Secure Coding mailing list archives
FW: Good Magazines and Books
From: jepstein at webmethods.com (Jeremy Epstein)
Date: Wed, 31 Jan 2007 11:39:14 -0500
Having lurked on this list for a while, I'll chime in. The answer depends on what you're trying to learn. If your goal is latest thinking, concepts, etc., I agree with GEM that IEEE S&P is best. If you want to know about the latest products, what's going on in the market, try Information Security magazine (infosecuritymag.techtarget.com). If you want to know what CSOs are worrying about (not just computer/network security, but also physical security, personnel security, etc.) see CSO Magazine (www.csoonline.com). I'm sure there are other "bests" depending on what your goal is. So the answer is: it depends. As for books (the second part of the question), again, it depends on what you're interested in. As a selection, I like Ross Anderson's "Security Engineering" as a basic text that covers a bit of everything, and Matt Bishop's text is encyclopedic. Of course GEM's books are excellent choices for understanding software aspects of security. Chris Wysopal's new testing book is excellent. And Ken van Wyk has a great handbook on secure coding practices. [Kudos to GEM, Chris, and Ken for not flogging their own books - since I don't have a book, I'll feel free to flog theirs.] There are many other great books, but you've got to narrow the topic a bit! --Jeremy
Current thread:
- Good Magazines and Books KT (Jan 30)
- <Possible follow-ups>
- Good Magazines and Books SC-L Subscriber Dave Aronson (Jan 30)
- Meeting at RSA next week? KT (Feb 02)
- Meeting at RSA next week? bugtraq at cgisecurity.net (Feb 02)
- Meeting at RSA next week? KT (Feb 02)
- FW: Good Magazines and Books Gary McGraw (Jan 31)
- FW: Good Magazines and Books Jeremy Epstein (Jan 31)