Sunday, February 29, 2004 5:56 AM bart

Writing Secure Code

Finally found the time to finish my first reading of Writing Secure Code - Second Edition by Michael Howard and David LeBlanc. Great eye-opening book and a real recommendation for developers who want to know everything about security in (network-based) apps. I think this book is one of the proofs that Microsoft is really devoted to deliver products and technologies that are very secure (by default) in the context of "Trusthworthy Computing". Most of the code is in C++ - one of my favorite languages in fact - but everything you learn from those things can be used in many fields which are development-related: what kind of attacks exist?, how are those exploited by attackers?, what really is malicious code?, etc. Don't worry if you're not a C++-nerd or a hardcore developer, this book can be read by anyone who is involved in the development process of an application in some way.

More info can be found on http://www.microsoft.com/mspress/books/5957.asp. The book costs about $49.99, which is really nothing in comparison with the huge cost of unsecure software (patches, management of apps, etc). Did you know what the cost is of one single security fix that requires a security bulletin? The answer is on page 11 in the book :-) About $100,000, that 10^5 indeed (no spelling mistake)!!!. Be sure to check this out!

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Filed under:

Comments

No Comments