEE-USA series on Risk Management will be Wednesday October 19. The topic is Enterprise Risk Management and Information System Security. This is the online companion site for discussion of the webinar. Also see the article in IEEE-USA Today’s Engineer: Risk Management: Integrated ERM and Cyber Security
Welcome to the Decisions@Risk blog. The next webinar in the IEEE-USA series on Risk Management will be Wednesday September 21. The topic is “Risk Standards and Risk-based Decision-making”. This is the online companion site for discussion of the webinar. Also see the companion article in IEEE-USA Today’s Engineer: “Risk-Based Decision Making“.
Welcome to the Grid@Risk blog. This is the online companion to the IEEE-USA webinar on July 20: “Cyber Security in the Electric Sector”. Also see the article in IEEE-USA Today’s Engineer: “Raising Priority for Cyber Security in the Electric Utility Sector’s C-Suite“. Without power, there is significant risk to our economy and society. So, securing the electric infrastructure is a matter of public safety. A lack of system protection on a cyber level goes far beyond an IT problem or a matter of avoiding financial penalties – it’s vital to the long term health of our infrastructure and more. What did you think of the IEEE-USA webinar? If you plan on attending the webinar I’m running next Also see the companion article in IEEE-USA Today’s Engineer: “Application of Risk Management During Project Definition”
|
|||||
|
Risk Applications Copyright © 2012 Q+E - All Rights Reserved |
|||||