People need to understand that developing secure code goes beyond learning about buffer overflows. Roger Needlum and Ross Anderson coined the right phrase in one of their papers about "programming Satan's computer". Designing secure code is a discipline in building dependable systems that can withstand error, malice and abuse. The weakest link in security is the human factor... and most developer's write code on how it is expected to run, rather than accounting for the problems that will persist. It may have thought to be absurb to write code to prevent avionics from allowing planes to go through buildings... but now it is a consideration in some command and control systems. Yet simple stack smashing and overflows have existed for over 20 years and still are created today. Those who ignore history are deemed to repeat it.
If you are a developer... it should be a MUST read to get Security Engineering from Ross Anderson. Now that I think about it I should do a book review on it.
In it, he goes into depth to learn how systems have failed, and how to write better code with security in mind. Moreover, he covers most aspects in security engineering that as a developer you may not consider. Get it. It is worth the read. It is the responsibility of every developer to consider security. This book covers many topics ranging from E-Commerce to Nuclear Defense systems. Did I say yet you should read this book? Read this book
Slashdot Mirror
If you are a developer... it should be a MUST read to get Security Engineering from Ross Anderson. Now that I think about it I should do a book review on it.
In it, he goes into depth to learn how systems have failed, and how to write better code with security in mind. Moreover, he covers most aspects in security engineering that as a developer you may not consider. Get it. It is worth the read. It is the responsibility of every developer to consider security. This book covers many topics ranging from E-Commerce to Nuclear Defense systems. Did I say yet you should read this book? Read this book