58 Core Software Security
16. SAFECode (2011), Fundamental Practices for Secure Software Development, 2nd
ed., A Guide to the Most Effective Secure Development Practices in Use Today,
February 8, 2011. Retrieved from www.safecode.org/publications/SAFECode_
Dev_Practices0211.pdf.
17. U.S. Department of Homeland Security (2012), “Build Security In.” Retrieved
from https://buildsecurityin.us-cert.gov/bsi/home.html.
18. U.S. Department of Homeland Security (2012), “Background: Department
of Homeland Security (DHS) National Cyber Security Division’s (NCSD).”
Retrieved from https://buildsecurityin.us-cert.gov/swa/cwe/background.html.
19. U.S. Department of Homeland Security (2012), “Software Assurance:
Community Resources and Information Clearinghouse.” Retrieved from https://
buildsecurityin.us-cert.gov/swa/cwe.
20. U.S. National Institute of Standards and Technology (2012), “Introduction to
SAMATE.” Retrieved from http://samate.nist.gov/index.php/Introduction_to_
SAMATE.html.
21. U.S. National Institute of Standards and Technology (2008), NIST Special
Publication 800-64, Revision 2: Security Considerations in the System Development
Life Cycle, October 2008. Retrieved from http://csrc.nist.gov/publications/
nistpubs/800-64-Rev2/SP800-64-Revision2.pdf.
22. U.S. National Institute of Standards and Technology (2012), National Vulnerability
Database, Version 2.2. Retrieved from http://nvd.nist.gov.
23. U.S. National Institute of Standards and Technology (2012), “NVD Common
Vulnerability Scoring System Support v2.” Retrieved from http://nvd.nist.gov/
cvss.cfm?version=2.
24. MITRE Corporation (2012), Common Vulnerabilities and Exposures (CVE)
homepage. Retrieved from http://cve.mitre.org.
25. MITRE Corporation (2012), “CVE Frequently Asked Questions.” Retrieved from
http://cve.mitre.org/about/faqs.html.
26. SANS Institute (2012), “Twenty Critical Security Controls for Effective Cyber
Defense: Consensus Audit Guidelines.” Retrieved from http://www.sans.org/
critical-security-controls.
27. MITRE Corporation (2012), “CVE-Compatible Products and Services.” Retrieved
from http://cve.mitre.org/compatible/compatible.html.
28. MITRE Corporation (2012), “CVE Frequently Asked Questions.” Retrieved from
http://cve.mitre.org/about/faqs.html.
29. U.S. Department of Defense Cyber Security and Information Systems Information
Analysis Center (CSIAC) (2012), CSIAC webpage. Retrieved from https://www.
thecsiac.com/group/csiac.
30. Goertzel, K., et al., for Department of Homeland Security and Department of
Defense Data and Analysis Center for Software (2008), Enhancing the Development
Life Cycle to Produce Secure Software: A Reference Guidebook on Software Assurance,
Version 2, October 2008. Retrieved from https://www.thedacs.com/techs/
enhanced_life_cycles.
31. Goertzel, K., et al. (2008), Software Security Assurance: State-of-the-Art Report