[1] 冯登国. 计算机通信网络安全. 北京:清华大学出版社, 2001[2] Dorothy Denning, ”Cryptography and Data Security”, Addison-Wesley. ISBN0-201-10150-5.[3] M. Bishop and D. Bailey, “A Critical Analysis of Vulnerability Taxonomies”,Technical Report CSE-96-11, Dept. of Computer Science, University of California atDavis, Davis, CA 95616-8562 (Sep. 1996).[4] 微软安全中心.[5] FrSIRT. [6] 国际CVE标准. [7] Mitre Corporation. Common Vulnerabilities and Exposures. Available from , accessed 2003.[8] Wenliang Du,Aditya P. Mathur. Vulnerability Testing of Software System UsingFault TR 98-02, 1998.[9] CVSS. .[10] Matt Blaze. 2002 September 15 (Preprint, revised 2003 March 02). Cryptologyand Physical Security: Rights Amplification in Master-Keyed Mechanical Locks. IEEESecurity and Privacy (March/April 2003).[11] Steven M. Christey and Chris Wysopal. 2002 February 12 (Expired 2002 August12). Responsible Vulnerability Disclosure Process (Internet-Draft RFC).[12] Computer Emergency Response Team/Coordination Center. 2000 October Vulnerability Disclosure Policy.[13] Computer Emergency Response Team/Coordination Center. 2003. CERT/CCVulnerability Metric.[14] Russ Cooper. 2001. Proposal – The Responsible Disclosure Forum.[15] Dennis Fisher. 2003 November 18. “Security Researcher Calls for VulnerabilityTrade Association.” eWeek.[16] Daniel E. Geer, Jr. (Editor), Dennis Devlin, Jim Duncan, Jeffrey Schiller, and JaneWinn. 2002 Third Quarter. “Vulnerability Disclosure.” Secure Business Quarterly.[17] Daniel E. Geer, Jr. (Editor), Mary Ann Davidson, Marc Donner, Lynda McGhie,and Adam Shostack. 2003 Second Quarter. “Patch Management.” Secure Business Quarterly.[18] Tiina Havana. 2003 April. Communication in the Software VulnerabilityReporting Process. . thesis, University of Jyvaskyla.[19] Internet Security Systems. 2002 November 18 (Revised). X-Force™ VulnerabilityDisclosure Guidelines.[20] Elias Levy. 2001 October 21. “Security in an Open Electronic Society.”SecurityFocus.[21] Microsoft Corporation. 2002 November (Revised). Microsoft Security ResponseCenter Security Bulletin Severity Rating System.[22] Marcus Ranum. 2000 October. “The Network Police Blotter – Full Disclosure isBogus.” ;login:The Magazine of USENIX & SAGE. Volume 25, no. 6: 47-49.[23] Krsul Vulnerability of Computer Sciences,Purdue University, 1998[24] @Stake. 2002 June 05. Security Vulnerability Reporting Policy. Available from , accessed 2003.[25] William A. Arbaugh, William L. Fithen, and John McHugh. 2000 of Vulnerability: A Case Study Analysis. IEEE Computer.[26] Ross Anderson. 2001. Security Engineering: A Guide to Building DependableDistributed Systems. John Wiley & Sons. ISBN: 0-471-38922-6.[27] Matt Bishop. 2003. Computer Security: Art and Science. Addison-WesleyProfessional. ISBN: 0-201-44099-7.[28] Matt Bishop. 1999 September. Vulnerabilities Analysis. Proceedings of theSecond International Symposium on Recent Advances in Intrusion Detection.[29] 单国栋, 戴英侠, 王航. 计算机漏洞分类研究. 计算机工程,2002,28(10):3-6[30] 夏云庆 编著 Visual C++ 数据库高级编程 北京希望电子出版社[31] 段钢 编著 加密与解密(第二版) 电子工业出版社[33] 候俊杰 著 深入浅出MFC 第2 版 华中科技大学出版社[34] Applied Framework Programming (美) Jeffrey Richter 著 清华大学出版社[35] National Vulnerability Database [36] US-CERT Vulnerability Notes. [37] SecurityFocus. [38] Internet Security Systems – X-Force [39] The Open Source Vulnerability Database