Failures of secret-key cryptography - D. J. Bernstein (March 2013) (cr.yp.to)
Towards practical reactive security audit using extended static checkers