G. A. Akerlof. The market for “lemons”: Quality uncertainty and the market mechanism. The Quarterly Journal of Economics, 84(3):488–500, August 1970.
E. Amoroso. Fundamentals of Computer Security Technology. Prentice Hall, 1994. Includes author’s list of 25 Greatest Works in Computer Security.
A. Avizienis, J. Laprie, B. Randell, and C. E. Landwehr. Basic concepts and taxonomy of dependable and secure computing. ACM Trans. Inf. Systems and Security, 1(1):11–33, 2004.
R. G. Bace. Intrusion Detection. Macmillan, 2000.
R. W. Baldwin. Rule Based Analysis of Computer Security. PhD thesis, MIT, Cambridge, MA, June 1987. Describes security checkers called Kuang systems, and in particular one built for Unix.
D. Basin, P. Schiller, and M. Schläpfer. Applied Information Security. Springer, 2011.
D. Gollmann. Computer Security (3rd edition). John Wiley, 2011.
M. Howard and D. LeBlanc. Writing Secure Code (2nd edition). Microsoft Press, 2002.
A. Jaquith. Security Metrics: Replacing Fear, Uncertainty, and Doubt. Addison-Wesley, 2007.
B. Kordy, S. Mauw, S. Radomirovic, and P. Schweitzer. Foundations of attack-defense trees. In Formal Aspects in Security and Trust 2010, pages 80–95. Springer LNCS 6561 (2011).
J. Lowry, R. Valdez, and B. Wood. Adversary modeling to develop forensic observables. In Digital Forensics Research Workshop (DFRWS), 2004.
S. Mauw and M. Oostdijk. Foundations of attack trees. In Information Security and Cryptology (ICISC 2005), pages 186–198. Springer LNCS 3935 (2006).
NIST. Special Pub 800-30 rev 1: Guide for Conducting Risk Assessments. U.S. Dept. of Commerce,September 2012.
D. B. Parker. Risks of risk-based security. Comm. ACM, 50(3):120–120, March 2007.
C. P. Pfleeger and S. L. Pfleeger. Security in Computing (4th edition). Prentice Hall, 2006.
E. Rescorla. SSL and TLS: Designing and Building Secure Systems. Addison-Wesley, 2001.
J. H. Saltzer and M. F. Kaashoek. Principles of Computer System Design. Morgan Kaufmann, 2010.
J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308, September 1975.
A. Shostack. Threat Modeling: Designing for Security. John Wiley and Sons, 2014.
R. E. Smith. A contemporary look at Saltzer and Schroeder’s 1975 design principles. IEEE Security & Privacy, 10(6):20–25, 2012.
W. Stallings and L. Brown. Computer Security: Principles and Practice (3rd edition). Pearson, 2015.