The book Designing Secure Software: a guide for developers took nearly two years from finding a publisher to publication. These posts tell part of my experience developing the book and writing it. Writing a book is the ideal project for riding out a pandemic.

Scope of the book

One big learning for me from writing a book on software security is realizing the importance of context to security. There was a constant challenge of discovering the right scope — what needs adding, and what can be cut to keep it concise. [Read More]

Root causes

Each time a high-profile software security bug is reported, I wonder how this happened yet again. I don’t expect vulnerabilities to approach zero any time soon, but still I’d like to know how this keeps happening over and over, so we can do better. [Read More]

Statement of Intention

I believe that we can do so much better at delivering more secure software, and my book explains how we could do that. [Read More]

Announcement

I’m proud to announce my new software security book, Designing Secure Software: A Guide for Developers. I wanted to create something a little different: broadly readable rather than expert targeted, general approaches over specific details, all based on direct personal experience. [Read More]
promo 

Coming Soon

Awaiting the release of any book requires patience, but this year amidst numerous supply chain challenges it’s particularly uncertain. The original October target date is almost here, but I can report that the publisher hopes to have copies of the print edition for sale in early November – about a month ahead of general release now set for December 2021. [Read More]
promo 

Complete Mediation in Sci-Fi

In the book Project Hail Mary by Andy Weir, there is a short scene (on page 339) that features a very clear example of failure to implement Complete Mediation (one of the secure design patterns described in Chapter 4 of my book). [Read More]

Complete book proof review

This week I reviewed the complete book PDF, checking that previous changes were successfully made by the compositor. With luck that should be make it final. [Read More]