Small improvements here and there.

1 files changed, 54 insertions, 0 deletions

diff --git a/documentation/research/Security.md b/documentation/research/Security.md
new file mode 100644
index 000000000..0609f92c0
--- /dev/null
+++ b/documentation/research/Security.md
@@ -0,0 +1,54 @@
+# Programming language
+
+1. [Secure Compilation](https://blog.sigplan.org/2019/07/01/secure-compilation/)
+
+# Cautionary tale
+
+1. [Thou Shalt Not Depend on Me: A look at JavaScript libraries in the wild](https://queue.acm.org/detail.cfm?id=3205288)
+1. https://medium.com/@nodepractices/were-under-attack-23-node-js-security-best-practices-e33c146cb87d
+
+# Surface area
+
+1. [Towards Automated Application-Specific Software Stacks](https://arxiv.org/pdf/1907.01933.pdf)
+
+# Vulnerability
+
+1. https://medium.com/@shnatsel/how-rusts-standard-library-was-vulnerable-for-years-and-nobody-noticed-aebf0503c3d6
+1. [ACLs don’t](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.406.4684&rep=rep1&type=pdf)
+1. https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf
+1. https://pwnedkeys.com/
+1. [What Spectre Means for Lanugage Implementers - Ben Titzer - PLISS 2019](https://www.youtube.com/watch?v=FGX-KD5Nh2g)
+1. https://rambleed.com/
+1. https://browserleaks.com/
+
+# Reference
+
+1. [Secure Socket API](https://securesocketapi.org/)
+1. [Mind your Language(s): A discussion about languages and security](https://www.ssi.gouv.fr/uploads/IMG/pdf/Mind_Your_Languages_-_version_longue.pdf)
+1. https://www.microsoft.com/en-us/research/blog/scaling-the-everest-of-software-security-with-dr-jonathan-protzenko/
+1. https://www.owasp.org/index.php/Main_Page
+1. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
+1. https://wiki.sei.cmu.edu/confluence/display/seccode/Top+10+Secure+Coding+Practices
+1. https://www.archive.ece.cmu.edu/~grey/
+1. http://www.cs.umd.edu/projects/PL/selinks/
+1. http://www.cis.upenn.edu/~stevez/sol/related.html
+1. https://www.bsimm.com/
+1. https://www.microsoft.com/en-us/securityengineering/sdl/
+1. https://www.engineeringtrustworthysystems.com/
+1. http://www.ats-lang.org/
+1. http://www.cis.upenn.edu/~stevez/papers/publications.html
+1. http://collingreene.com/6_buckets_of_prodsec.html
+1. [On Post-Compromise Security](https://eprint.iacr.org/2016/221.pdf)
+1. https://messaginglayersecurity.rocks/
+1. https://github.blog/2019-05-23-introducing-new-ways-to-keep-your-code-secure/
+1. [RustBelt](https://plv.mpi-sws.org/rustbelt/popl18/)
+1. https://github.com/dckc/awesome-ocap
+1. https://projects.csail.mit.edu/jeeves/
+1. https://www.sans.org/top25-software-errors/
+1. https://www.owasp.org/index.php/Top_10_2013-Top_10
+1. https://nvd.nist.gov/cwe.cfm
+1. https://en.wikipedia.org/wiki/Software_Development_Security
+1. http://gigi.nullneuron.net/gigilabs/the-sorry-state-of-the-web-in-2016/
+1. http://www.ranum.com/security/computer_security/editorials/dumb/index.html
+1. [Information Technology — Programming languages — Guidance	to avoiding vulnerabilities in programming languages](http://www.open-std.org/jtc1/sc22/wg23/docs/ISO-IECJTC1-SC22-WG23_N0751-tr24772-1-after-pre-meeting-51-webex-20171016.pdf)
+