|
P.1
|
|
Statement of Task,
|
|
ix
|
|
2.1
|
|
Lack of Exploitation Does Not Indicate Nonvulnerability,
|
|
30
|
|
2.2
|
|
Major Sources of Data Characterizing the Cyberthreat,
|
|
36
|
|
2.3
|
|
On Botnets,
|
|
40
|
|
2.4
|
|
Possible Points of Vulnerability in Information Technology Systems and Networks,
|
|
44
|
|
2.5
|
|
Foreign Sourcing of Information Technology Used in the United States,
|
|
47
|
|
2.6
|
|
The Silence of a Successful Cyberattack,
|
|
48
|
|
3.1
|
|
What Firewalls and Antivirus Products Protect Against,
|
|
59
|
|
3.2
|
|
Lessons Learned from the Technology-Transfer Effort Associated with Microsoft’s Static Driver Verifier,
|
|
64
|
|
4.1
|
|
The Saltzer-Schroeder Principles of Secure System Design and Development,
|
|
86
|
|
6.1
|
|
Fluency with Information Technology (and Cybersecurity),
|
|
126
|
|
6.2
|
|
Bug Bounties and Whistle-Blowers,
|
|
156
|
|
8.1
|
|
Issues in System Migration,
|
|
183
|
|
8.2
|
|
Secrecy of Design,
|
|
186
|
|
8.3
|
|
Attack Diffusion,
|
|
204
|
|
10.1
|
|
A Model Categorization for Understanding Budgets,
|
|
240
|
