Design and Development (A3): SDL Activities and Best Practices 159
6. Information Assurance Technology Analysis Center (ITAC)/Data and Analysis
Center for Software (DACS) (2007), Software Security Assurance State-of-the-Art
Report (SOAR). Available at http://iac.dtic.mil/csiac/download/security.pdf.
7. Krutz, R., and Fry, A. (2009), The CSSLP Prep Guide: Mastering the Certified
Secure Software Lifecycle Professional. Wiley, Indianapolis, IN.
8. Information Assurance Technology Analysis Center (ITAC)/Data and Analysis
Center for Software (DACS) (2007), Software Security Assurance State-of-the-Art
Report (SOAR). Available at http://iac.dtic.mil/csiac/download/security.pdf.
9. Krutz, R., and Fry, A. (2009), The CSSLP Prep Guide: Mastering the Certified
Secure Software Lifecycle Professional. Wiley, Indianapolis, IN.
10. Information Assurance Technology Analysis Center (ITAC)/Data and Analysis
Center for Software (DACS) (2007), Software Security Assurance State-of-the-Art
Report (SOAR). Available at http://iac.dtic.mil/csiac/download/security.pdf.
11. Fink, G., and Bishop, M. (1997), “Property-Based Testing: A New Approach
to Testing for Assurance.” SIGSOFT Software Engineering Notes, vol. 22, no. 4,
pp.74–80.
12. Goertzel, K., et al. (2008), Enhancing the Development Life Cycle to Produce Secure
Software. Version 2.0. U.S. Department of Defense Data and Analysis Center for
Software, Rome, NY.
13. Michael, C., and Radosevich, W. (2005), “Risk-Based and Functional Security
Testing.” Cigital white paper, U.S. Department of Homeland Security. Updated
2009-07-23 by Ken van Wyk. Available at https://buildsecurityin.us-cert.gov/bsi/
articles/best-practices/testing/255-BSI.html#dsy255-BSI_sstest.
14. Saltzer, J., and Schroeder, M. (1974), “The Protection of Information in Computer
Systems.” Fourth ACM Symposium on Operating Systems Principle, October
1974.
15. Ibid.
16. Grembi, J. (2008), Secure Software Development: A Security Programmer’s Guide.
Course Technology, Boston, MA.
17. Microsoft Corporation (2008), Privacy Guidelines for Developing Software Products
and Services, Version 3.1; September 2008. Available at http://www.microsoft.
com/en-us/download/details.aspx?id=16048.
18. Microsoft Corporation (2012). MSDN, SDL—Process Guidance—Appendix C:
SDL Privacy Questionnaire. Available at http://msdn.microsoft.com/en-us/library/
cc307393.aspx.
19. Microsoft (2011), Simplified Implementation of the Microsoft SDL. Available at
http://www.microsoft.com/en-us/download/details.aspx?id=12379.
20. Microsoft Corporation (2008), Privacy Guidelines for Developing Software Products
and Services, Version 3.1; September 2008. Available at http://www.microsoft.
com/en-us/download/details.aspx?id=16048.
21. Microsoft Corporation (2012), MSDN, SDL—Process Guidance—Appendix C:
SDL Privacy Questionnaire. Available at http://msdn.microsoft.com/en-us/library/
cc307393.aspx.
22. Microsoft (2011), Simplified Implementation of the Microsoft SDL. Available at
http://www.microsoft.com/en-us/download/details.aspx?id=12379.