Fans pick 100 books like Designing Secure Software

By Loren Kohnfelder,

Here are 100 books that Designing Secure Software fans have personally recommended if you like Designing Secure Software. Shepherd is a community of 12,000+ authors and super readers sharing their favorite books with the world.

When you buy books, we may earn a commission that helps keep our lights on (or join the rebellion as a member).

Book cover of Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems

Adam Shostack Author Of Threat Modeling: Designing for Security

From my list on application security for builders.

Why am I passionate about this?

Being able to understand and change reality through our knowledge and skill is literal magic. We’re building systems with so many exciting and unexpected properties that can be exploited and repurposed for both good and evil. I want to keep some of that magic and help people engineer – build great systems that make people’s lives better. I’ve been securing (and breaking) systems, from operating rooms to spaceships, from banks to self-driving cars for over 25 years. The biggest lesson I’ve learned is that if security is not infused from the start, we’re forced to rely on what ought to be our last lines of defense. This list helps you infuse security into your systems.

Adam's book list on application security for builders

Adam Shostack Why did Adam love this book?

This book captures lessons from many authors at Google, some of whom I’ve worked with over the years. The chapters on availability (7, 8, 9) were a revelation to me. I had no idea how Google approaches the topic of resilience and recovery in their systems, and I now think of the whole topic very differently. The biggest takeaway is how to think about the design of systems.

By Heather Adkins, Betsy Beyer, Paul Blankinship , Ana Oprea , Adam Stubblefield

Why should I read it?

1 author picked Building Secure and Reliable Systems as one of their favorite books, and they share why you should read it.

What is this book about?

Can a system be considered truly reliable if it isn't fundamentally secure? Or can it be considered secure if it's unreliable? Security is crucial to the design and operation of scalable systems in production, as it plays an important part in product quality, performance, and availability. In this book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure.

Two previous O'Reilly books from Google-Site Reliability Engineering and The Site Reliability Workbook-demonstrated how and why a commitment to the entire service lifecycle enables organizations to successfully build, deploy, monitor, and maintain…


Book cover of Agile Application Security: Enabling Security in a Continuous Delivery Pipeline

Adam Shostack Author Of Threat Modeling: Designing for Security

From my list on application security for builders.

Why am I passionate about this?

Being able to understand and change reality through our knowledge and skill is literal magic. We’re building systems with so many exciting and unexpected properties that can be exploited and repurposed for both good and evil. I want to keep some of that magic and help people engineer – build great systems that make people’s lives better. I’ve been securing (and breaking) systems, from operating rooms to spaceships, from banks to self-driving cars for over 25 years. The biggest lesson I’ve learned is that if security is not infused from the start, we’re forced to rely on what ought to be our last lines of defense. This list helps you infuse security into your systems.

Adam's book list on application security for builders

Adam Shostack Why did Adam love this book?

When I worked in application security at Microsoft, we still had products that shipped every few years. I learned to scale application security in that world, but many people live in a different world now. AAS helped me understand which of our approaches translated well, which had to be transformed, and which needed to be discarded or replaced. I regularly refer back to it, even a few years later.

By Laura Bell, Michael Brunton-Spall, Rich Smith , Jim Bird

Why should I read it?

1 author picked Agile Application Security as one of their favorite books, and they share why you should read it.

What is this book about?

Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren't up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development.

Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with…


Book cover of Leading Change

Kate Vitasek Author Of Vested: How P&G, McDonald's, and Microsoft are Redefining Winning in Business Relationships

From my list on creating successful business deals.

Why am I passionate about this?

I am an international authority for my award-winning research on the Vested® business model for highly collaborative relationships. I began my research in 2003 researching what makes a difference in successful strategic business deals. My day job is being the lead faculty and researcher for the University of Tennessee’s Certified Deal Architect program; my passion is helping organizations and individuals learn the art, science, and practice of crafting highly collaborative win-win strategic business relationships. My work has led to seven books and three Harvard Business Review articles. I’ve also shared my advice on CNN International, Bloomberg, NPR, and on Fox Business News.

Kate's book list on creating successful business deals

Kate Vitasek Why did Kate love this book?

You might ask why I am recommending a book on change management for a book list on structuring business deals. It is because anytime two organizations come together in a business deal something will change within their organizations. All too often people rush to sign the deal and forget there that often hundreds of critical changes behind the scenes are needed for the deal to be a success long after the ink is dry. If you are structuring a big business deal this book will help you think two steps ahead to lay the foundation so the organization can implement the changes needed. 

By John P. Kotter,

Why should I read it?

2 authors picked Leading Change as one of their favorite books, and they share why you should read it.

What is this book about?

The international bestseller--now with a new preface by author John Kotter. Millions worldwide have read and embraced John Kotter's ideas on change management and leadership. From the ill-fated dot-com bubble to unprecedented M&A activity to scandal, greed, and ultimately, recession--we've learned that widespread and difficult change is no longer the exception. It's the rule. Now with a new preface, this refreshed edition of the global bestseller Leading Change is more relevant than ever. John Kotter's now-legendary eight-step process for managing change with positive results has become the foundation for leaders and organizations across the globe. By outlining the process every…


Book cover of Flying Blind: The 737 Max Tragedy and the Fall of Boeing

Adam Shostack Author Of Threat Modeling: Designing for Security

From my list on application security for builders.

Why am I passionate about this?

Being able to understand and change reality through our knowledge and skill is literal magic. We’re building systems with so many exciting and unexpected properties that can be exploited and repurposed for both good and evil. I want to keep some of that magic and help people engineer – build great systems that make people’s lives better. I’ve been securing (and breaking) systems, from operating rooms to spaceships, from banks to self-driving cars for over 25 years. The biggest lesson I’ve learned is that if security is not infused from the start, we’re forced to rely on what ought to be our last lines of defense. This list helps you infuse security into your systems.

Adam's book list on application security for builders

Adam Shostack Why did Adam love this book?

Boeing used to be a paragon of how engineering-driven companies could deliver amazing products and amazing profits. This book chronicles how that changed, and how Boeing lost its guiding principles. It shows how prioritizing the stock price over the business or the people who flew in its planes led to decisions that literally killed hundreds of people. Engineering concerns were regularly set aside for schedule or cost reasons. Most of us don’t work on products whose failures cause hundreds of deaths, but there’s an important lesson about being proud of the work you do and the products you deliver, and how that can make for a great business.

By Peter Robison,

Why should I read it?

1 author picked Flying Blind as one of their favorite books, and they share why you should read it.

What is this book about?

NEW YORK TIMES BUSINESS BESTSELLER • A suspenseful behind-the-scenes look at the dysfunction that contributed to one of the worst tragedies in modern aviation: the 2018 and 2019 crashes of the Boeing 737 MAX.

An "authoritative, gripping and finely detailed narrative that charts the decline of one of the great American companies" (New York Times Book Review), from the award-winning reporter for Bloomberg.

Boeing is a century-old titan of industry. It played a major role in the early days of commercial flight, World War II bombing missions, and moon landings. The planemaker remains a cornerstone of the U.S. economy, as…


Book cover of The Security Development Lifecycle

Nancy R. Mead Author Of Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

From my list on software security engineering.

Why am I passionate about this?

As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.  

Nancy's book list on software security engineering

Nancy R. Mead Why did Nancy love this book?

This is one of the first books resulting from the Microsoft security “push,” and it’s a classic. It’s of interest both in understanding how Microsoft went about tackling the problem of developing secure software, and as a backdrop for the evolution of secure software development practices that emerged at Microsoft and other major software vendors.   

By Michael Howard, Steve Lipner,

Why should I read it?

1 author picked The Security Development Lifecycle as one of their favorite books, and they share why you should read it.

What is this book about?

Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs-the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL-from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.

Discover how to:

Use a streamlined risk-analysis process to find security…


Book cover of Software Security: Building Security in

Nancy R. Mead Author Of Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

From my list on software security engineering.

Why am I passionate about this?

As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.  

Nancy's book list on software security engineering

Nancy R. Mead Why did Nancy love this book?

Gary McGraw has been an advocate for the importance of developing secure software during the more than 15 years that I have known him, and before that! He has written a number of books, but this one captures his philosophy on how to develop secure software. It’s an excellent resource for practitioners and management.

By Gary McGraw,

Why should I read it?

1 author picked Software Security as one of their favorite books, and they share why you should read it.

What is this book about?

"When it comes to software security, the devil is in the details. This book tackles the details."
--Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies



"McGraw's book shows you how to make the 'culture of security' part of your development lifecycle."
--Howard A. Schmidt, Former White House Cyber Security Advisor



"McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall."
--Avi Rubin, Director of the NSF…


Book cover of Software Security Engineering: A Guide for Project Managers

Nancy R. Mead Author Of Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

From my list on software security engineering.

Why am I passionate about this?

As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.  

Nancy's book list on software security engineering

Nancy R. Mead Why did Nancy love this book?

This book is a “how-to” guide for teams developing secure software. Written by a team of experts, it covers the important issues in developing software that is better able to prevent successful attacks. The book contains many references, a strategy, and an implementation guide with cross-references. For each topic, the maturity of practice at the time of writing is provided, as well as an indication of the audience.  

By Julia H. Allen, Sean Barnum, Robert J. Ellison , Gary McGraw , Nancy R. Mead

Why should I read it?

1 author picked Software Security Engineering as one of their favorite books, and they share why you should read it.

What is this book about?

"This book's broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the development lifecycle."

-Steve Riley, senior security strategist, Microsoft Corporation



"There are books written on some of the topics addressed in this book, and there are other books on secure systems engineering. Few address the entire life cycle with a comprehensive overview and discussion of emerging trends and topics as well as this one."

-Ronda Henning,…


Book cover of Computer Security: Art and Science

Nancy R. Mead Author Of Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

From my list on software security engineering.

Why am I passionate about this?

As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.  

Nancy's book list on software security engineering

Nancy R. Mead Why did Nancy love this book?

Although strictly speaking, this book is not on software security, it is so well-known in the field as a general reference that it deserves to be on this list. It discusses the important issues of computer security and can be used as either a textbook or a reference. No doubt that many, if not most, students of computer security are familiar with this book.

By Matt Bishop,

Why should I read it?

1 author picked Computer Security as one of their favorite books, and they share why you should read it.

What is this book about?

Today, everyone recognizes the importance of safeguarding computer systems and networks from vulnerability, attack, and compromise. But computer security is neither an easy art nor a simple science: its methodologies and technologies require rigorous study, and a deep grounding in principles that can be applied even as technologies change. Moreover, practitioners must understand how to align concepts with real policies, and then actually implement those policies -- managing inevitable tradeoffs such as "How secure do our devices really need to be, and how much inconvenience can we accept?"



In his extensively updated Computer Security: Art and Science, 2nd Edition, University…


Book cover of Secure Coding in C and C++

Nancy R. Mead Author Of Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

From my list on software security engineering.

Why am I passionate about this?

As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.  

Nancy's book list on software security engineering

Nancy R. Mead Why did Nancy love this book?

The title says it all. This is probably one of the first, if not the first book on secure coding, by a pioneer in the field. Robert worked tirelessly to make this happen. Although the book has been superseded by the secure coding standards that evolved from it, it is still a good read and contains a lot of useful information for developers.  

By Robert C. Seacord,

Why should I read it?

1 author picked Secure Coding in C and C++ as one of their favorite books, and they share why you should read it.

What is this book about?

Learn the Root Causes of Software Vulnerabilities and How to Avoid Them

Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities.



Secure Coding in C and C++, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow's attacks, not…


Book cover of Cybersecurity Is Everybody's Business: Solve the Security Puzzle for Your Small Business and Home

Eric J. Rzeszut Author Of 10 Don'ts on Your Digital Devices: The Non-Techie's Survival Guide to Cyber Security and Privacy

From my list on to help you protect your personal information.

Why am I passionate about this?

I have been an information technology and cybersecurity professional for over two decades. I’ve learned over and over again that “people are the weakest link.” You can build the most secure system in the world, with stringent password requirements. But if the user writes their password down and leaves it where someone else can see it, system security is irrelevant! The easiest way to gain access to a system is via “social engineering” – to trick a human being into giving you the access you need, rather than trying to hack the system itself. The books on this list will help the reader lower their chances of being exploited like this.

Eric's book list on to help you protect your personal information

Eric J. Rzeszut Why did Eric love this book?

Cybersecurity is Everybody’s Business is a great book that focuses not only on the how to keep your data safe, but on the very critical why this is important. Author Scott Schober suffered a grievous cyberattack in a previous business, and he brings his experience to the forefront in this guide. Joined by his brother as co-author, they focus on cybersecurity for the home and small business – environments that are unlikely to employ full-time cybersecurity professionals. (That’s why these places are often targets for the bad guys!)

By Scott N. Schober, Craig W. Schober,

Why should I read it?

1 author picked Cybersecurity Is Everybody's Business as one of their favorite books, and they share why you should read it.

What is this book about?

Since publication of his first book, HACKED AGAIN, Scott Schober has dedicated himself to educating anyone who would listen by telling his own story of being hacked in the hope that others can learn from his own mistakes. Now joined by his brother Craig, the two have set their sights on the biggest target of all, small businesses.

There are 30 million small businesses currently operating in the United States. Some of them are single owner/operated while others collectively employ hundreds of millions. This book is for all of them and anyone who makes it their business to stay safe…


Book cover of Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems
Book cover of Agile Application Security: Enabling Security in a Continuous Delivery Pipeline
Book cover of Leading Change

Share your top 3 reads of 2024!

And get a beautiful page showing off your 3 favorite reads.

1,593

readers submitted
so far, will you?

5 book lists we think you will like!

Interested in computer security, software engineering, and software?

Software 61 books