The book Designing Secure Software: a guide for developers took nearly two years from finding a publisher to publication. These posts tell part of my experience developing the book and writing it. Writing a book is the ideal project for riding out a pandemic.

Learning from Log4j

With Log4j very much in the news, if I could update my new book by magic it would make a terrific real world example to write about because it ties together a number of topics in the book. [Read More]

A Wicked Problem

A wicked problem is one that is difficult to even clearly describe because of its diffuse and interconnected nature, and this is a useful lens to view software security. [Read More]


At last, print copies of my book Designing Secure Software: A Guide for Developers are now in stock, but only from the publisher. [Read More]

References links checking

While writing this book I curated a list of web references for sources of material or details beyond what made sense to incorporate in the text. [Read More]

Vulnerabilities are Mistakes

Spilled coffee beans, breaking the sound barrier, and software security The Right Stuff is Tom Wolfe’s popular history of the US astronaut program, and it begins by recounting the early effort to break the sound barrier which involved such frequent crashes that there were weekly funerals for test pilots. [Read More]

Best Software Security Books of All Time

I was surprised to see that my book, “Designing Secure Software: A Guide for Developers”, made it to BookAuthority’s Best Software Security Books of All Time … especially since the first copies are still being printed and not yet shipping! [Read More]

Scope of the book

One big learning for me from writing a book on software security is realizing the importance of context to security. There was a constant challenge of discovering the right scope — what needs adding, and what can be cut to keep it concise. [Read More]