Resources

• "Cyber-Attacks by Al Qaeda Feared" (The Washington Post, June 27, 2002) is non-technical description of some of today's threats.
  
  
• "Why hackers escape" (CNET News.com, May 14, 2002) gives several examples of recent computer attacks.
  
  
• The CERT/CC tracks many of the most common, known vulnerabilities and has interesting vulnerability statistics.
  
  
• Bugtraq is a mailing list that discusses known software vulnerabilities; many warnings are posted here first.
  
  
• MITRE's Common Vulnerabilities and Exposures (CVE) is a list of standardized names for specific vulnerabilities in various programs. CVE identifiers let you determine if different reports are talking about the same vulnerability or a different one.
  
  
• The CSI/FBI Computer Crime and Security Survey (2003) surveyed 251 organizations' experience with computer crime.
  
  
• The Common Criteria (August 1999) can help you identify security requirements and is freely available. This is also ISO/IEC Standard 15408:1999, but you needn't pay money to ISO -- the freely-available documents are equivalent.
  
  
• David's book Secure Programming for Linux and Unix HOWTO gives a detailed account on how to develop secure software.
  
  
• David's paper "Why OSS/FS? Look at the Numbers" discusses open source software/free software.
  
  
• "Practical Linux security" (developerWorks, October 2002) outlines several ways to keep user accounts clean and safe.
  
  
• "Web server security" (developerWorks, September 2002) details how to secure dynamic content on an Apache Web server.
  
  
• "Installing Tivoli Access Manager on Linux" (developerWorks, August 2003) provides a tutorial on getting started with IBM's policy-based access control solution on Linux.
  
  
• Find more resources for Linux developers in the developerWorks Linux zone.