U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

L

technical leaders, engineering managers, first line managers, and supervisors

Title Updated datesort ascending
Evidence of Assurance: Laying the Foundation for a Credible Security Case 2014-11-04
Arguing Security - Creating Security Assurance Cases 2014-11-04
An Evaluation of Cost-Benefit Using Security Requirements Prioritization Methods 2013-08-05
Black Box Security Testing Tools 2013-07-31
OpenBSD 2013-07-31
Estimating Benefits from Investing in Secure Software Development 2013-07-31
White Box Testing 2013-07-05
Risk-Based and Functional Security Testing 2013-07-05
Risk Management Framework (RMF) 2013-07-05
The Common Criteria 2013-07-05
SQUARE Process 2013-07-05
Requirements Prioritization Case Study Using AHP 2013-07-05
"Requirements Elicitation Case Studies Using IBIS, JAD, and ARM" 2013-07-05
Introduction to the CLASP Process 2013-07-03
Measures and Measurement for Secure Software Development 2013-07-03
Incident Management 2013-07-02
Risk-Centered Practices 2013-07-02
"Prioritizing IT Controls for Effective, Measurable Security" 2013-07-02
"Plan, Do, Check, Act" 2013-07-02
Navigating the Security Practice Landscape 2013-07-02
Identity in Assembly and Integration 2013-07-02
"Security Concepts, Challenges, and Design Considerations for Web Services Integration" 2013-07-02
Architectural Risk Analysis 2013-07-02
Maturity of Practice 2013-05-23
How Much Security Is Enough? 2013-05-21
Business Case 2013-05-21
Adapting Penetration Testing for Software Development Purposes 2013-05-21
Integrating Security and IT 2013-05-21
Making the Business Case for Software Assurance 2013-05-21
Models for Assessing the Cost and Value of Software Assurance 2013-05-21
Software Assurance Education Overview 2013-05-15
Assurance Cases Overview 2013-05-14
strncpy_s() and strncat_s() 2013-05-14
Attack Pattern Usage 2013-05-14
A Common Sense Way to Make the Business Case for Software Assurance 2013-05-14
Attack Pattern Generation 2013-05-14
Source Code Analysis Tools - Overview 2013-05-14
Deploying and Operating Secure Systems 2013-05-14
"Assembly, Integration, and Evolution Overview" 2013-05-14
strlcpy() and strlcat() 2013-05-14
OpenBSD's strlcpy() and strlcat() 2013-05-14
strcpy_s() and strcat_s() 2013-05-14
strcpy() and strcat() 2013-05-14
fgets() and gets_s() 2013-05-14
C++ std::string 2013-05-14
Introduction to Attack Patterns 2013-05-14
Framing Security as a Governance and Management Concern: Risks and Opportunities 2013-05-14
Security Is Not Just a Technical Issue 2013-05-13
Optimizing Investments in Security Countermeasures: A Practical Tool for Fixed Budgets 2013-05-13
Requirements Prioritization Introduction 2013-05-13
Requirements Elicitation Introduction 2013-05-13
Source Code Analysis Tools - Example Programs 2013-05-13
Consistent Memory Management Conventions 2013-05-13
Design Principles 2013-05-13
Separation of Privilege 2013-05-10
Securing the Weakest Link 2013-05-10
Strong Typing 2013-05-10
Reluctance to Trust 2013-05-10
Psychological Acceptability 2013-05-10
Promoting Privacy 2013-05-10
Never Assuming That Your Secrets Are Safe 2013-05-10
Least Privilege 2013-05-10
Least Common Mechanism 2013-05-10
Failing Securely 2013-05-10
Economy of Mechanism 2013-05-10
Complete Mediation 2013-05-10
Safe Integer Operations 2013-05-10
Runtime Analysis Tools 2013-05-10
Detection and Recovery 2013-05-10
Range Checking 2013-05-10
Randomization 2013-05-10
Null Pointers 2013-05-10
Heap Integrity Detection 2013-05-10
Guard Pages 2013-05-10
Compiler Checks 2013-05-10
Arbitrary Precision Arithmetic 2013-05-10
Windows XP SP2 2013-05-10
Strsafe.h 2013-05-10
SafeStr 2013-05-10
Security Requirements Engineering 2010-07-14
Code Analysis 2008-11-03
memcpy_s() and memmove_s() 2008-10-06
Application Firewalls and Proxies - Introduction and Concept of Operations 2008-09-27
The Role of Computer Security Incident Response Teams in the Software Development Life Cycle 2008-08-20
Defining Computer Security Incident Response Teams 2007-01-24
Penetration Testing Tools 2007-01-18
Source Code Analysis Tools - Business Case 2005-09-28
Trustworthy Composition: The System Is Not Always the Sum of Its Parts 2005-09-28
Defense in Depth 2005-09-13
Back to Top