[1] 冯登国. 计算机通信网络安全. 北京:清华大学出版社, 2001 [2] Dorothy Denning, ”Cryptography and Data Security”, Addison-Wesley. ISBN 0-201-10150-5. [3] M. Bishop and D. Bailey, “A Critical Analysis of Vulnerability Taxonomies”, Technical Report CSE-96-11, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (Sep. 1996). [4] 微软安全中心. [5] FrSIRT. [6] 国际CVE标准. [7] Mitre Corporation. Common Vulnerabilities and Exposures. Available from , accessed 2003. [8] Wenliang Du,Aditya P. Mathur. Vulnerability Testing of Software System Using Fault TR 98-02, 1998. [9] CVSS. . [10] Matt Blaze. 2002 September 15 (Preprint, revised 2003 March 02). Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks. IEEE Security and Privacy (March/April 2003). [11] Steven M. Christey and Chris Wysopal. 2002 February 12 (Expired 2002 August 12). Responsible Vulnerability Disclosure Process (Internet-Draft RFC). [12] Computer Emergency Response Team/Coordination Center. 2000 October 09. CERT/CC Vulnerability Disclosure Policy. [13] Computer Emergency Response Team/Coordination Center. 2003. CERT/CC Vulnerability Metric. [14] Russ Cooper. 2001. Proposal – The Responsible Disclosure Forum. [15] Dennis Fisher. 2003 November 18. “Security Researcher Calls for Vulnerability Trade Association.” eWeek. [16] Daniel E. Geer, Jr. (Editor), Dennis Devlin, Jim Duncan, Jeffrey Schiller, and Jane Winn. 2002 Third Quarter. “Vulnerability Disclosure.” Secure Business Quarterly. [17] Daniel E. Geer, Jr. (Editor), Mary Ann Davidson, Marc Donner, Lynda McGhie, and Adam Shostack. 2003 Second Quarter. “Patch Management.” Secure Business Quarterly. [18] Tiina Havana. 2003 April. Communication in the Software Vulnerability Reporting Process. . thesis, University of Jyvaskyla. [19] Internet Security Systems. 2002 November 18 (Revised). X-Force™ Vulnerability Disclosure Guidelines. [20] Elias Levy. 2001 October 21. “Security in an Open Electronic Society.” SecurityFocus. [21] Microsoft Corporation. 2002 November (Revised). Microsoft Security Response Center Security Bulletin Severity Rating System. [22] Marcus Ranum. 2000 October. “The Network Police Blotter – Full Disclosure is Bogus.” ;login:The Magazine of USENIX & SAGE. Volume 25, no. 6: 47-49. [23] Krsul Vulnerability of Computer Sciences, Purdue University, 1998 [24] @Stake. 2002 June 05. Security Vulnerability Reporting Policy. Available from , accessed 2003. [25] William A. Arbaugh, William L. Fithen, and John McHugh. 2000 December. Windows of Vulnerability: A Case Study Analysis. IEEE Computer. [26] Ross Anderson. 2001. Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons. ISBN: 0-471-38922-6. [27] Matt Bishop. 2003. Computer Security: Art and Science. Addison-Wesley Professional. ISBN: 0-201-44099-7. [28] Matt Bishop. 1999 September. Vulnerabilities Analysis. Proceedings of the Second International Symposium on Recent Advances in Intrusion Detection. [29] 单国栋, 戴英侠, 王航. 计算机漏洞分类研究. 计算机工程,2002,28(10):3-6 [30] 夏云庆 编著 Visual C++ 数据库高级编程 北京希望电子出版社 [31] 段钢 编著 加密与解密(第二版) 电子工业出版社 [33] 候俊杰 著 深入浅出MFC 第2 版 华中科技大学出版社 [34] Applied Framework Programming (美) Jeffrey Richter 著 清华 大学出版社 [35] National Vulnerability Database [36] US-CERT Vulnerability Notes. [37] SecurityFocus. [38] Internet Security Systems – X-Force Database. [39] The Open Source Vulnerability Database