Knowledge

Title Updated
Evidence of Assurance: Laying the Foundation for a Credible Security Case 2014-11-04
Arguing Security - Creating Security Assurance Cases 2014-11-04
The Development of a Graduate Curriculum for Software Assurance 2013-07-31
Teaching Security Requirements Engineering Using SQUARE 2013-07-31
Development of a Master of Software Assurance Reference Curriculum 2013-07-31
Strengthening Ties Between Process and Security 2013-07-31
Secure Software Development Life Cycle Processes 2013-07-31
Phkmalloc 2013-07-31
OpenBSD 2013-07-31
What Measures Do Vendors Use for Software Assurance? 2013-07-31
Estimating Benefits from Investing in Secure Software Development 2013-07-31
MITRE CWE and CERT Secure Coding Standards 2013-07-25
Tooling in Support of Common Criteria Evaluation of a High Assurance Operating System 2013-07-25
Improving Software Assurance 2013-07-05
Assume that Human Behavior Will Introduce Vulnerabilities into Your System 2013-06-26
Do Not Perform Arithmetic with Unvalidated Input 2013-06-26
Never Use Unvalidated Input as Part of a Directive to any Internal Component 2013-06-26
Treat the Entire Inherited Process Context as Unvalidated Input 2013-06-26
Do Not Use the "%n" Format String Specifier 2013-06-26
Be Suspicious about Trusting Unauthenticated External Representation of Internal Data Structures 2013-06-26
Handle All Errors Safely 2013-06-26
If Emulation of Another System Is Necessary, Ensure that It Is as Correct and Complete as Possible 2013-06-26
Carefully Study Other Systems Before Incorporating Them into Your System 2013-06-24
Clear Discarded Storage that Contained Secrets and Do Not Read Uninitialized Storage 2013-06-24
Use Well-Known Cryptography Appropriately and Correctly 2013-06-21
Design Configuration Subsystems Correctly and Distribute Safe Default Configurations 2013-06-20
Follow the Rules Regarding Concurrency Management 2013-06-20
Ensure that Input Is Properly Canonicalized 2013-06-20
Guidelines Overview 2013-06-20
Ensure that the Bounds of No Memory Region Are Violated 2013-06-20
Use Authorization Mechanisms Correctly 2013-06-20
Use Authentication Mechanisms, Where Appropriate, Correctly 2013-06-19
Integrating Software Assurance Knowledge into Conventional Curricula 2013-05-23
Making the Business Case for Software Assurance 2013-05-21
Models for Assessing the Cost and Value of Software Assurance 2013-05-21
Defining the Discipline of Secure Software Assurance: Initial Findings from the National Software Assurance Repository 2013-05-21
Vstr 2013-05-20
Software Assurance Education Overview 2013-05-15
Assurance Cases Overview 2013-05-14
strncpy_s() and strncat_s() 2013-05-14
Correctness by Construction 2013-05-14
Attack Pattern Glossary 2013-05-14
Attack Pattern Usage 2013-05-14
Foundations for Software Assurance 2013-05-14
Two Nationally Sponsored Initiatives for Disseminating Assurance Knowledge 2013-05-14
Getting Secure Software Assurance Knowledge into Conventional Practice 2013-05-14
A Common Sense Way to Make the Business Case for Software Assurance 2013-05-14
Further Information on Attack Patterns 2013-05-14
Attack Pattern Generation 2013-05-14
SEI: Coding Practices 2013-05-14
Infusing Software Assurance (SwA) into Introductory Computer Science Curricula 2013-05-14
strlcpy() and strlcat() 2013-05-14
strncpy() and strncat() 2013-05-14
OpenBSD's strlcpy() and strlcat() 2013-05-14
strcpy_s() and strcat_s() 2013-05-14
strcpy() and strcat() 2013-05-14
fgets() and gets_s() 2013-05-14
C++ std::string 2013-05-14
Introduction to Attack Patterns 2013-05-14
It’s a Nice Idea but How Do We Get Anyone to Practice It? A Staged Model for Increasing Organizational Capability in Software Assurance 2013-05-13
Consistent Memory Management Conventions 2013-05-13
Design Principles 2013-05-13
Separation of Privilege 2013-05-10
Securing the Weakest Link 2013-05-10
Strong Typing 2013-05-10
Reluctance to Trust 2013-05-10
Psychological Acceptability 2013-05-10
Promoting Privacy 2013-05-10
Never Assuming That Your Secrets Are Safe 2013-05-10
Least Privilege 2013-05-10
Least Common Mechanism 2013-05-10
Failing Securely 2013-05-10
Economy of Mechanism 2013-05-10
Complete Mediation 2013-05-10
Safe Integer Operations 2013-05-10
Runtime Analysis Tools 2013-05-10
Detection and Recovery 2013-05-10
Range Checking 2013-05-10
Randomization 2013-05-10
Null Pointers 2013-05-10
Heap Integrity Detection 2013-05-10
Guard Pages 2013-05-10
Compiler Checks 2013-05-10
Arbitrary Precision Arithmetic 2013-05-10
Windows XP SP2 2013-05-10
Strsafe.h 2013-05-10
SafeStr 2013-05-10
memcpy_s() and memmove_s() 2008-10-06
Attack Pattern References 2006-11-07
Defense in Depth 2005-09-13