References for the issues the guide addresses.

doc/development/shell_commands.md

@@ -1,5 +1,11 @@
 # Guidelines for shell commands in the GitLab codebase
 
+## References
+
+- [Google Ruby Security Reviewer's Guide](https://code.google.com/p/ruby-security/wiki/Guide)
+- [OWASP Command Injection](https://www.owasp.org/index.php/Command_Injection)
+- [Ruby on Rails Security Guide](http://guides.rubyonrails.org/security.html) section 7.7
+
 ## Use File and FileUtils instead of shell commands
 
 Sometimes we invoke basic Unix commands via the shell when there is also a Ruby API for doing it.