1. M. Frantzen, F. Kerschbaum, E. Schultz, and S. Fahmy, 2001. A framework for understanding vulnerabilities in firewalls using a dataflow model of firewall internals. Computers & Security, Vol. 20, No. 3, 2001, pp. 263-270.

2. Ivan Krsul, Software Vulnerability Analysis, Ph.D. thesis, Department of Computer Sciences, Purdue University, 1998, https://www.cerias.purdue.edu/techreports-ssl/public/98-09.pdf.

3. W. Du and A.P. Mathur, 2000. Testing for software vulnerability using environment perturbation. Proceeding of the International Conference on Dependable Systems and Networks (DSN 2000), Workshop On Dependability Versus Malicious Faults, June 2000, http://www.cerias.purdue.edu/homes/duw/research/paper/ftcs30workshop.ps, pp. 603-612.

4. W. Du and A.P. Mathur, 1998. Categorization of software errors that led to security breaches. Proceedings of the 21st National Information Systems Security Conference (NISSC’98), 1998, http://www.cerias.purdue.edu/homes/duw/research/paper/nissc98.ps.

5. M. Bishop and D. Bailey, 1996. A critical analysis of vulnerability taxonomies. Proceedings of the NIST Invitational Workshop on Vulnerabilities, July 1996, Also appears as Technical Report 96-11, Department of Computer Science, University of California at Davis (Sept. 1996) at http://seclab.cs.ucdavis.edu/projects/ vulnerabilities/scriv/ucd-ecs-96-11.ps. Also see “Classifying Vulnerabilities”, “A Taxonomy of UNIX and Network Security Vulnerabilities” at http://seclab.cs.ucdavis.edu/projects/vulnerabilities/scriv/ucd-ecs-95-10.ps and “Vulnerabilities Analysis” by the same author.