Here are 58 books that Software Security Engineering fans have personally recommended if you like
Software Security Engineering.
Shepherd is a community of 10,000+ authors and super readers sharing their favorite books with the world.
Shepherd is reader supported. When you buy books, we may earn an affiliate commission.
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
Gary McGraw has been an advocate for the importance of developing secure software during the more than 15 years that I have known him, and before that! He has written a number of books, but this one captures his philosophy on how to develop secure software. It’s an excellent resource for practitioners and management.
"When it comes to software security, the devil is in the details. This book tackles the details." --Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies
"McGraw's book shows you how to make the 'culture of security' part of your development lifecycle." --Howard A. Schmidt, Former White House Cyber Security Advisor
"McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall." --Avi Rubin, Director of the NSF…
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
The title says it all. This is probably one of the first, if not the first book on secure
coding, by a pioneer in the field. Robert
worked tirelessly to make this happen. Although the book has been superseded by
the secure coding standards that evolved from it, it is still a good read and
contains a lot of useful information for developers.
Learn the Root Causes of Software Vulnerabilities and How to Avoid Them
Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities.
Secure Coding in C and C++, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow's attacks, not…
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
This is one of the first books resulting from the Microsoft security “push,” and it’s a classic. It’s of interest both in understanding how Microsoft went about tackling the problem of developing secure software, and as a backdrop for the evolution of secure software development practices that emerged at Microsoft and other major software vendors.
Your customers demand and deserve better security and privacy in their software. This book is the first to detail a rigorous, proven methodology that measurably minimizes security bugs-the Security Development Lifecycle (SDL). In this long-awaited book, security experts Michael Howard and Steve Lipner from the Microsoft Security Engineering Team guide you through each stage of the SDL-from education and design to testing and post-release. You get their first-hand insights, best practices, a practical history of the SDL, and lessons to help you implement the SDL in any development organization.
Discover how to:
Use a streamlined risk-analysis process to find security…
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
Although strictly speaking, this book is not on software security, it is so well-known in the field as a general reference that it deserves to be on this list. It discusses the important issues of computer security and can be used as either a textbook or a reference. No doubt that many, if not most, students of computer security are familiar with this book.
Today, everyone recognizes the importance of safeguarding computer systems and networks from vulnerability, attack, and compromise. But computer security is neither an easy art nor a simple science: its methodologies and technologies require rigorous study, and a deep grounding in principles that can be applied even as technologies change. Moreover, practitioners must understand how to align concepts with real policies, and then actually implement those policies -- managing inevitable tradeoffs such as "How secure do our devices really need to be, and how much inconvenience can we accept?"
In his extensively updated Computer Security: Art and Science, 2nd Edition, University…
Being able to understand and change reality through our knowledge and skill is literal magic. We’re building systems with so many exciting and unexpected properties that can be exploited and repurposed for both good and evil. I want to keep some of that magic and help people engineer – build great systems that make people’s lives better. I’ve been securing (and breaking) systems, from operating rooms to spaceships, from banks to self-driving cars for over 25 years. The biggest lesson I’ve learned is that if security is not infused from the start, we’re forced to rely on what ought to be our last lines of defense. This list helps you infuse security into your systems.
When I worked in application security at Microsoft, we still had products that shipped every few years. I learned to scale application security in that world, but many people live in a different world now. AAS helped me understand which of our approaches translated well, which had to be transformed, and which needed to be discarded or replaced. I regularly refer back to it, even a few years later.
Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren't up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development.
Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with…
I have worked in IT for over 25 years, creating and securing software. I am completely obsessed with ensuring that our software is more reliable, that its integrity can be trusted, and that it keeps our secrets safe. I am not only a computer scientist but an ethical hacker who works hard to create a dialogue between software developers and all of the people who work in our security industry. I am a teacher, a community leader, and a computer nerd who shares messages and lessons wherever she goes.
This book is set in the same universe as The Phoenix Project and The Unicorn Project, but it's at a new company named investments unlimited.
It's also a fictitious story, but with all brand new characters, and brand new problems! In this book they cover security much more deeply than any of the other previous books, talking about how compliance and audit can work together with the information security and DevOps teams.
They talk about common problems that I have faced in many organizations, and a lot of the stories feel so familiar I wonder if the authors have followed me around throughout my career.
Although of course they save the day in the end, there are many parts of the book where we're not quite sure if they're going to make it or not with various characters learning to see things in new ways, so that they can make…
In the vein of the bestselling The Phoenix Project and The Unicorn Project, Investments Unlimited radically rethinks how organizations can handle the audit, compliance, and security of their software systems-even in highly regulated industries. By introducing concepts, tools, and ideas to reimagine governance, Investments Unlimited catalyzes a more humane way to enable high-velocity software delivery that is inherently more secure.
Investments Unlimited, Inc. has accomplished what many other firms in their industry have failed to do: they have successfully navigated the transition from legacy ways of working to the digital frontier. With the help of DevOps practices, Investments Unlimited delivers…
I have been an information technology and cybersecurity professional for over two decades. I’ve learned over and over again that “people are the weakest link.” You can build the most secure system in the world, with stringent password requirements. But if the user writes their password down and leaves it where someone else can see it, system security is irrelevant! The easiest way to gain access to a system is via “social engineering” – to trick a human being into giving you the access you need, rather than trying to hack the systemitself. The books on this list will help the reader lower their chances of being exploited like this.
Security expert Bruce Schneier wrote this excellent book, talking about the “Goliaths” who are looking to exploit individuals’ data. Focusing more on politics (specifically US politics) than the other books on this list, Schneier talks about the Edward Snowden classified information reveal. He talks about mass surveillance conducted by the US and other governments around the world, and lays out in detail why this should concern us all.
Data is everywhere. We create it every time we go online, turn our phone on (or off) or pay with a credit card. This data is stored, studied, bought and sold by companies and governments for surveillance and for control. "Foremost security expert" (Wired) Bruce Schneier shows how this data has led to a double-edged Internet-a Web that gives power to the people but is abused by the institutions on which those people depend.
In Data and Goliath, Schneier reveals the full extent of surveillance, censorship and propaganda in society today, examining the risks of cybercrime, cyberterrorism and cyberwar. He…
I am an information architect, writer, and community organizer on a mission to make information architecture education accessible to everybody. I started practicing IA in pure pursuit of stronger visual design, but in the two decades since have developed an insatiable appetite for understanding and teaching the practical skills that make people better sensemakers, regardless of their role or medium. The books I chose for this list are all foundational to me becoming the sensemaker that I am today. I offer them as suggestions because they are not the books you will find should you search for “Information Architecture” yet they have all become my go-to recommendations for helping others to strengthen their own sensemaking.
You might not think of excitement when you hear the words “Digital Governance” but I can assure you that this book is a real page-turner…especially if your job involves managing large-scale information messes. There is a special kind of chaos that only information and knowledge workers can understand and this book paints a picture so many of us have seen in practice but in a way that leaves the reader inspired to fight another day, instead of wallowing in a sea of information-induced self-pity.
I recommend this book because I have seen too many information architecture efforts die on the vine due to a lack of good governance. The frameworks and recommendations in this book mean I always have a playbook to hand to teams in need.
Few organizations realize a return on their digital investment. They’re distracted by political infighting and technology-first solutions. To reach the next level, organizations must realign their assets—people, content, and technology—by practicing the discipline of digital governance. Managing Chaos inspires new and necessary conversations about digital governance and its transformative power to support creativity, real collaboration, digital quality, and online growth.
Joanne McNeil has written about internet culture for over fifteen years. Her book considers the development of the internet from a user's perspective since the launch of the World Wide Web. Her interest in digital technology spans from the culture that enabled the founding of major companies in Silicon Valley to their reception in broader culture.
A thorough look at the origins of personal computing and connections between computer users beginning in the 1960s that highlights the BASIC programming language and The Oregon Trail game. Shines a light on the role that universities and the education system played in fostering networks between users.
Silicon Valley gets all the credit for digital creativity, but this account of the pre-PC world, when computing meant more than using mature consumer technology, challenges that triumphalism.
The invention of the personal computer liberated users from corporate mainframes and brought computing into homes. But throughout the 1960s and 1970s a diverse group of teachers and students working together on academic computing systems conducted many of the activities we now recognize as personal and social computing. Their networks were centered in New Hampshire, Minnesota, and Illinois, but they connected far-flung users. Joy Rankin draws on detailed records to explore how…
I am a scientist and technologist, trained in theoretical quantum physics, who became an Emeritus Professor of Network Technology from Oslo’s metropolitan university. I’ve strenuously tried to communicate the wonder of science to students and industry throughout my career. I’m also a long-standing fan of science fiction who grew up with heroes in both fact and fiction. The idea of future society has haunted me my whole life. I’m an optimist, who looks to the darker tales as warnings of futures we hope to avoid. Read these tales with a determination for us all to do better.
This book is not fiction, but rather a popular book about the direction of technology.
It was part of the original source inspiration for my own book. Written in 2003, it looked into the research about how mobile devices were beginning to change society, and redraw the lines to lead to modern tribalism. The book is now dated, as we have lived through twenty years of experience and much has changed.
Nevertheless, as a portrait of a moment in history, eminently readable, this book is an eye-opener.
How the convergence of mobile communications and computing is driving the next social revolution-transforming the ways in which people meet, mate, work, buy, sell, govern, and create. When Howard Rheingold sneaks off down an untrodden trail, everyone else follows. He is always onto something marvelous no one has seen before. An ever-considerate guide, he navigates this new world with ease, compassion, and grace, and gives you the inside story, with no punches pulled. Tech talk? Howard could get your mother to understand. }From Tokyo to Helsinki, Manhattan to Manila, Howard Rheingold takes us on a journey around the world for…
