[biblio03_01] (DOD 1985) Department of Defense Standard. Department of Defense Trusted Computer System Evaluation Criteria, (DOD 5200.28-STD, Supercedes CSC-STD-001-83, dtd 15 Aug 83), http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.html. 26 December 1985.

[biblio03_02] (Karger 1991) Karger,P.A., M.E.Zurko, D.W.Bonin, A.H.Mason, and C.E.Kahn. “A Retrospective on the VAX VMM Security Kernel,” Transactions on Software Engineering, 17(11):1147–1165. November 1991.

[biblio03_03] (ITSEC 1991) Commission of the European Communities. Information Technology Security Evaluation Criteria, Provisional Harmonised Criteria, Version 1.2, http://www.oc.ccn.cni.es/pdf/ITSEC.pdf. 28 June 1991.

[biblio03_04] (Common Criteria 2005) Common Criteria Project. Common Criteria for Information Technology Security Evaluation, Version 2.3, http://www.commoncriteriaportal.org/public/developer/index.php?menu=2. August 2005.

[biblio03_05] (NCSC 2000) National Computer Security Center. Trusted Product Evaluation Program, Evaluated Products List by Vendor, http://www.radium.ncsc.mil/tpep/epl/epl-by-vendor.html#Microsoft. August 2000.

[biblio03_06] (ITSEC 1999) Information Technology Security Evaluation Criteria, E3–F/C2 Evaluation, http://www.microsoft.com/technet/archive/security/topics/issues/e3-fc2ev.mspx. April 1999.

[biblio03_07] (Common Criteria 2006) Common Criteria Project. List of Evaluated Products, http://www.commoncriteriaportal.org/public/consumer/index.php?menu=4.

[biblio03_08] (CERT 1997) Carnegie Mellon Software Engineering Institute, CERT Coordination Center. “CERT Advisory CA-1997-20 JavaScript Vulnerability,” http://www.cert.org/advisories/CA-1997-20.html. July 1997.

[biblio03_09] (CERT 1994) Carnegie Mellon Software Engineering Institute, CERT Coordination Center. “CERT Advisory CA-1994-07 wuarchive ftpd Trojan Horse,” http://www.cert.org/advisories/CA-1994-07.html. April 1994.

[biblio03_10] (CERT 2001a) Carnegie Mellon Software Engineering Institute, CERT Coordination Center. “CERT Advisory CA-2001-19 ‘Code Red’ Worm Exploiting Buffer Overflow in IIS Indexing Service DLL,” http://www.cert.org/advisories/CA-2001-19.html. July 2001.

[biblio03_11] (CERT 2001b) Carnegie Mellon Software Engineering Institute, CERT Coordination Center. “CERT Advisory CA-2001-26 Nimda Worm,” http://www.cert.org/advisories/CA-2001-26.html. September 2001.

[biblio03_12] (CERT 2001c) Carnegie Mellon Software Engineering Institute, CERT Coordination Center. “CERT Advisory CA-2001-37 Buffer Overflow in UPnP Service on Microsoft Windows,” http://www.cert.org/advisories/CA-2001-37.html. December 2001.

[biblio03_13] (Microsoft 2002) Microsoft Corporation. Executive E-mail, “Trustworthy Computing,” http://www.microsoft.com/mscorp/execmail/2002/07-18twc.asp. July 2002.

[biblio03_14] (Paul and Evans 2006) Paul,Nathaniel, and DavidEvans. University of Virginia, Department of Computer Science, “Comparing Java and .NET Security: Lessons Learned and Missed,” http://www.cs.virginia.edu/~nrp3d/papers/computers_and_security-net-java.pdf.

[biblio03_15] (Howard and LeBlanc 2002) Howard,Michael, and DavidLeBlanc. Writing Secure Code, 1st ed. Redmond, WA: Microsoft Press, 2002.