Secure Programming with Static Analysis

[gem at cigital.com (Gary McGraw)]

Both good ideas.   Feel free to ping your friends and enemies with the URL.

I would like to see an in depth book on each of the touchpoints.   So far, the chess/west book covers code review.  My 
next choice would be a book on architectural risk analysis.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com



Sent from my treo.

 -----Original Message-----
From:   McGovern, James F (HTSC, IT) [mailto:James.McGovern at thehartford.com]
Sent:   Monday, July 09, 2007 03:00 PM Eastern Standard Time
To:     sc-l at securecoding.org
Subject:        Re: [SC-L] Secure Programming with Static Analysis

If you are seeking additional book ideas for this series, may I suggest
posting to computerbookauthors at yahoogroups.com?

There are two books that I would love to see:

- Designing Secure Software - Not everything is about the code
- Procuring Secure Software - Most enterprises nowadays buy software vs
build it


-----Original Message-----
From: sc-l-bounces at securecoding.org
[mailto:sc-l-bounces at securecoding.org] On Behalf Of Gary McGraw
Sent: Thursday, July 05, 2007 9:01 AM
To: 'Brian Chess'; 'sc-l at securecoding.org'
Subject: Re: [SC-L] Secure Programming with Static Analysis

Hi sc-l,

I have read this awesome book (more than once) and can vouch for it.  It
is an important part of the addison-wesley software security series, the
series that includes:
Software Security www.swsec.com
Rootkits
Exploiting Software
Building Secure Software
(and any day now Exploiting Online Games)

For more on the series, see www.buildingsecurityin.com.  We are always
on the lookout for more titles for the series, especially if they dive
deeply into one of the seven touchpoints, so if you have a book idea
please let me know.

Meanwhile, click on this link and buy Brian and Jacob's book:
http://www.amazon.com/dp/0321424778

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com



*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************


_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________