The book Designing Secure Software: a guide for developers took nearly two years from finding a publisher to publication. These posts tell part of my experience developing the book and writing it. Writing a book is the ideal project for riding out a pandemic.
I was surprised to see that my book, “Designing Secure Software: A Guide for Developers”, made it to BookAuthority’s Best Software Security Books of All Time … especially since the first copies are still being printed and not yet shipping!
[Read More]
Scope of the book
One big learning for me from writing a book on software security is realizing the importance of context to security. There was a constant challenge of discovering the right scope — what needs adding, and what can be cut to keep it concise.
[Read More]
Root causes
Each time a high-profile software security bug is reported, I wonder how this happened yet again. I don’t expect vulnerabilities to approach zero any time soon, but still I’d like to know how this keeps happening over and over, so we can do better.
[Read More]
Statement of Intention
I believe that we can do so much better at delivering more secure software, and my book explains how we could do that.
[Read More]
Announcement
I’m proud to announce my new software security book, Designing Secure Software: A Guide for Developers. I wanted to create something a little different: broadly readable rather than expert targeted, general approaches over specific details, all based on direct personal experience.
[Read More]
Coming Soon
Awaiting the release of any book requires patience, but this year amidst numerous supply chain challenges it’s particularly uncertain.
The original October target date is almost here, but I can report that the publisher hopes to have copies of the print edition for sale in early November – about a month ahead of general release now set for December 2021.
[Read More]
Complete Mediation in Sci-Fi
In the book Project Hail Mary by Andy Weir, there is a short scene (on page 339) that features a very clear example of failure to implement Complete Mediation (one of the secure design patterns described in Chapter 4 of my book).
[Read More]