Why am I passionate about this?

As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.  


I wrote

Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

By Nancy R. Mead, Carol Woody,

Book cover of Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

What is my book about?

I saw a need for books on cybersecurity that could be used both in educational settings and in practice. I…

When you buy books, we may earn a commission that helps keep our lights on (or join the rebellion as a member).

The books I picked & why

Book cover of Software Security: Building Security in

Nancy R. Mead Why did I love this book?

Gary McGraw has been an advocate for the importance of developing secure software during the more than 15 years that I have known him, and before that! He has written a number of books, but this one captures his philosophy on how to develop secure software. It’s an excellent resource for practitioners and management.

By Gary McGraw,

Why should I read it?

1 author picked Software Security as one of their favorite books, and they share why you should read it.

What is this book about?

"When it comes to software security, the devil is in the details. This book tackles the details."
--Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies



"McGraw's book shows you how to make the 'culture of security' part of your development lifecycle."
--Howard A. Schmidt, Former White House Cyber Security Advisor



"McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall."
--Avi Rubin, Director of the NSF…


Book cover of Software Security Engineering: A Guide for Project Managers

Nancy R. Mead Why did I love this book?

This book is a “how-to” guide for teams developing secure software. Written by a team of experts, it covers the important issues in developing software that is better able to prevent successful attacks. The book contains many references, a strategy, and an implementation guide with cross-references. For each topic, the maturity of practice at the time of writing is provided, as well as an indication of the audience.  

By Julia H. Allen, Sean Barnum, Robert J. Ellison , Gary McGraw , Nancy R. Mead

Why should I read it?

1 author picked Software Security Engineering as one of their favorite books, and they share why you should read it.

What is this book about?

"This book's broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the development lifecycle."

-Steve Riley, senior security strategist, Microsoft Corporation



"There are books written on some of the topics addressed in this book, and there are other books on secure systems engineering. Few address the entire life cycle with a comprehensive overview and discussion of emerging trends and topics as well as this one."

-Ronda Henning,…


Book cover of Secure Coding in C and C++

Nancy R. Mead Why did I love this book?

The title says it all. This is probably one of the first, if not the first book on secure coding, by a pioneer in the field. Robert worked tirelessly to make this happen. Although the book has been superseded by the secure coding standards that evolved from it, it is still a good read and contains a lot of useful information for developers.  

By Robert C. Seacord,

Why should I read it?

1 author picked Secure Coding in C and C++ as one of their favorite books, and they share why you should read it.

What is this book about?

Learn the Root Causes of Software Vulnerabilities and How to Avoid Them

Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities.



Secure Coding in C and C++, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow's attacks, not…


Book cover of The Security Development Lifecycle

Nancy R. Mead Why did I love this book?

This is one of the first books resulting from the Microsoft security “push,” and it’s a classic. It’s of interest both in understanding how Microsoft went about tackling the problem of developing secure software, and as a backdrop for the evolution of secure software development practices that emerged at Microsoft and other major software vendors.   

By Michael Howard, Steve Lipner,

Why should I read it?

1 author picked The Security Development Lifecycle as one of their favorite books, and they share why you should read it.

What is this book about?

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs-the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL-from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.

Discover how to:

Use a streamlined risk-analysis process to find security…


Book cover of Computer Security: Art and Science

Nancy R. Mead Why did I love this book?

Although strictly speaking, this book is not on software security, it is so well-known in the field as a general reference that it deserves to be on this list. It discusses the important issues of computer security and can be used as either a textbook or a reference. No doubt that many, if not most, students of computer security are familiar with this book.

By Matt Bishop,

Why should I read it?

1 author picked Computer Security as one of their favorite books, and they share why you should read it.

What is this book about?

Today, everyone recognizes the importance of safeguarding computer systems and networks from vulnerability, attack, and compromise. But computer security is neither an easy art nor a simple science: its methodologies and technologies require rigorous study, and a deep grounding in principles that can be applied even as technologies change. Moreover, practitioners must understand how to align concepts with real policies, and then actually implement those policies -- managing inevitable tradeoffs such as "How secure do our devices really need to be, and how much inconvenience can we accept?"



In his extensively updated Computer Security: Art and Science, 2nd Edition, University…


Explore my book 😀

Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

By Nancy R. Mead, Carol Woody,

Book cover of Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

What is my book about?

I saw a need for books on cybersecurity that could be used both in educational settings and in practice. I like this book because it focuses on developing and acquiring assured software and systems, and it provides a risk-aware orientation, while making practical suggestions for getting started. The book covers a wide variety of software security topics for both developed and acquired software, provides copious references, and gives the readers a roadmap for implementation of good cyber security practices for developing and acquiring assured software.

Book cover of Software Security: Building Security in
Book cover of Software Security Engineering: A Guide for Project Managers
Book cover of Secure Coding in C and C++

Share your top 3 reads of 2024!

And get a beautiful page showing off your 3 favorite reads.

1,595

readers submitted
so far, will you?

5 book lists we think you will like!

Interested in computer security, software, and computer networks?

Software 61 books