100 books like The Security Development Lifecycle

By Michael Howard, Steve Lipner,

Here are 100 books that The Security Development Lifecycle fans have personally recommended if you like The Security Development Lifecycle. Shepherd is a community of 11,000+ authors and super readers sharing their favorite books with the world.

Shepherd is reader supported. When you buy books, we may earn an affiliate commission.

Book cover of Software Security: Building Security in

Nancy R. Mead Author Of Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

From my list on software security engineering.

Why am I passionate about this?

As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.  

Nancy's book list on software security engineering

Nancy R. Mead Why did Nancy love this book?

Gary McGraw has been an advocate for the importance of developing secure software during the more than 15 years that I have known him, and before that! He has written a number of books, but this one captures his philosophy on how to develop secure software. It’s an excellent resource for practitioners and management.

By Gary McGraw,

Why should I read it?

1 author picked Software Security as one of their favorite books, and they share why you should read it.

What is this book about?

"When it comes to software security, the devil is in the details. This book tackles the details."
--Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies



"McGraw's book shows you how to make the 'culture of security' part of your development lifecycle."
--Howard A. Schmidt, Former White House Cyber Security Advisor



"McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall."
--Avi Rubin, Director of the NSF…


Book cover of Software Security Engineering: A Guide for Project Managers

Nancy R. Mead Author Of Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

From my list on software security engineering.

Why am I passionate about this?

As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.  

Nancy's book list on software security engineering

Nancy R. Mead Why did Nancy love this book?

This book is a “how-to” guide for teams developing secure software. Written by a team of experts, it covers the important issues in developing software that is better able to prevent successful attacks. The book contains many references, a strategy, and an implementation guide with cross-references. For each topic, the maturity of practice at the time of writing is provided, as well as an indication of the audience.  

By Julia H. Allen, Sean Barnum, Robert J. Ellison , Gary McGraw , Nancy R. Mead

Why should I read it?

1 author picked Software Security Engineering as one of their favorite books, and they share why you should read it.

What is this book about?

"This book's broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the development lifecycle."

-Steve Riley, senior security strategist, Microsoft Corporation



"There are books written on some of the topics addressed in this book, and there are other books on secure systems engineering. Few address the entire life cycle with a comprehensive overview and discussion of emerging trends and topics as well as this one."

-Ronda Henning,…


Book cover of Secure Coding in C and C++

Nancy R. Mead Author Of Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

From my list on software security engineering.

Why am I passionate about this?

As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.  

Nancy's book list on software security engineering

Nancy R. Mead Why did Nancy love this book?

The title says it all. This is probably one of the first, if not the first book on secure coding, by a pioneer in the field. Robert worked tirelessly to make this happen. Although the book has been superseded by the secure coding standards that evolved from it, it is still a good read and contains a lot of useful information for developers.  

By Robert C. Seacord,

Why should I read it?

1 author picked Secure Coding in C and C++ as one of their favorite books, and they share why you should read it.

What is this book about?

Learn the Root Causes of Software Vulnerabilities and How to Avoid Them

Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities.



Secure Coding in C and C++, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow's attacks, not…


Book cover of Computer Security: Art and Science

Nancy R. Mead Author Of Cyber Security Engineering: A Practical Approach for Systems and Software Assurance

From my list on software security engineering.

Why am I passionate about this?

As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.  

Nancy's book list on software security engineering

Nancy R. Mead Why did Nancy love this book?

Although strictly speaking, this book is not on software security, it is so well-known in the field as a general reference that it deserves to be on this list. It discusses the important issues of computer security and can be used as either a textbook or a reference. No doubt that many, if not most, students of computer security are familiar with this book.

By Matt Bishop,

Why should I read it?

1 author picked Computer Security as one of their favorite books, and they share why you should read it.

What is this book about?

Today, everyone recognizes the importance of safeguarding computer systems and networks from vulnerability, attack, and compromise. But computer security is neither an easy art nor a simple science: its methodologies and technologies require rigorous study, and a deep grounding in principles that can be applied even as technologies change. Moreover, practitioners must understand how to align concepts with real policies, and then actually implement those policies -- managing inevitable tradeoffs such as "How secure do our devices really need to be, and how much inconvenience can we accept?"



In his extensively updated Computer Security: Art and Science, 2nd Edition, University…


Book cover of Clean Code: A Handbook of Agile Software Craftsmanship

John Z. Sonmez Author Of Soft Skills: The Software Developer's Life Manual

From my list on fun for software developers.

Why am I passionate about this?

I love to expand my knowledge and learn not just about new technologies, but how things work. I find it fascinating to dig deep into computer programming, technology concepts, and really geek out on things. That’s why I love software development or programming books that aren’t just about some technology and how to do something, but rather books that really make you think and teach you not just programming skills but critical thinking about problem-solving skills. As a software developer for over 15 years and a person who teaches software developers, I have learned that if someone isn’t entertained, they aren’t learning. That’s why I put together a list of fun, entertaining and useful books.

John's book list on fun for software developers

John Z. Sonmez Why did John love this book?

I love writing good clean code. There is something refreshing about writing or reading code that reads more like a book than some obscure instructions to a machine. This book goes into the details of how to write “clean code” and what makes it clean.

I felt like I learned so much about writing good code from reading this book about things that you are never really taught in school or on the job as a software developer.

I found so much of the book so interesting because I could use what I was learning right away to become a better programmer.

If you want to become a better programmer and are looking for a book that will entertain you and be fun along the way, I highly recommend Clean Code.

By Robert Martin,

Why should I read it?

1 author picked Clean Code as one of their favorite books, and they share why you should read it.

What is this book about?

Even bad code can function. But if code isn't clean, it can bring a development organization to its knees. Every year, countless hours and significant resources are lost because of poorly written code. But it doesn't have to be that way.

Noted software expert Robert C. Martin presents a revolutionary paradigm with Clean Code: A Handbook of Agile Software Craftsmanship. Martin has teamed up with his colleagues from Object Mentor to distill their best agile practice of cleaning code "on the fly" into a book that will instill within you the values of a software craftsman and make you a…


Book cover of Designing Secure Software: A Guide for Developers

Adam Shostack Author Of Threat Modeling: Designing for Security

From my list on application security for builders.

Why am I passionate about this?

Being able to understand and change reality through our knowledge and skill is literal magic. We’re building systems with so many exciting and unexpected properties that can be exploited and repurposed for both good and evil. I want to keep some of that magic and help people engineer – build great systems that make people’s lives better. I’ve been securing (and breaking) systems, from operating rooms to spaceships, from banks to self-driving cars for over 25 years. The biggest lesson I’ve learned is that if security is not infused from the start, we’re forced to rely on what ought to be our last lines of defense. This list helps you infuse security into your systems.

Adam's book list on application security for builders

Adam Shostack Why did Adam love this book?

Loren’s been contributing to security for over 40 years, and this book captures his hard-won wisdom in a way that’s both humble and accessible. It scales from principles and design approaches to in-depth explanations of exactly how things go wrong and how to avoid those problems. (Also, I was honored to write the foreword.)

By Loren Kohnfelder,

Why should I read it?

1 author picked Designing Secure Software as one of their favorite books, and they share why you should read it.

What is this book about?

Designing Secure Software consolidates Loren Kohnfelder's more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process. The book begins with a discussion of core concepts. The second part, perhaps this book's most important contribution, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written…


Book cover of Security Engineering: A Guide to Building Dependable Distributed Systems

Dominik Merli Author Of Engineering Secure Devices: A Practical Guide for Embedded System Architects and Developers

From my list on embedded system security enthusiasts.

Why am I passionate about this?

I’ve been playing with computers and electronics since childhood. I even supported the people in my village with their computer issues back then. During my studies in electrical engineering, I learned how to solve technical challenges with structured approaches. At this time, I became fascinated by topics like cryptography and embedded system security. The books on this list helped me understand important concepts and practical real-world obstacles. I hope they are also of value to you!

Dominik's book list on embedded system security enthusiasts

Dominik Merli Why did Dominik love this book?

When I take this book off my shelf, the probability that I find the answer I'm looking for is very high. Yes, it's a big book, and I'm pretty sure I haven't read every single page yet, but because of its broad coverage of security engineering knowledge, from crypto to real-world processes, it is an invaluable reference for teaching and practical cyber security.

By Ross Anderson,

Why should I read it?

2 authors picked Security Engineering as one of their favorite books, and they share why you should read it.

What is this book about?

Now that there's software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic

In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.

This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than…


Book cover of 201 Principles of Software Development

Karl Wiegers Author Of Software Development Pearls: Lessons from Fifty Years of Software Experience

From my list on lessons about software development.

Why am I passionate about this?

I first learned to program in college in 1970. Since then I’ve spent much time as a software developer, manager, tester, process improvement leader, consultant, trainer, author, and, of course, a user. I quickly learned that I didn’t have time to make all the mistakes that every software developer before me had already made. My training and writing career has involved sharing what I and others have learned with audiences to help them quickly become more effective software development team members, regardless of their project role. This book distills insights and observations both from my own experience and from what I’ve heard from thousands of students and consulting clients.

Karl's book list on lessons about software development

Karl Wiegers Why did Karl love this book?

Many of the most significant principles of effective software development are timeless. They’re independent of the development life cycle or model, programming language, application type, and so forth. Although this book is quite a few years old now, nearly all of its contents are still valid. The 201 principles cover the full spectrum of software engineering: general principles, requirements engineering, design, coding, testing, management, product assurance, and evolution. The descriptions of each principle are concise, whereas my 60 lessons in Software Development Pearls go into a great deal more detail and offer many practical techniques.

There’s an unfortunate tendency among young software people to disregard knowledge from the past as irrelevant to them. That’s not correct. This book can help close significant gaps in any practicing software developer’s knowledge.

By Alan M. Davis,

Why should I read it?

1 author picked 201 Principles of Software Development as one of their favorite books, and they share why you should read it.

What is this book about?

This text defines governing principles for software development, assumptions that work regardless of tools used, to keep software projects from costing too much, taking too long and disappointing users.


Book cover of Code Complete: A Practical Handbook of Software Construction

Rod Stephens Author Of Beginning Software Engineering

From my list on making you a better software developer.

Why am I passionate about this?

During my career, I’ve worked on projects large and small (1 - 60+ people) in a wide variety of fields (like repair dispatch, ticket sales, and professional football coaching--the NFL kind not the FIFA kind). All of them, and particularly the big ones, were like antique clocks: they had lots of moving pieces and if any piece broke, the whole thing wouldn’t work. (Unfortunately, failed software projects don’t look nice on your mantelpiece.) In this list, I’ve tried to pick some books that you might not discover if you look only for programming books. Read those, too, but don’t ignore the more human-oriented dimensions of software development. Hopefully you’ll find these choices interesting and useful.

Rod's book list on making you a better software developer

Rod Stephens Why did Rod love this book?

Software engineering involves several phases such as requirements gathering, design, programming, testing, and deployment.

This book explains techniques that allow you to build quality and robustness into every phase of the process. It discusses design, classes, defensive programming, collaboration, refactoring, and more.

The book uses many examples in an assortment of languages but the concepts apply to any programming language. In fact, the main themes like building error detection into every step of the process generalize to even non-programming parts of the development process.

If you’re an experienced developer, you may have discovered some of this book’s ideas elsewhere or even on your own, but you only need to pick up one or two new tidbits to make the book worthwhile.

By Steve McConnell,

Why should I read it?

1 author picked Code Complete as one of their favorite books, and they share why you should read it.

What is this book about?

Widely considered one of the best practical guides to programming, Steve McConnell's original CODE COMPLETE has been helping developers write better software for more than a decade. Now this classic book has been fully updated and revised with leading-edge practices-and hundreds of new code samples-illustrating the art and science of software construction. Capturing the body of knowledge available from research, academia, and everyday commercial practice, McConnell synthesizes the most effective techniques and must-know principles into clear, pragmatic guidance. No matter what your experience level, development environment, or project size, this book will inform and stimulate your thinking-and help you build…


Book cover of Domain-Driven Design: Tackling Complexity in the Heart of Software

Alexander Granin Author Of Functional Design and Architecture

From my list on domain modeling.

Why am I passionate about this?

If someone had told me during my early professional years that I would become a strong advocate for functional programming and the author of a fundamental book on functional software engineering, I would have found it hard to believe. Was functional programming truly worth dedicating my life to? However, once I experienced the sheer beauty of functional programming, there was no turning back. I delved deep into Haskell and functional C++, and began writing articles, giving talks, and developing various technologies. I realized that I possessed a truly unique perspective on approaching software engineering in functional languages, and that there was a significant knowledge gap that needed to be filled for the benefit of all.

Alexander's book list on domain modeling

Alexander Granin Why did Alexander love this book?

My journey in the world of software development has been arduous and challenging.

One of the common struggles we all face is the overwhelming number of solutions available, making it impossible to fully grasp everything at a deep level.

Just when I thought I had mastered an approach and felt competent in it, a new shiny approach would emerge, demanding my immediate attention. It often felt like a never-ending race to keep up with the ever-evolving field.

This constant pursuit of staying relevant as a software engineer can be frustrating, as it feels like we are always lagging behind the rapidly advancing world. I discovered that knowledge of specific technologies, frameworks, or libraries does not easily transfer across different technology stacks. They are too specific and lack universality. It was then that I turned my focus to more general principles of software engineering.

I realized that there are fundamental engineering…

By Eric Evans,

Why should I read it?

2 authors picked Domain-Driven Design as one of their favorite books, and they share why you should read it.

What is this book about?

Incorporate effective domain modeling into the software development process

Software design thought leader and founder of Domain Language, Eric Evans, provides a systematic approach to domain-driven design, presenting an extensive set of design best practices, experience-based techniques, and fundamental principles that facilitate the development of software projects facing complex domains. Intertwining system design and development practice, this book incorporates numerous examples based on actual projects to illustrate the application of domain-driven design to real-world software modeling and development.

Domain Model: Part I outlines the goals of domain-driven development, defines terms, and gives an overview of the implications of using the…


5 book lists we think you will like!

Interested in computer security, software, and software engineering?

Software 61 books