Secure Coding mailing list archives
Secure Programming with Static Analysis
From: brian at fortifysoftware.com (Brian Chess)
Date: Wed, 04 Jul 2007 20:30:14 -0700
Jacob West and I are proud to announce that our book, Secure Programming
with Static Analysis, is now available.
http://www.amazon.com/dp/0321424778
The book covers a lot of ground.
* It explains why static source code analysis is a critical part of a secure
development process.
* It shows how static analysis tools work, what makes one tool better than
another, and how to integrate static analysis into the SDLC.
* It details a tremendous number of vulnerability categories, using
real-world examples from programs such as Sendmail, Tomcat, Adobe Acrobat,
Mac OSX, and dozens of others.
We'd like to thank the many members of the sc-l list who helped us out with
the book in one way or another, including:
Pravir Chandra
Gary McGraw
Katrina O'Neil
John Steven
Ken van Wyk
Regards,
Brian and Jacob
Current thread:
- Secure Programming with Static Analysis Brian Chess (Jul 04)
- <Possible follow-ups>
- Secure Programming with Static Analysis Gary McGraw (Jul 05)
- Secure Programming with Static Analysis McGovern, James F (HTSC, IT) (Jul 09)
- Secure Programming with Static Analysis Julie Ryan (Jul 09)
- Secure Programming with Static Analysis McGovern, James F (HTSC, IT) (Jul 09)
- Secure Programming with Static Analysis Gary McGraw (Jul 09)