[biblio22_01] (Microsoft 2005a) .NET Framework Developer’s Guide, “Demand vs. LinkDemand,” http://msdn2.microsoft.com/en-us/library/3ky50t49.aspx. MSDN, 2005.

[biblio22_02] (Brown 2001) Brown,Keith. “Security in .NET: Enforce Code Access Rights with the Common Language Runtime,” http://msdn.microsoft.com/msdnmag/issues/01/02/cas/. MSDN Magazine, February 2001.

[biblio22_03] (Microsoft 2005b) .NET Framework Developer’s Guide, “Using the Assert Method,” http://msdn2.microsoft.com/en-us/library/91wteedy.aspx. MSDN, 2005.

[biblio22_04] (Howard, LeBlanc, and Viega 2005) Howard,Michael, DavidLeBlanc, and JohnViega. 19 Deadly Sins of Software Development. New York, NY: McGraw-Hill, 2005. Chapter 15, “Improper File Access.”

[biblio22_05] (GNU Privacy Guard 2006) Koch,Werner. “GnuPG does not detect injection of unsigned data,” http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html. March 2006.

[biblio22_06] (CVE-2003-0020) Common Vulnerabilities and Exposures. “Terminal Emulator Security Issues,” http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020.

[biblio22_07] (Wikipedia 2006) “Side channel attack,” http://en.wikipedia.org/wiki/Side-channel_attack.

[biblio22_08] (CERT 2001) US-CERT. “Vulnerability Note VU#959207, Lotus Notes Java VM leaks file existence through timing difference in ECLs,” http://www.kb.cert.org/vuls/id/959207. May 2001.

[biblio22_09] (Anley 2002) Anley, Chris, NGSSoftware. “(more) Advanced SQL Injection,” http://www.ngssoftware.com/papers/more_advanced_sql_injection.pdf. June 2002.

[biblio22_10] (CERT 2002a) US-CERT. “Vulnerability Note VU#156123, Microsoft Office Web Components allow arbitrary user to determine whether local file exists via Chart component ‘Load’ method,” http://www.kb.cert.org/vuls/id/156123. September 2002.

[biblio22_11] (CERT 2003) US-CERT. “Vulnerability Note VU#888801, SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension,” http://www.kb.cert.org/vuls/id/888801. April 2003.

[biblio22_12] (Lucas 2005) Lucas,MichaelW. “Information Security with Colin Percival,” http://www.onlamp.com/pub/a/bsd/2005/07/21/Big_Scary_Daemons.html. July 2005.

[biblio22_13] (SecuriTeam 2005) SecuriTeam Blog. “Side-channel attacks and listening to keyboards,” http://blogs.securiteam.com/index.php/archives/89. September 2005.

[biblio22_14] (Mimoso 2006) Mimoso,Michael, SearchSecurity.com. “Crypto panel takes on RFID, bashed hash functions,” http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1166550,00.html. February 2006.

[biblio22_15] (National Security Agency 2006) “Report # I333-015R-2005, Redacting with Confidence: How to Safely Publish Sanitized Reports Converted from Word to PDF,” http://www.nsa.gov/notices/notic00004.cfm?Address=/snac/vtechrep/I333-TR-015R-2005.PDF. February 2006.

[biblio22_16] (Howard 2002) “Some Bad News and Some Good News,” http://msdn.microsoft.com/library/en-us/dncode/html/secure10102002.asp. MSDN, October 2002.

[biblio22_17] (Chow et al. 2005) Chow,Jim, BenPfaff, TalGarfinkel, and MendelRosenblum, Stanford University Department of Computer Science. “Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation,” http://www.stanford.edu/~blp/papers/shredding.html/. 14th USENIX Security Symposium, July/August 2005.

[biblio22_18] (CERT 2002b) US-CERT. “Vulnerability Note VU#539363, State-based firewalls fail to effectively manage session table resource exhaustion,” http://www.kb.cert.org/vuls/id/539363. October 2002.

[biblio22_19] (Young 2000) Young,Warren. Winsock Programmer’s FAQ. “Debugging TCP/IP,” http://tangentsoft.net/wskfaq/articles/debugging-tcp.html.