Reading
Room
From time to time, we publish or post information (e.g.,
articles, papers, opinion-editorials) that we feel is of
general security interest to our clients. This page will
serve as a pointer/repository of that sort of information.
Columns
Ken publishes monthly columns on for Jupiter Media's
on-line IT Security news portal, eSecurityPlanet.
We've stopped listing those here, but you can always
get them on the eSecurityPlanet site directly.
Articles
Here's a few pointers to various articles published by Ken
and some of our Associates.
September 2006 - Essential Factors for Successful
Software Security Awareness Training
In this IEEE Security & Privacy article
on software security training, Ken and co-author John
Steven explore training programs and recommend how to
implement a successful curriculum.
June 2004 - Using CachedRowSet to Transfer JDBC Results
Between Classes
In this article on O'Reilly's OnJava
site, Research Associate Sean Eidemiller discusses
a useful new feature of the JDBC API in Java that are
available in J2SE 1.5 (and presumably J2EE as well).
Bibliography and Links
With the grateful permission of our publisher, O'Reilly and
Associates, Ken and co-author Mark Graff have posted the
complete bibliography of Secure Coding as a free public
resource. It contains all of the information sources that
were gathered in researching Secure Coding along with
up-to-date links to each resource, where available and
applicable. Further, new information and links are added as
new resource are discovered. The complete bibliography is
available via the Secure Coding companion web site.
KRvW Books
Ken has co-authored two O'Reilly & Associates books,
Incident Response: Planning and Management and
Secure Coding: Principles and Practices together
with Rick Forno and Mark Graff, respectively. Although
Incident Response is out of print, Secure
Coding continues to be available via Amazon, Barnes
and Noble, etc. Additional information on each book can be
found on their web sites at http://www.incidentresponse.com
and http://www.securecoding.org. Signed copies are
available directly from us upon request.