[SC-L] Secure Programming with Static Analysis
Brian Chess
brian at fortifysoftware.com
Wed Jul 4 23:30:14 EDT 2007
Jacob West and I are proud to announce that our book, Secure Programming
with Static Analysis, is now available.
http://www.amazon.com/dp/0321424778
The book covers a lot of ground.
* It explains why static source code analysis is a critical part of a secure
development process.
* It shows how static analysis tools work, what makes one tool better than
another, and how to integrate static analysis into the SDLC.
* It details a tremendous number of vulnerability categories, using
real-world examples from programs such as Sendmail, Tomcat, Adobe Acrobat,
Mac OSX, and dozens of others.
We'd like to thank the many members of the sc-l list who helped us out with
the book in one way or another, including:
Pravir Chandra
Gary McGraw
Katrina O'Neil
John Steven
Ken van Wyk
Regards,
Brian and Jacob
More information about the SC-L
mailing list