| ANDE72 | Computer Security Technology Planning Study, EDS-TR-73-51, Vol. 1, Anderson, J.P., Hanscom AFB, Massachusetts, 1972. |
| CC | Common Criteria for Information Technology Security Evaluation (aligned with ISO/IEC International Standard (IS) 15408), Version 2.1, August 1999. The CC consists of four volumes available at, e.g., http://www.radium.ncsc.mil/tpep/library/ccitse/, and at http://csrc.nist.gov/cc/ccv20/ccv2list.htm#CCV21. |
| DoD88 | Security Requirements for Automated Information Systems, DOD Directive 5200.28, 21 March 1988. |
| Howard 97 | Howard, J. D., An Analysis of Security Incidents on the Internet: 1989-1995, Ph.D. Theses, Carnegie Mellon University, 1997. |
| IETF99 | R. Shirey, Internet Security Glossary, Internet
Engineering Task Force, 17 October 1999. Available at http://www.ietf.org/internet-drafts/draft-shirey-security-glossary-02.txt |
| ITSEC | Information Technology Security Evaluation Criteria (ITSEC), Version 1.2, 1991. |
| Krsul 98 | Krsul, I.V., Software Vulnerability Analysis, Ph.D. Thesis, Purdue University, 1998. |
| Longstaff 97 | Longstaff, T., Update: CERT/CC Vulnerability Knowledgebase, DARPA Workshop, Savannah, Georgia, 1997. |
| NCSC87 | Trusted Network Interpretation, NCSC-TG-005, National Computer Security Center, July 1987. Available at http://www.radium.ncsc.mil/tpep/library/rainbow/index.html#TG005. |
| NCSC88 | Glossary of Computer Security Terms, National Computer Security Center, NCSC-TG-004. Available at http://www.radium.ncsc.mil/tpep/library/rainbow/index.html#TG004. |
| NCSC92 | A Guide to Understanding Security Modeling in Trusted Systems, National Computer Security Center, NCSC-TG-004, October 1992. Available at http://www.radium.ncsc.mil/tpep/library/rainbow/index.html#TG010. |
| Neumann 89 | Neumann, P.G., and D.B. Parker, "A Survey of Computer Abuse Techniques," Proceedings of the 12th National Computer Security Conference, Pages 396-407, 1989. |
| NIST74 | Guidelines for Automatic Data Processing Physical Security and Risk Management, National Institute of Standards and Technology (NIST), Federal Information Processing Standards Publication (FIPS PUB) 31, June 1974. |
| Perry 84 | Perry, T., and P. Wallich, Can Computer Crime be Stopped?, IEEE Spectrum, No. 21, Vol. 5, 1984. |
| Power 96 | Power, R., Current and Future Danger: A CSI Primer of Computer Crime and Information Warfare, CSI Bulletin, 1996. |
| TCSEC | Trusted Computer System Evaluation Criteria (TCSEC), December 1985, DOD 5200.28-STD. Available at http://www.radium.ncsc.mil/tpep/library/rainbow/index.html#STD520028. |