The best books on software security engineering

Nancy R. Mead Author Of Cyber Security Engineering: A Practical Approach for Systems and Software Assurance
By Nancy R. Mead

Who am I?

As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.  


I wrote...

Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

By Nancy R. Mead, Carol Woody,

Book cover of Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

What is my book about?

I saw a need for books on cybersecurity that could be used both in educational settings and in practice. I like this book because it focuses on developing and acquiring assured software and systems, and it provides a risk-aware orientation, while making practical suggestions for getting started. The book covers a wide variety of software security topics for both developed and acquired software, provides copious references, and gives the readers a roadmap for implementation of good cyber security practices for developing and acquiring assured software.

The books I picked & why

Shepherd is reader supported. We may earn an affiliate commission when you buy through links on our website. This is how we fund this project for readers and authors (learn more).

Software Security: Building Security in

By Gary McGraw,

Book cover of Software Security: Building Security in

Why this book?

Gary McGraw has been an advocate for the importance of developing secure software during the more than 15 years that I have known him, and before that! He has written a number of books, but this one captures his philosophy on how to develop secure software. It’s an excellent resource for practitioners and management.


Software Security Engineering: A Guide for Project Managers

By Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw, Nancy R. Mead

Book cover of Software Security Engineering: A Guide for Project Managers

Why this book?

This book is a “how-to” guide for teams developing secure software. Written by a team of experts, it covers the important issues in developing software that is better able to prevent successful attacks. The book contains many references, a strategy, and an implementation guide with cross-references. For each topic, the maturity of practice at the time of writing is provided, as well as an indication of the audience.  


Secure Coding in C and C++

By Robert C. Seacord,

Book cover of Secure Coding in C and C++

Why this book?

The title says it all. This is probably one of the first, if not the first book on secure coding, by a pioneer in the field. Robert worked tirelessly to make this happen. Although the book has been superseded by the secure coding standards that evolved from it, it is still a good read and contains a lot of useful information for developers.  


The Security Development Lifecycle

By Michael Howard, Steve Lipner,

Book cover of The Security Development Lifecycle

Why this book?

This is one of the first books resulting from the Microsoft security “push,” and it’s a classic. It’s of interest both in understanding how Microsoft went about tackling the problem of developing secure software, and as a backdrop for the evolution of secure software development practices that emerged at Microsoft and other major software vendors.   


Computer Security: Art and Science

By Matt Bishop,

Book cover of Computer Security: Art and Science

Why this book?

Although strictly speaking, this book is not on software security, it is so well-known in the field as a general reference that it deserves to be on this list. It discusses the important issues of computer security and can be used as either a textbook or a reference. No doubt that many, if not most, students of computer security are familiar with this book.


5 book lists we think you will like!

Interested in computer security, software, and computer networks?

5,716 authors have recommended their favorite books and what they love about them. Browse their picks for the best books about computer security, software, and computer networks.

Computer Security Explore 21 books about computer security
Software Explore 19 books about software
Computer Networks Explore 7 books about computer networks

And, 3 books we think you will enjoy!

We think you will like Cybersecurity Is Everybody's Business, Digital Fortress, and Real-World Cryptography if you like this list.