TY  - BOOK
AU  - Viega,John
AU  - McGraw,Gary
AU  - Schneier,Bruce
TI  - Building secure software: how to avoid security problems the right way 
T2  - Addison-Wesley professional computing series
SN  - 020172152X
AV  - QA76.76.D47 V857 2002
PY  - 2002///]
CY  - Boston
PB  - Addison-Wesley
KW  - Computer software
KW  - Development
KW  - System design
KW  - Computer security
N1  - Includes bibliographical references and index; It's All about the Software --; Dealing with Widespread Security Failures --; Bugtraq --; CERT Advisories --; RISKS Digest --; Technical Trends Affecting Software Security --; The 'ilities --; What Is Security? --; Isn't That Just Reliability? --; Penetrate and Patch Is Bad --; On Art and Engineering --; Security Goals --; Prevention --; Traceability and Auditing --; Monitoring --; Privacy and Confidentiality --; Multilevel Security --; Anonymity --; Authentication --; Integrity --; Know Your Enemy: Common Software Security Pitfalls --; Software Project Goals --; Managing Software Security Risk --; An Overview of Software Risk Management for Security --; The Role of Security Personnel --; Software Security Personnel in the Life Cycle --; Deriving Requirements --; Risk Assessment --; Design for Security --; Implementation --; Security Testing --; A Dose of Reality --; Getting People to Think about Security --; Software Risk Management in Practice --; When Development Goes Astray --; When Security Analysis Goes Astray --; The Common Criteria --; Selecting Technologies --; Choosing a Language --; Choosing a Distributed Object Platform --; CORBA --; DCOM --; EJB and RMI --; Choosing an Operating System --; Authentication Technologies --; Host-Based Authentication --; Physical Tokens --; Biometric Authentication --; Cryptographic Authentication --; Defense in Depth and Authentication --; On Open Source and Closed Source --; Security by Obscurity --; Reverse Engineering --; Code Obfuscation --; Security for Shrink-Wrapped Software --; Security by Obscurity Is No Panacea
ER  -