Secure programmer: Developing secure programs
- "Cyber-Attacks by Al Qaeda Feared" (The Washington Post, June 27, 2002) is non-technical description of some of today's threats.
- "Why hackers escape" (CNET News.com, May 14, 2002) gives several examples of recent computer attacks.
- The CERT/CC tracks many of the most common, known vulnerabilities and has interesting vulnerability statistics.
- Bugtraq is a mailing list that discusses known software vulnerabilities; many warnings are posted here first.
- MITRE's Common Vulnerabilities and Exposures (CVE) is a list of standardized names for specific vulnerabilities in various
programs. CVE identifiers let you determine if different reports are
talking about the same vulnerability or a different one.
- The CSI/FBI Computer Crime and Security Survey (2003) surveyed 251 organizations' experience with computer crime.
- The Common Criteria
(August 1999) can help you identify security requirements and is freely
available. This is also ISO/IEC Standard 15408:1999, but you needn't
pay money to ISO -- the freely-available documents are equivalent.
- David's book Secure Programming for Linux and Unix HOWTO gives a detailed account on how to develop secure software.
- David's paper "Why OSS/FS? Look at the Numbers" discusses open source software/free software.
- "Practical Linux security" (developerWorks, October 2002) outlines several ways to keep user accounts clean and safe.
- "Web server security" (developerWorks, September 2002) details how to secure dynamic content on an Apache Web server.
- "Installing Tivoli Access Manager on Linux" (developerWorks, August 2003) provides a tutorial on getting started with IBM's policy-based access control solution on Linux.
- Find more resources for Linux developers in the developerWorks Linux zone.
First published by IBM developerWorks