Building Secure Software

%A John Viega
%A Gary McGraw
%B Building Secure Software: How to Avoid Security Problems the Right Way
%I Addison Wesley Professional
%D September 24, 2001
%P 528pp
%G ISBN 0-2017-2152-X

John Viega is the original programmer behind Mailman, the GNU Mailing List Manager. Other projects he is known for are RATS and ITS4, two software security scanners for C and C++, Python, Perl and PHP. Gary McGraw is mostly known for his books on Java security and for his work with Jeffrey Voas on Software Fault Injection. During 2000 they co-authored a series of papers on security for IBM Developer Works. See this one for an example. This book is an extension of that collaboration.

In case you haven't got Applied Cryptography handy, the book also includes an appendix explaining the basics of modern cryptography.

Overall I recommend this book highly. It tries hard to be the one stop guide for security programming, much as Applied Cryptography was the one-stop-guide for crypto or Nelson and Gailly's book was the definite guide on compression. The only reason they don't succeed completely is because of the clear UNIX slant of the book. Highly recommended, but if you're into Windows programming I recommend supplementing it with a copy of Writing Secure Code.