[1] Vickie R W. A definition for information system survivability //Proceedings of the 37th Hawaii Internal Conference on System Sciences (HICSS04). Los Alamitos, CA: IEEE CS Press, 2004: 2086-2096.

[2] Thayer R H, Dorfman M (Eds). Software requirements engineering
[M]. Los Alamitos, CA:IEEE Computer Society Press,1997.

[3] Linger R C, Mead N R, Lipson H F. Requirements definition for survivable network systems //Proceedings of Third International Conference on Requirements Engineering.Colorado Springs: IEEE CS Press, 1998: 14-23.

[4] Nancy R Mead. Requirements engineering for survivable systems
[M]. Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2003. http://www.sei.cmu.edu/pub/documents/03.reports/pdf/03tn013.pdf.

[5] Ellison R J, Fisher D A, Linger R C. An approach to survivable systems //NATO IST Symposium on Protecting Information Systems in the 21^st Century. 1999. http://www.sei.cmu.edu/community/easel/pdfs/nato1.pdf.

[6] Firesmith D G. Engineering security requirements
[J]. Journal of Object Technology, 2003. http://www.jot.fm/issues/issue_2003_01/column6/.

[7] Abrahamsson P, Salo O, Ronkainen J. Agile software development methods
[M]. Espoo: Review and Analysis VIT Publications 478, 2002.

[8] 李 匀.网络渗透测试——保护网络安全的技术、工具和过程
[M].北京:电子工业出版社,2007.