Secure Coding mailing list archives
Secure Programming with Static Analysis
From: gem at cigital.com (Gary McGraw)
Date: Thu, 5 Jul 2007 09:01:08 -0400
Hi sc-l, I have read this awesome book (more than once) and can vouch for it. It is an important part of the addison-wesley software security series, the series that includes: Software Security www.swsec.com Rootkits Exploiting Software Building Secure Software (and any day now Exploiting Online Games) For more on the series, see www.buildingsecurityin.com. We are always on the lookout for more titles for the series, especially if they dive deeply into one of the seven touchpoints, so if you have a book idea please let me know. Meanwhile, click on this link and buy Brian and Jacob's book: http://www.amazon.com/dp/0321424778 gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com Sent from my treo. -----Original Message----- From: Brian Chess [mailto:brian at fortifysoftware.com] Sent: Thursday, July 05, 2007 06:11 AM Eastern Standard Time To: sc-l at securecoding.org Subject: [SC-L] Secure Programming with Static Analysis Jacob West and I are proud to announce that our book, Secure Programming with Static Analysis, is now available. http://www.amazon.com/dp/0321424778 The book covers a lot of ground. * It explains why static source code analysis is a critical part of a secure development process. * It shows how static analysis tools work, what makes one tool better than another, and how to integrate static analysis into the SDLC. * It details a tremendous number of vulnerability categories, using real-world examples from programs such as Sendmail, Tomcat, Adobe Acrobat, Mac OSX, and dozens of others. We'd like to thank the many members of the sc-l list who helped us out with the book in one way or another, including: Pravir Chandra Gary McGraw Katrina O'Neil John Steven Ken van Wyk Regards, Brian and Jacob _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
Current thread:
- Secure Programming with Static Analysis Brian Chess (Jul 04)
- <Possible follow-ups>
- Secure Programming with Static Analysis Gary McGraw (Jul 05)
- Secure Programming with Static Analysis McGovern, James F (HTSC, IT) (Jul 09)
- Secure Programming with Static Analysis Julie Ryan (Jul 09)
- Secure Programming with Static Analysis McGovern, James F (HTSC, IT) (Jul 09)
- Secure Programming with Static Analysis Gary McGraw (Jul 09)