- FAST - FZI Assessment Toolkit: research on the use of FAST tools for building secure software is currently running.
- To Be Announced
Assocations of interest
- ISSECO - International Secure Software Engineering Forum
- Ka-IT-SI - Karlsruhe IT Sicherheitsinitiative
- C. Pilder, Meta-Models for Static Analysis of OO-Component Code. DA.
- Gary McGraw. Software Security - Building Security In. Pearson Education, London, January 2006. ISBN-13: 978-0321356703.
- Michael Howard and David LeBlanc. Writing Secure Code, Second Edition. Microsoft Press, Redmond, WA, 2002. ISBN-13: 978-0735617223. (pierre)
- Greg Hoglund and Gary McGraw. Exploiting Software - How to Break Code. Addison-Wesley, Peason Education Inc., 2004. ISBN-13:978-0201786958. (pierre)
- Markus Schumacher. Security Engineering With Patterns: Origins, Theoretical Models, and New Applications. LNCS. September 2003. ISBN-13: 978-3540407317.
- Ken Thompson. Reflection on trusting trust. Communication of the ACM, 27(8):761–763, August 1984 (Turing Award Lecture).
- Gary McGraw. Software security. IEEE Security & Privacy Magazine, 2(2):80–83, March-April 2004.
- Algirdas Avizienis, Jean-Claude Laprie, Brian Randell, and Carl Landwehr. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 01(1):11–33, 2004.
- Jerome H. Saltzer and Michael D. Schroeder. The protection of information in computer systems. In Fourth ACM Symposium on Operating System Principles, October 1973.
- Katrina Tsipenyuk, Brian Chess, and Gary McGraw. Seven pernicious kingdoms: A taxonomy of software security errors. IEEE Security & Privacy, 3(6):81–84, November/December 2005.
- Paul E. Black. Software assurance metrics and tool evaluation. In International Conference on Software Engineering Research and Practice (SERP’05), June 2005.
- Frederick P. Brooks. No silver bullet: Essence and accidents of software engineering. Computer, 20(4):10–19, April 1987.
- Glenn Brunette. Toward systemically secure IT architectures. Sun BluePrints OnLine, February 2006. Sun Microsystems, Inc.
- Steven M. Christey. Open letter on the interpretation of "vulnerability statistics". Bugtraq, Full-Disclosure Mailing list, January 2006.
- Karen M. Goertzel, Thoedore Winograd, Holly L. McKinley, Lyndon Oh, Michael Colon, Thomas Mcibbon, Elaine Fedchak, and Robert Vienneau. Software Security Assurance: a State-of-The-Art Report (SOAR). Information Assurance Technology Analysis Center (IATAC) and Data and Analysis Center for Software (DACS), July 2007.
- Michael Howard. A process for performing security code reviews. IEEE Security and Privacy, 4(4):74 – 79, July 2006.
- David Hovemeyer and William Pugh. Finding bugs is easy. In ACM SIGPLAN Notices, volume 39, pages 92 – 106, 2004. COLUMN: OOPSLA onward.
- Steve Lipner and Michael Howard. The trustworthy computing security development lifecycle. Microsoft Corporation Whitepaper, March 2005. Security Engineering and Communications, Security Business and Technology Unit, Microsoft Corporation.
- Ulf Lindqvist and Erland Jonsson. How to systematically classify computer security intrusions. In IEEE Symposium on Security and Privacy, pages 154–163, May 1997.
- OWASP Foundation. Owasp testing guide - V 2, 2007. Creative Commons Attribution-ShareAlike 2.5 License.
- OWASP Foundation. Owasp code review guide - RC 2, 2008. Creative Commons Attribution-ShareAlike 2.5 License.
- Software Assurance Forum for Excellence in Code (SAFECode). Software assurance: An overview of current industry best practices. SAFECode Whitepaper, February 2008.
- John Viega and Gary McGraw. Building Secure Software - How to Avoid Security Problems the Righ Way. Number 528 in Professional Computing Series. Addison-Wesley Professional, 2001. ISBN-13: 978-0201721522.
- Ivan Victor Krsul. Software Vulnerability Analysis. PhD thesis, Purdue University, May 1998.
- Joshua Bloch and Neal Gafter. Java Puzzlers - Traps, Pitfalls and CornerCases. Pearson Education, June 2005. ISBN-13: 978-0321336781.
- Li Gong, Gary Ellison, and Mary Dadgeforde. Inside Java 2 Platform Security - Architecture, API Design, and Implementation, Second Edition. Addison-Wesley, 2003. ISBN-13: 978-0201787917.
- Fred Long. Software vulnerabilities in Java. Technical Report CMU/SEI-2005-TN-044, Carnegie Mellon University, October 2005.
- Sun Microsystems Inc. Secure coding guidelines for the Java programming language, version 2.0. Sun Whitepaper, 2007. http://java.sun.com/security/seccodeguide.html.
- Pierre Parrend and Stephane Frenot. Classification of component vulnerabilities in Java service oriented programming (SOP) platforms. In Conference on Component-based Software Engineering (CBSE’2008), volume 5282/2008 of LNCS, Karlsruhe, Germany, October 2008. Springer Berlin / Heidelberg.