Overview Aotearoa Research Science
In this branch: Foundations Offensive Defensive AI & Security References Readme
Research · Cybersecurity

Bibliography & References

Sources cited across the Cybersecurity section, in APA 7th edition style. Standards and primary papers are given with DOIs or stable URLs; news items on fast-moving 2026 events link to the original reporting.

Bibliography

Foundations, standards & frameworks

  1. Saltzer, J. H., & Schroeder, M. D. (1975). The protection of information in computer systems. Proceedings of the IEEE, 63(9), 1278–1308. https://doi.org/10.1109/PROC.1975.9939
  2. National Institute of Standards and Technology. (2024). The NIST Cybersecurity Framework (CSF) 2.0 (NIST CSWP 29). U.S. Department of Commerce. https://doi.org/10.6028/NIST.CSWP.29
  3. Shostack, A. (2014). Threat modeling: Designing for security. Wiley. ISBN 978-1-118-80999-0.
  4. Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Proceedings of the 6th International Conference on Information Warfare and Security, 113–125. Retrieved from Lockheed Martin Cyber Kill Chain
  5. Strom, B. E., Applebaum, A., Miller, D. P., Nickels, K. C., Pennington, A. G., & Thomas, C. B. (2018). MITRE ATT&CK: Design and philosophy (MP180360). The MITRE Corporation. https://attack.mitre.org/
  6. National Institute of Standards and Technology. (2001). Advanced Encryption Standard (AES) (FIPS PUB 197). U.S. Department of Commerce. https://doi.org/10.6028/NIST.FIPS.197
  7. Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126. https://doi.org/10.1145/359340.359342
  8. Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654. https://doi.org/10.1109/TIT.1976.1055638
  9. National Institute of Standards and Technology. (2015). Secure Hash Standard (SHS) (FIPS PUB 180-4). U.S. Department of Commerce. https://doi.org/10.6028/NIST.FIPS.180-4
  10. Rescorla, E. (2018). The Transport Layer Security (TLS) protocol version 1.3 (RFC 8446). IETF. https://www.rfc-editor.org/rfc/rfc8446
  11. National Institute of Standards and Technology. (2024). Module-lattice-based key-encapsulation mechanism standard (FIPS 203). U.S. Department of Commerce. https://doi.org/10.6028/NIST.FIPS.203
  12. Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero trust architecture (NIST Special Publication 800-207). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-207

Offensive & defensive practice

  1. Verizon. (2024). 2024 Data Breach Investigations Report (DBIR). Verizon Business. Retrieved from https://www.verizon.com/business/resources/reports/dbir/
  2. OWASP Foundation. (2021). OWASP Top 10:2021 — The ten most critical web application security risks. Retrieved from https://owasp.org/Top10/
  3. Aleph One. (1996). Smashing the stack for fun and profit. Phrack, 7(49). Retrieved from http://phrack.org/issues/49/14.html
  4. FIRST. (2023). Common Vulnerability Scoring System version 4.0: Specification document. Forum of Incident Response and Security Teams. Retrieved from https://www.first.org/cvss/
  5. Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide (NIST Special Publication 800-61 Rev. 2). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-61r2

AI & security

  1. Goodfellow, I. J., Shlens, J., & Szegedy, C. (2015). Explaining and harnessing adversarial examples. Proceedings of the International Conference on Learning Representations (ICLR 2015). Retrieved from https://arxiv.org/abs/1412.6572
  2. OWASP Foundation. (2025). OWASP Top 10 for Large Language Model Applications. Retrieved from https://owasp.org/www-project-top-10-for-large-language-model-applications/
  3. Anthropic. (2026, April 7). Claude Mythos Preview. red.anthropic.com. Retrieved from https://red.anthropic.com/2026/mythos-preview/
  4. The Hacker News. (2026, May). Claude Mythos AI finds 10,000 high-severity flaws in widely used software. Retrieved from https://thehackernews.com/2026/05/claude-mythos-ai-finds-10000-high.html
  5. Anthropic. (2026, June 2). Expanding Project Glasswing. anthropic.com. Retrieved from https://www.anthropic.com/news/expanding-project-glasswing
  6. Anthropic. (2026). Project Glasswing: Securing critical software for the AI era. anthropic.com. Retrieved from https://www.anthropic.com/glasswing
  7. CNBC. (2026, June 1). Anthropic to offer EU access to its advanced Mythos model. Retrieved from https://www.cnbc.com/2026/06/01/anthropic-eu-ai-mythos-access-advanced-model.html
  8. TechCrunch. (2026, June 2). Anthropic scales Claude Mythos to critical infrastructure in 15+ countries. Retrieved from https://techcrunch.com/2026/06/02/anthropic-scales-claude-mythos-to-critical-infrastructure-in-15-countries/

Further reading & standards

  1. Anderson, R. (2020). Security engineering: A guide to building dependable distributed systems (3rd ed.). Wiley. ISBN 978-1-119-64278-7. Also at https://www.cl.cam.ac.uk/~rja14/book.html — The standard reference on the engineering of secure systems.
  2. Stallings, W., & Brown, L. (2024). Computer security: Principles and practice (5th ed.). Pearson. ISBN 978-0-13-822169-1.
  3. Cybersecurity and Infrastructure Security Agency, & National Security Agency. (2023). The case for memory safe roadmaps. CISA. Retrieved from https://www.cisa.gov/resources-tools/resources/case-memory-safe-roadmaps
  4. National Institute of Standards and Technology. (2023). Artificial intelligence risk management framework (AI RMF 1.0) (NIST AI 100-1). https://doi.org/10.6028/NIST.AI.100-1