Links from the book

• http://www.radium.ncsc.mil/tpep/process/faq.html - the US TCSEC programme
• http://www.itsec.gov.uk, - UK ITSEC Scheme (seems to have moved to http://www.cesg.gov.uk/site/iacs/index.cfm?menuSelected=1&displayPage=1 )
• ftp://ftp.cse-cst.gc.ca/pub/criteria/CTCPEC - the Canadian evaluation criteria (can't find it, see http://www.cse-cst.gc.ca )

• http://www.qnx.com/literature/nto_sysarch/nto_sysarch.html
• http://www.zendo.com/vsta/vsta_intro.html (dead link)

• http://www.qnx.com/literature/nto_sysarch/nto_sysarch.html
• http://www.lilli.com/multics.html (moved, see http://www.multicians.org/ )

• http://www.sri.ucl.ac.be/SRI/documents/unix-secure
• http://back.cis.temple.edu/linux/linux-security (dead)
• http://info.cert.org (dead, see http://www.cert.org )
• ftp://info.cert.org/pub/cert_advisories
• ftp://ftp.win.tue.nl/pub/security/index.html (dead)
• http://www.axent.com (dead)
• http://www.ov.com
• http://www.secnet.com/nav2.html

• http://www.microsoft.com/security
• http://www.trustedsystems.com
• http://www.ntshop.net (useless)
• http://www.ntresearch.com/links.htm (useless)
• http://www.s390.ibm.com/racf

• http://www.itd.nrl.navy.mil/ITD/5540/main_fra.html (see http://chacs.nrl.navy.mil/main_fra.html )
• http://www.netspace.org/lsv-archive/bugtraq.html (moved, see http://www.securityfocus.com/archive/1 )

• http://www.radium.ncsc.mil/tpep/process/faq.html - the US TCSEC programme
• http://www.itsec.gov.uk, - UK ITSEC Scheme (seems to have moved to http://www.cesg.gov.uk/site/iacs/index.cfm?menuSelected=1&displayPage=1 )
• ftp://ftp.cse-cst.gc.ca/pub/criteria/CTCPEC - the Canadian evaluation criteria (can't find it, see http://www.cse-cst.gc.ca )
• http://csrc.ncsl.nist.gov/cc - the Common Criteria

• http://www.omg.org
• http://www.acl.lanl.gov/CORBA (see http://www.corba.org/ )

• http://www.w3.org - World Wide Web Consortium
• http://java.sun.com/sfaq - JavaSoft's introduction to Java Applet security
• http://java.sun.com/forum/securityForum.html - more on Java security (dead, see http://java.sun.com/security/ )
• http://hoohoo.ncsa.uiuc.edu/cgi - the de facto CGI standard
• http://www.microsoft.com/intdev/security/authcode/authwp.zip - Microsoft's authenticode (dead)
• http://wwwcgi.umr.edu/~cgiwrap/ - for CGIwrap

• http://www.cesg.gov.uk/storynse.htm (dead)
• http://www.nsa.gov:8080/docs/venona/venona.html (moved to http://www.nsa.gov/venona/ )
• http://www.rsa.com
• http://www.entrust.com
• http://www.verisign.com

• http://www.ietf.org
• ds.internic.net (US East Coast)
• nic.nordu.net (Europe)
• http://ftp.isi.edu (US West Coast)
• munnari.oz.au (Pacific Rim)
• http://www.netscape.com/eng/ssl3 - SSL spec
• http://www.tis.com - Trusted Infrastructure Systems, firewall toolkit
• http://www.clark.net/pub/mjr/pubs (dead)
• http://www.sctc.com - Sidewinder firewall (see http://www.securecomputing.com/index.cfm?skey=232 )

• http://www.informix.com
• http://www.oracle.com
• http://www.sybase.com
• http://www.mysql.com

(see chapter 14)