Book cover art

Designing Secure Software consolidates more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process.

The book begins with a discussion of core concepts, covering trust, threats, mitigation, secure design patterns, and cryptography. The second part, perhaps this book’s most unique and important contribution to the field, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written in C and Python to illustrate implementation vulnerabilities.

You’ll learn how to:

  • Identify important assets, the attack surface, and the trust boundaries in a system
  • Evaluate the effectiveness of various threat mitigation candidates
  • Work with well-known mitigations and secure design patterns
  • Understand and prevent vulnerabilities like XSS and CSRF, memory flaws, and more
  • Use security testing to proactively identify vulnerabilities introduced into code
  • Review a software design for security flaws effectively and without judgment

Overview of this companion website

  • References to sources and supplementary information by chapter.

  • Contents of the book as an annotated table of contents listing the major topics covered in each chapter

  • Errata for corrections following publication

  • Frequently Asked Questions

  • The author’s blog with updates and posts about writing and the publishing process.


At last, print copies of my book Designing Secure Software: A Guide for Developers are now in stock, but only from the publisher. [Read More]

References links checking

While writing this book I curated a list of web references for sources of material or details beyond what made sense to incorporate in the text. [Read More]

Vulnerabilities are Mistakes

Spilled coffee beans, breaking the sound barrier, and software security The Right Stuff is Tom Wolfe’s popular history of the US astronaut program, and it begins by recounting the early effort to break the sound barrier which involved such frequent crashes that there were weekly funerals for test pilots. [Read More]

Best Software Security Books of All Time

I was surprised to see that my book, “Designing Secure Software: A Guide for Developers”, made it to BookAuthority’s Best Software Security Books of All Time … especially since the first copies are still being printed and not yet shipping! [Read More]

Scope of the book

One big learning for me from writing a book on software security is realizing the importance of context to security. There was a constant challenge of discovering the right scope — what needs adding, and what can be cut to keep it concise. [Read More]

Root causes

Each time a high-profile software security bug is reported, I wonder how this happened yet again. I don’t expect vulnerabilities to approach zero any time soon, but still I’d like to know how this keeps happening over and over, so we can do better. [Read More]

Statement of Intention

I believe that we can do so much better at delivering more secure software, and my book explains how we could do that. [Read More]