Software Security: Building Security In

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Can'ts and won'ts 2nd

CANVAS tool

Carrying out fixes and validation, RMF 2nd

Catch NullPointer Exception phylum

Causes of problems

     complexity

     connectivity

     design flaws

     extensibility

     legacy applications

     mobile code

     "more lines, more bugs,"

     SOA (Service Oriented Architecture)

     software vulnerability

     Web Services

Cenzic

CERT incidents

Champions, for best practice adoption 2nd

Change maturity path 2nd

Checklists, architectural risk analysis [See also STRIDE.]

Chess, Brian

Cheswick, Bill

Cigital 2nd 3rd 4th 5th

Cigital Workbench

CISSP

COBIT

Code Quality vulnerability kingdom 2nd

Code review manual

Code review, software developers and information security practitioners 2nd

Code review, tools. [See also Tools.]

     array out of bounds 2nd

     binary analysis

     BLAST tool

     BOON tool 2nd

     code scanners 2nd

     commercial tool vendors. [See also Fortify.]

         code source analyzers

         Coverity

         Fortify

         Ounce Labs

         Secure Software

         tool characteristics

         tool problems

     constructive/destructive nature

     consultants as mentors

     CQual tool

     description

     Eau Claire tool

     ESP tool

     false negatives/positives

     FindBugs tool

     Flyover

     global analysis

     good versus perfect

     Hoglund's BugScan

     human evaluation

     implementation bugs

     integer range analysis 2nd

    ITS4

         code scanner

         rules, history

     kernel vulnerabilities 2nd

     local analysis

     module-level analysis

     MOPS tool

     RATS code scanner

    rules

         coverage

         example

         ITS4

         schema

     safety property violations

     SLAM tool

     specification checking

     Splint tool

    static code analysis

         example

         history

     taint analysis

     TOCTOU (time-of-check-time-of-use)

     touchpoint process

     xg++ tool 2nd

Command Injection phylum

Commercial architectural risk analysis

Commercial off-the-shelf software (COTS)

Commercial source code analysis tool vendors

     Coverity

     Fortify

     Ounce Labs

     Secure Software

     source code analyzers

     tool characteristics

     tool problems

comp.risks

Comparing Classes by Name phylum

Complexity

     linux/open source code base growth

     major operating systems

     metrics

     "more lines, more bugs,"

     trinity of trouble

     Windows code base growth

Connectivity, trinity of trouble

Constructive activities, touchpoints

Control flow tools

COTS (commercial off-the-shelf software) 2nd

Countermeasures, for risk mitigation

Coverage tools

Coverity

CQual tool

Creating Debug Binary phylum

Cross site scripting

Cross-Site Scripting phylum

Cultural change. [See Enterprise software security.]

CVE