Further Reading on Creating Secure Software

(Many of the books below are also available in the CERN Bookshop.)

Must-see Documents and Web Sites

Books on Software Security

  • Writing Secure Code
    Michael Howard, David LeBlanc (Microsoft Press 2002)
    A good book on different aspects of producing secure software, interesting also for Unix/Linux platform developers.
  • Secure Coding: Principles & Practices (see also here)
    Mark G. Graff, Kenneth R. van Wyk (O'Reilly 2003)
    Excerpt: Chapter 1: No Straight Thing
  • Security Engineering
    Ross Anderson (Wiley 2003)
    The whole book contents is available for free download.
  • Building Secure Software
    John Viega, Gary McGraw (Addison Wesley 2001)
    This book is relatively old, but it is not obsolete, being more academic than technical.
    Publisher's information: Building Secure Software cuts to the heart of computer security to help students get security right the first time. Bugs in software are a serious problem and students must learn to take that into consideration early on in the software development lifecycle. Building Secure Software provides expert perspectives and techniques to help you ensure the security of essential software. If students learn to consider threats and vulnerabilities early in the development cycle they can build security into the system. With this book students will learn how to determine an acceptable level of risk, develop security tests, and plug security holes before software is even shipped.
    Excerpt: Chapter 1: Introduction to software security
  • Practical Unix & Internet Security
    Simson Garfinkel, Gene Spafford, Alan Schwartz (3rd Edition by O'Reilly 2003)
    Excerpts: Chapter 16: Secure Programming Techniques (part 1), (part 2), (part 3), (part 4)

Books on Cryptography

Other Books

  • The Art of Deception
    Kevin D. Mitnick (Wiley 2002)
    A fascinating book on social engineering by a famous hacker
  • Security Warrior
    Cyrus Peikari, Anton Chuvakin (O'Reilly 2004)
    Probably more for system administrators, this book is still interesting for software developers.